IN-THE-NEWS: Feds Team with Foreign Policy Experts to Assess US Election Security

This article originally appeared in Dark Reading, January 18, 2018.

Expert panel lays out potential risks for the 2018 election cycle and beyond

Speaking at a panel on election security in Chicago last night, Douglas Lute, former US Ambassador to NATO, said he remains very concerned that Russian interference in the 2016 elections has eroded the public’s confidence in the election system, the cornerstone of the American democracy.

“What happened in the 2016 election is as serious a national security threat as I’ve seen in the last 40 years,” said Lute. “When you think of events such as Pearl Harbor and 9-11, those are physical attacks and terrible as they are, we can recover from them. But if we lose confidence in the election system, that erosion is more serious.”

The panel discussion, "Secure the Vote," was sponsored by DEF CON, which held a Voting Machine Hacker Village during its August event, and by the Chicago Council on Global Affairs. Also participating were Rick Driggers, deputy assistant secretary at the US Department of Homeland Security's (DHS) Office of Cybersecurity & Communications, and Greg Bales, community outreach coordinator in Sen. Richard Durbin’s (D-Ill.) office. The panel moderator was Jake Braun, cybersecurity instructor at the University of Chicago.

Braun hailed the panel as the first time the executive and legislative branches of government got together to publicly discuss hacking of the US election system.

In September, DHS informed 21 US states that some component of their respective election systems had been targeted by Russian state-sponsored cybercriminals during the 2016 election campaign. According to DHS, no votes were changed and many of the targets experienced only vulnerability scans. Last night’s discussion was held ahead of the nation’s first primaries this March in Illinois and Texas, both of which were among the 21 targeted states. 

Lute kicked off the panel with five points for attendees to consider:

  • Russia is a proven threat. Although President Donald Trump has rejected the validity of reports on election tampering, national security agencies agreed that Russia attacked our election system in 2016 and that it was state-sponsored under the direction of Russian President Vladimir Putin, said Lute.
  • Russia is not going away. President Putin is likely to win another six-year term this year in an uncontested election, and even if something happened to Putin, he would be replaced by a similar figure who will look to expand on global election hacking efforts, said Lute.
  • Other nation-states are potential threats. It’s clear that other nations such as China, Iran and North Korea have the capability to hack into our elections and other critical businesses and infrastructure.
  • Time is short. The election cycle of 2018 is a short two months away and the 2020 Presidential race is just around the corner.
  • Our allies are vulnerable. Other countries' elections are already experiencing cybersecurity incidents, like the data breach that hit French president Francois Macron days before the election. 

The DHS’s Driggers said DHS is available upon the request of state and local governments to provide security services such as technology assessments, information sharing and basic cyber hygiene. He said in early January 2017, DHS identified the US election system as part of the nation’s critical infrastructure, putting it on the level of our IT, defense, energy, and financial services systems.

"It's definitely a priority in our planning," Driggers said. "We realize that US elections are run by local election officials and our efforts are primarily to support state and local efforts."

On the legislative front, Bales said Sen. Durbin is working hard to support the Secure Elections Act, a bill sponsored by Sen. James Lankford (R-Okla.) and Sen. Amy Klobuchar (D-Minn.) that seeks to protect against foreign interference in future elections.

"Voting is a bi-partisan American issue, so we have to make sure outside actors like Russia are not involved," Bales said.

As for potential solutions, Lute offered three suggestions: get the entire election system off the Internet; protect the state voter registration databases; and create an audit trail by using optical scanners to track individual paper votes.

Most of Lute’s suggestions are based on the Election Security Plan developed by Noah Praetz, director of elections with the Cook County Clerk’s Office. Praetz’s plan represents the first known formal response by a local government to reported US election hacking in 2016.

Many cybersecurity researchers also called for paper voting or systems that use optical character readers to generate voter-verified paper trails after two (decommissioned) voting machines were hacked within 90 minutes during DEF CON's Voting Machine Hacker Village in August

In-The-News: New York governor wants state pension fund to divest fossil fuel company stocks

This article originally appeared in the New Castle News, December 22, 2017

ALBANY, N. Y. — As Gov. Andrew Cuomo tells it, the state pension fund — the third largest retirement nest egg for public employees in the nation — should sell off its investment in fossil fuel companies that have polluted the environment with products that worsen global climate change.

