Five Eye Defense CIOs Share Common Path In Embracing Technology While Improving their Cybersecurity

At the October 2021 Billington Cybersecurity Conference, Five Eye CIOs highlighted their shared commitment to master technology in order to stay ahead of a changing digital landscape. Former Deputy CIO for DOD and now Leidos’ Tom Michelli moderated an esteemed panel which included US DOD Deputy CIO, Dave McKeown, Len Bastion, CIO for the Canadian Department of Defense (DOD), and UK Ministry of Defense (MOD) CIO, Charlie Forte. Mr. Michelli started the conversation with a historic overview of the Five Eyes Allied partnership starting in 1941 and highlighting how the respective Defense CIO community has been meeting regularly since 2015 to discuss areas of mutual interest as it relates to technology and information sharing. The discussion revealed a clear drive by each countries’ defense forces to modernize their respective organizations’ use of digital technology, to change their cultural framework towards a continual verification of legitimate data access from anywhere, and a recognition that doing these things together would make all of them stronger.

Mr. Forte kick-started the conversation by providing an overview of the UK’s twofold strategy to accomplish this new effort. First, he highlighted the MOD’s push towards leveraging cloud technology, AI/ML developments, and new cybersecurity tools such as multi factor authentication, collection sensors, and data analytics. Second, he focused on MOD efforts to figure out new ways of how to better enable their organization’s use of this technology, a skilled workforce, and newly developed processes to use and exploit shared data to keep the UK military ahead of adversaries both offensively and defensively. He pointed out that the MOD recognized this effort was going to take some time and that they could not do this alone; thus a big part of the effort was better engagement with both industry and allied partners.

Mr. Bastion highlighted that Canadian DOD shared many of the same goals as the UK MOD, but was earlier in the process in terms of development. He pointed towards major successes in moving his organization to the cloud as a great first step in improving sharing while shoring up cyber defense while also acknowledging that his organization was just starting to figure out how to best use AI/ML as part of this effort. Mr. Bastion also offered an excellent observation about how changing processes and regulations had been a surprisingly difficult and time-consuming effort but an important step in the transformation process nonetheless. He provided some great examples–such as the need for a digital approval process– that underscored how important it was to change regulations at the same time as embracing new technology to best move forward. Mr. Bastion also highlighted how decades long allied agreements would also need to change given the new digital environment and adversaries figuring out how to leverage it. He used NORAD as an example of how the digital landscape has changed the physical security requirements and re-emphasized the need for allies to ensure that any new transformation should be done in tandem; again reiterating a continual conference theme that the whole is stronger than its parts.

Mr. McKeown emphasized how the US DOD has been on this digital conversion path for several years, that the Department was focused on now moving towards a more secure joint environment that would embrace a continual user verification process operating from anywhere model, use AI/ML tools to maximize shared data for both offensive and defensive purposes, and build a stronger trust between DOD and their large defense industrial base. He also emphasized the Department’s efforts to better retrofit important but legacy weapons systems with stronger cybersecurity and a focused effort to ensure strong cryptographic communication as the threat environment changed.

The group clearly articulated that the Five Eye Defense Organizations were moving in the same shared direction, that they recognized the need to do so collectively and in step to make each stronger, and that the goal was not to build better walls around their organizations but to embrace technology to allow them to both leverage and protect data more effectively. Each highlighted the need to find ways to securely move across multiple domains–some of them controlled by their organizations and some of them not–focus on better using data to achieve their goals, and building more trustworthy impactful relationships with the private sector, with their allies, and between their respective organizations. Overall, the panel provided a consistent message heard throughout the conference to embrace a new digital access/use framework and do it with unity of purpose to make everyone stronger.