Washington, March 3 – As Secretary of Defense Ashton Carter announced the “Hack the Pentagon” program in which vetted outside hackers engage in a cyber “bug bounty” program, Center for a New American Security (CNAS) Technology and National Security Program Director Ben FitzGerald and CNAS Leon E. Panetta Senior Fellow Loren DeJonge Schulman have written a new Press Note, “The ‘Hack the Pentagon’ Project, the Defense Innovation Advisory Board, and the DoD Innovation Agenda.”
The full Press Note is below:
Secretary of Defense Ash Carter has once again used a trip to Silicon Valley to announce new innovation initiatives while meeting with technology entrepreneurs. These initiatives, most notably the announcement of the Defense Innovation Advisory Board, to be led by Alphabet Inc. Chairman Eric Schmidt, and a bug bounty program called Hack the Pentagon, set a new standard for engagement supporting DoD’s innovation agenda.
The bug bounty program in particular – which rewards vetted hackers for identifying vulnerabilities in predetermined DoD systems – shows a willingness on the part of Secretary Carter to push the Pentagon bureaucracy out of its comfort zone in meaningful ways. This initiative, with its potential to cause embarrassment or unintended breaches of critical systems, undoubtedly drew bureaucratic push back in its development. But these are precisely the fears and cultural factors the Secretary needs to incentivize the institutional Pentagon to overcome if his innovation agenda is to take hold. Bug bounty programs have become best practice in the technology world, championed by organizations like Google and Facebook. Implementing a similar program will improve DoD’s security, improve the Department’s information security culture, and demonstrate the worth of early failure in a risk averse institution. The program is a win for the Secretary and the Defense Digital Service.
The exact nature and role of the Defense Innovation Advisory Board remain to be seen. Secretary Carter spoke of this innovation board in a similar context to extant defense boards that provide advice on policy, science, and business. Eric Schmidt is an excellent choice to lead this new board. He is deeply technical and thoughtful on the role and impact of technology in the world and has shown a willingness to engage U.S. government and others in Washington thoughtfully on a host of issues of mutual interest. Schmidt’s appointment also sends a message about the value the technology community can provide to the U.S. government at a time when the FBI’s campaign against encryption risks alienating important allies in that community. The Secretary spoke out specifically, if broadly, in support of strong encryption.
However, bureaucratic details that have not yet been announced will have a major impact on the success and relevance of the Defense Innovation Advisory Board. It appears that Schmidt will play an active role in recommending participants and that traditional defense industry innovators may also be invited to participate – a healthy balance that avoids false dichotomies on the locus of innovation. More importantly, the particular role of the board, where it will sit institutionally, and how its recommendations might be shared and acted on remain to be seen. Traditional defense boards, such as those for policy, science, and business, have a mixed record in terms of efficacy and utility, and this could be equally true for the innovation advisory board.
The big questions that remains for these announcements and the Secretary’s innovation agenda writ large are how these initiatives will persist beyond his tenure and to what extent he will be able to drive reform in core DoD organizations and processes. His implicit theory of change has been to start by creating opportunities to go outside of the system for new technology, ideas, and experts. That is absolutely the right move to generate initial momentum. But these efforts require the personal support of the Secretary and will not necessarily impact how DoD approaches standard acquisition, personnel, or programming processes. With less than a year remaining in his tenure, how will the Secretary lock in his gains and truly move the building?
FitzGerald and DeJonge Schulman are available for interviews. To arrange an interview, please contact Neal Urwitz at firstname.lastname@example.org or 202-457-9409.