|IN THIS ISSUE|
|Wednesday, August, 1, 2012|
|Cyber Beyond Security|
|Tags: Cyber Security|
|Posted By J.S. Hurley, PhD, Professor with Department of Information Strategies, National Defense University iCollege,|
The role of a federal chief information officer (CIO) demands a variety of evolving skills to address the critical needs and requirements of the job. The concept of “cyber” has become one of the most dominant topics inside and outside of the federal government, but usually has been viewed exclusively through the narrow lens of security. Critical data and information management issues require a much broader view if any appreciable success is to be realized. To gain this view, the following topics should be included within any candid discussion on cyber: governance, law, technology, conflict, qualified workforce, market forces, and financial awareness. What’s more, some lessons learned from the success of the military show that a focus solely on security and aggression does not guarantee success.
Cyber, the new “axis” in which we now engage, is far different from the familiar domains (air, land, or sea). It is much more complex and dynamic, and thus must be approached from a different and comprehensive perspective. Cyber is defined as: “a global domain within the information environment, whose distinctive and unique character is framed by the use of electronics and the electromagnetic spectrum to create, store, modify, exchange and exploit via interdependent and interconnected networks using information-communications technologies” [1, 2]. Unlike previous domains where military force, manpower, and technology were the keys to success, in cyber, the ability to manage and manipulate information is what drives dominance.
The recent advancements in computing and information technologies have moved the concept of cyber into the public consciousness much faster than anticipated, creating challenges, least of which is managing the expectations of an anxious public interested in demanding non-stop access to information. For example, high-speed networks have largely contributed to the global connectivity of the desktop; the World Wide Web provides a mechanism for the global sharing of content; mobile devices provide a transportable platform that enables almost anytime, anywhere access to information; and Wi-Fi enables almost ubiquitous connectivity for mobile devices. The technologies have virtually made data access (and unfortunately security vulnerabilities) immediately available to users. CIOs must now be more diligent in balancing between data access and data protection.
CIOs are primarily responsible for facilitating the “seamless” flow of information for their organizations’ stakeholders (governance, technology). As the “caretaker of information” within federal agencies, CIOs are often tasked with the responsibility of protecting, securing, and making data accessible when needed at the appropriate and authorized levels (security, governance, market forces, financial awareness, law, technology, and workforce). One of the most challenging responsibilities of CIOs is to move their stakeholders from a prevailing self-serving localized IT resource focus to a more enterprise-wide shared view. At times the need to transition between the cultures puts management in direct odds with its users who do not want to give up ownership of ‘their” resources. However, to be successful, CIOs must influence entrenched views of ownership while re-shaping the culture to optimize the availability of IT resources. Steven VanRoekel, Federal CIO, has made serious inroads into to addressing this issue through a new government-wide initiative known as “shared-first” . This initiative has the potential to move federal agencies forward in a way often discussed but rarely realized. VanRoekel has proposed the “idea that agencies must look to others when buying technology or upgrading systems before going off on their own.” In this way, agencies can truly move toward a common, “shared IT infrastructure” from top to bottom.
Lessons from DoD and Challenges
Information operations (IO), a cornerstone within military strategy, have shown success in influencing opposing views and shaping its operations environment (the battlefield). Much can be learned from IO’s success and there are some potential parallels that may benefit CIOs in their quest to influence and shift their user communities toward a common and more beneficial paradigm. Past military campaigns (e.g., the wars in Iraq and Afghanistan) have shown clearly that words and actions can be more important in obtaining strategic objectives than weapons. Without the support of the local community, the ability to attain peaceful governance, increase security capacity and end the threat of violent extremism is unattainable . There has been progress made over the last decade in IO within the military, in areas such as codifying new definitions of IO, realigning functional areas, or restructuring organizations. Although the results have been impressive, there is still much to be done, including the need to institutionalize efforts within its environment (governance) . Very similar parallels reveal themselves in the obstacles for CIOs as they seek to institutionalize efforts across federal agencies. Unfortunately, there are still silos of IT operations within federal agencies that prevent us from obtaining a true enterprise-wide environment that is better suited for the majority of its stakeholders.
Another challenge is lean budgets. The current and projected short-term fiscal state presents some of the most significant challenges or opportunities faced in a long time (financial awareness, market forces, and qualified workforce). Whether, one views them as challenges or opportunities depend strongly on the point of view. Surely, there will be budget constraints that can require organizations to reduce scope of their previous plans. This, however, can also be an opportunity to truly re-assess whether a proposed direction is indeed the right course of action. The information-related capabilities (IRCs) within both military and government domains will absorb substantial financial cuts [5-7]. Technology, a great enabler, will be called on to do more due to its ability to cut costs and time through automation. The looming fiscal crisis will force us to do business very differently, including the following two items:
Information has finally been recognized as a truly undeniable segment of power. How this power is wielded is critical in terms of how effective federal government agencies are in general, and how CIOs, in particular, meet their fundamental missions and priorities.
Cyber must be viewed from a very broad and comprehensive context simply because of the vast length of its reach within the critical segments of our society. For obvious reasons, security is an incredibly important piece of the major puzzle, because the protection of our privacy is as much a “self-evident truth” as any other right that is embraced by our society. However, a focus solely on security does not bring about the desired results. Only through a comprehensive approach that utilizes other topics, as illustrated by the U.S. military, can we hope to achieve targeted objectives.
The views expressed in this article are those of the author and do not reflect the official policy or position of the National Defense University, the Department of Defense or the U.S. government.
 The Case for a National Information Strategy, Dan Kuehl and Dennis Murphy (private communication);
 From Cyberspace to Cyberpower: Defining the Problem, D. Kuehl, p. 3 -23, “Cyberpower and National Security, 1st Ed.: F.D. Kramer, S.H. Starr, and L.K. Wentz, NDU Press, 1st Ed, 2009;
 “More than Just Words- Effects Based Strategic Communication “, D.R. Fucito, IOSphere, June 2011, p. 28.
 Information Operations in an Age of Shrinking Budgets: Crisis or Opportunity, John Shanahan, p. 2, 3. IOSphere, December 2011.
 Information Operations Primer: Fundamentals of Information Operations, U.S. Army War College Department of military Strategy, Planning, and Operations & Center for Strategic Leadership, November 2011.
 Shifting Fire: Information Effects in Counterinsurgency & Stability Operations A Workshop Report, Center for Strategic Leadership, U.S. Army War College and The Advanced Network Research Group, University of Cambridge.