Pages

15 February 2023

The military should turn its network innovation upside down

John Ferrari

When it comes to network restrictions, the military may finally be catching up to the times.

The Army’s recent announcement that it’s adopting Gmail, long after many other organizations have done so, could be a sign that the service’s outdated and stovepiped network restrictions may be loosening. But, before declaring victory we should remember that the bureaucracy is working hard to claw back the old way of doing business.

In 2018, the Pentagon banned mobile devices ostensibly from secure areas. However, in reality, the ban was a last ditch attempt to stop the inevitable rise of mobile computing. Overnight, the Pentagon removed laptops with wireless connections because they could not be switched off. This had the effect of driving the entire leadership structure of the department back to the 1990s desktop computing environment.

The banning of mobile devices is part of a broader theme at the Pentagon, where in an effort to create the illusion of reducing network and information risk, the department attempts to hold back the revolution. But, war has the side effect of sobering up risk calculations. In Iraq, Afghanistan, and Syria, military commanders took on bureaucracies and built unprecedented jury-rigged networks to conduct combat operations with allies across commercial networks and systems. The operational flexibility, along with the innovative use of non-program of record commercial systems, far outweighed the risk of compromised information.

Once these wars ended and the innovators redeployed from combat operations, the older network security protocols took hold again, making it nearly impossible for units to tinker with commercial software and hardware to experiment and change how they fight. The war in Ukraine is now the next lab of experimentation and we are finding once again that innovation in war is alive and well when driven by necessity. In this fight, we’re seeing firsthand that communications driven from the bottom-up work just as well as top-down communications on the battlefield.

So, taking this history and these lessons into account, what should the U.S. military be doing?

First, it’s time for the services to take a hard look at themselves and realize that if they can’t keep top talent like former Air Force Chief Software Officer Nicolas Chaillan and the Army’s former Chief Information Officer, Raj Iyer, then something is wrong. In the world of information technology, everyone is not created equal. One superstar is worth a dozen marginal performers since returns are exponential. This is why the truly best make millions of dollars in the private sector. Many, such as these two gentlemen, were willing to give up financial rewards to serve their country. But in return, the Pentagon must let them make reforms at speeds much faster than the bureaucracy moves. In the information space at the department, change should be measured in weeks and months, not years.

Second, the Defense Department should abandon the top-down philosophy that currently permeates Joint All-Domain Command and Control, or JADC2. Instead, it should turn the requirements process upside down and let the operational warfighting commanders make the risk versus reward trade. They can see the benefits of technology on the ground and know better than anyone else at headquarters how it can be used. The Pentagon can assist in this effort by providing encryption capabilities, such as instant messaging system Signal, which reside on commercial phones.

Lastly, the Pentagon should adopt a philosophy of protecting the data rather than protecting the network. For 50 years, the Pentagon manned the perimeter of its network with ever more sophisticated software, most of which is easily overcome by determined adversaries. Once inside the network, as we saw with the hack at the Office of Personnel Management a few years ago, the information is theirs for the taking. Implementing a 180-degree change in security would focus on protecting the information rather than the network. Encrypting the data where it sits and along the route it travels makes it irrelevant to then protect the pipes.

The actual network should be viewed as a space to preserve freedom of maneuver rather than as something to protect.

There are hundreds of innovative companies, some of which such as Google, Space-X, Palantir, and Anduril that are backed by billionaires which can outlast and fight the Pentagon bureaucracy. But most others cannot. That’s why the Pentagon has to take charge and stop depriving our warfighters of the capabilities being exploited in Ukraine through its top-down approach to network innovation. Instead, it should turn its network innovation upside down and let our warfighters decide what risks to take.

No comments:

Post a Comment