<Back Home

Damn The Hackers, Full Speed Ahead

By The Honorable Thomas B. Modly - Published, January 25, 2019

During the first weeks of his tenure as president of JPMorgan Chase Bank, Jamie Dimon was briefed on the company’s efforts to outsource its information technology and corporate networks. It’s now the stuff of legend how Dimon not only cancelled a $5-billion IT contract, but challenged his people to own information as a proprietary, business-defining function. This strategic perspective has guided IT investment and prioritization for JPMorgan Chase ever since – and Dimon’s philosophy is now considered to be “table stakes” wisdom across the financial services industry. Many other industries have concluded the same: whether outsourced or not, information management is a core strategic function upon which they are entirely dependent.

We in the Department of the Navy must embrace this fundamental truth and understand its implications. Information management, and all that accompanies it, to include cyber security, data strategy and analytics, artificial intelligence, and quantum computing have combined to create massive opportunities, and vulnerabilities, across our entire enterprise. Our traditional approach to IT as merely a cost center – seeking only the lowest price, technically acceptable solutions – is wholly insufficient to meet the challenges of our Information Age.

Similarly, to frame "information" or "cyber" as simply another warfare domain is to fatally misunderstand the ubiquity of information technology in every naval mission area. To put it simply: our ships cannot fight unless their networks are operating, our aircraft cannot land safely unless their fly-by-wire systems are secure, our people cannot get paid if their records are corrupted, our business systems are void unless our financial data has integrity, and our sensing systems cannot help deter and destroy our enemies if they are blinded or deceived.

Recent discoveries of serious data breaches, in both our own networks and those of our suppliers, have rudely awakened us to the relentless nature of our adversaries. The Chinese, Russian, North Korean, and Iranian governments have pursued such criminal advantages for years, if not decades. They understood what we all should have by now: there is not a single thing that we do to defend our nation for which data and information management will not be “core to our business.” We must therefore elevate the management of our digital strategy, information security, and information technology investments to the highest possible level in the Department of the Navy, and urgently prioritize and adequately fund efforts to reduce our vulnerabilities.

Yet mere prioritization is not sufficient. A strategic plan must be developed and led aggressively as part of growing a new "information-cognizant" culture. One critical first step lies in upgrading our own information technology talent across the Department. We cannot allow trendy high-tech firms to chase us from the battleground for critical skills. The private sector's ability to pay more is certainly an obstacle, but we can be much more creative in how we appeal to the ideals of service and purpose – even if that service is only temporary. We should welcome, rather than resist, a new revolving door between industry and the military that strengthens our entire national security ecosystem.

Second, we must clean up our own house with respect to data and information hygiene. We often create our own vulnerabilities through a lack of attention to detail in how we use and protect our digital information. This will require a culture change – a mindset shift from "IT belongs to the IT folks" to "IT is a life-or-death proposition for me." Similarly, we must demand equally high standards from our vendors.

Third, our future investments in information technology must embrace an "enterprise view" – not only to fully leverage our massive buying power, but more importantly, to ensure our systems and data are interoperable, and impervious to penetration and exploitation of "weak links" in networks and information security protocols.

Fourth, we must impose costs on those who to steal our proprietary information. This Administration has taken bold steps to begin to hold our adversaries accountable, and there is much more to do. Each year, thieves penetrate more of our networks and extract more information from them. We have yet to devise an effective deterrent.

Fifth, we must not allow our competitors to overtake us in the fields of artificial intelligence and machine learning. Our research and advancements fueled the technologies that are transforming traditional businesses today, yet some of our adversaries are now predicted to exceed our ability to convert those private-sector capabilities to military applications. In the Department of the Navy, we are coordinating our efforts with the Defense Department to create an intellectual center of gravity for technologies which are increasingly critical to naval lethality, readiness, and reform. This effort to gather our best and brightest to promote networking and better answers for the institution must continue, and expand with urgency.

Sixth, we must ensure our educational institutions are developing leaders who are adept at operating within this emerging dimension of war, leaders who are not just technically proficient but possessed of strategic and agile minds that can adapt and improvise quickly amid tomorrow’s increasingly unpredictable fights.

Jamie Dimon was right – and about far more than financial institutions. Banks, trading firms, and yes, decisive naval force all rely upon expert, secure management of information to overmatch their competitors. Return on investment is surely critical in the business world, yet there is nothing more precious than the lives of the American sons and daughters we send into harm’s way. Our command of the informational commons must be no less a priority than the lethality of our weapons. Without it, the naval force will be unable to deliver what the American taxpayer deserves – and what the mothers and fathers of those who serve the country in uniform on our Navy and Marine Corps team rightfully demand.

This article was originally published by Defense One Jan. 14, 2019 under the title “Shipmates, Information Management Is a Life-or-Death Proposition.” Reprinted with permission.

The Honorable Thomas B. Modly is the 33rd Under Secretary of the Navy.

TAGS: Cybersecurity, Governance, Privacy, Spectrum