Pentagon Chief Sees Problems With Cybersecurity Market

From left: Commerce Secretary Penny Pritzker, Defense Secretary Ashton Carter, and Homeland Security Secretary Jeh Johnson at a joint press conference May 11.

SANTA CLARA, California – The private sector in the United States is underinvesting in network protection and hindering the growth of the cybersecurity market, Secretary of Defense Ashton Carter told reporters on May 11.

The Pentagon chief expressed his concerns after conferring with other government officials and members of the commercial technology industry during a meeting of the President’s National Security Telecommunications Advisory Committee. The confab took place at Intel’s corporate headquarters in Santa Clara, California, in the heart of Silicon Valley.

“Companies aren’t buying enough” encryption and other cyber defenses, Carter said during a joint press conference with Commerce Secretary Penny Pritzker and Homeland Security Secretary Jeh Johnson. “You can have all the innovative companies in the world, but if nobody is buying their products that’s going to be a problem.”

The Defense Department plans to spend $35 billion over the next five years on cyber capabilities. While the Pentagon represents “a big market” for cybersecurity firms, private sector demand is smaller than it should be, Carter said.

“Globally, the market for cybersecurity that should exist doesn’t yet exist,” he said.

Pritzker noted that the vast majority of critical digital infrastructure in the United States is owned and operated by the private sector. High-profile hacks against the financial and entertainment sectors by Iran and North Korea are just some examples of the threats posed by malicious actors, she noted.

“Today our entire economy rests on the back of the digital infrastructure,” she said. “So it’s extremely important that we have strong encryption.”

Johnson voiced support for more private sector investment in encryption technology, while also expressing concern that it could potentially thwart law enforcement.

The controversy surrounding government efforts to circumvent commercial encryption capabilities continues to simmer in the wake of the FBI’s aborted effort to force Apple to help officials break into a password-protected iPhone used by one of the suspected San Bernardino shooters.

“With strong encryption it becomes harder to detect criminal activity,” including communications related to criminal activity, Johnson said. “I think we’re all interested in finding the right solution that accommodates both strong encryption and enables us to track crime and to track potential terrorist plots. … A lot of us are working very hard on this issue and I think that it is something that is solvable in a cooperative way” with industry.

Carter said encryption and other tools will be critical in thwarting adversaries that possess offensive cyber weapons similar to those being employed by the U.S. military against the Islamic State. The Defense Department will continue to carry out cyber attacks to degrade the group’s command-and-control and communications, he noted.

“These are capabilities that others have, and therefore one has to assume … that people can use cyber tools against our networks … including the networks that our military depends upon,” he said.

“We’re not using anything that is unique or distinctive. And therein lies a lesson: we all have to have good cyber defenses as well.”

Topics: Cyber, Cybersecurity, Defense Department, DOD Leadership, DOD Policy, Homeland Security, DHS Leadership, Science and Technology, Infotech, Science and Engineering Technology, Homeland Security