"That is the energy of yesterday," he told reporters this week after previewing a proposal that he plans to stitch into his Jan. 3 State of the State speech. "It is literally polluting the planet."

The $201.3 billion New York State and Local Retirement System fund, as it is officially called, is managed by state Comptroller Thomas DiNapoli.

As the fund's sole trustee, DiNapoli has resisted earlier calls from green activists for divestment in oil and natural gas companies. He has contended that as a shareholder with a seat at the table he is in a better position to influence corporate behavior than he would be if he sold off the pension fund's stake in those companies.

Cuomo, who has no oversight role over the fund, cast his interest in an avuncular way, suggesting that he wants to "protect the retirement savings of New Yorkers." But with the governor poised to seek a third term in Albany in 2018 and leaving the door open for a run for the White House in 2020, the pension fund divestment issue has already triggered speculation that political considerations were a factor in the proposal.

But the governor's move has spawned concerns that a green energy litmus test over investment decisions could end up limiting the fund's growth should Cuomo's prognostications regarding energy sector stocks prove to be flawed.

"The comptroller needs to stick to his guns and understand that his fiduciary responsibility is to the beneficiaries" of the fund, said Christopher Burnham, the former Connecticut state treasurer who served as the sole trustee of the Nutmeg State's pension fund from 1995 to 1997.

"You have to invest these monies cautiously, carefully and wisely, and without allowing a personal agenda to play a role in how you execute your duties," said Burnham, a Republican and native New Yorker who is chairman of Cambridge Global Advisors in Virginia.

DiNapoli and Cuomo are downstate Democrats, though at times the relationship between the two has been chilly. Since Cuomo advanced his pension proposal, the comptroller has avoided arguing with the governor over the issue, instead signaling that he welcomes the "opportunity to partner" with Cuomo via an advisory council aimed at "achieving investment returns."

DiNapoli further stated that while he has "no immediate plans to divest our energy holdings," the New York pension fund has been a leader in advancing climate change goals and is increasing its current stake of more than $5 billion in "sustainable" investments.

"We believe in engagement with companies," DiNapoli said in responding in June to a CNHI inquiry about a push for divestment by a coalition calling itself Elected Officials to Protect New York.

Republicans lost no time in accusing Cuomo of meddling in an arena where they say he has no business.

“The public pension fund does not exist so Andrew Cuomo can use it to build a campaign platform for a presidential run," said Assembly GOP Leader Brian Kolb, who has announced he is a candidate for governor.

By taking on the fight for divestment, though, Cuomo may be choosing a pathway that could put octane into any future run for the presidency, said Harvey Schantz, the chairman of the political science department at the State University at Plattsburgh.

"Running for governor in New York state and running for the Democratic nomination for the presidency present overlapping opportunities," Schantz said. "You have to show liberal bona fides and you have to show executive ability. First, he has to get re-elected as governor. But by staking out liberal positions, he could be helping himself in New York and also helping himself win the Democratic nomination."

In advancing his proposal, Cuomo pointed out that the World Bank plans to stop financing gas and oil exploration projects, and the Norwegian sovereign wealth fund is already shedding its fossil fuel investments.

While it is DiNapoli who calls the shots at the pension fund, Cuomo is not out of line in suggesting that its portfolio mix be shuffled in ways that promote greater reliance on renewable energy, said Larry Levy, a longtime observer of New York politics and director of the National Center for Suburban Studies at Hofstra University,

Levy suggested that Cuomo has been steadily building his record as an advocate for expanded use of solar and wind energy and is the architect of the state's policy to have the state's energy diet include no less than 50 percent renewable energy by 2030. The Cuomo administration, he added, has also kept the gas drilling technique known as hydraulic fracturing from being introduced in New York.

"He can't be accused of posturing on this issue because he has gone all-in on reducing the reliance of fossil fuels in a big way," he said. "It's not as if he has suddenly discovered an issue and is coming out to please a certain constituency."

As to the speculation that Cuomo is preparing a White House run, Levy said, "2018 is 2020. If a U.S. senator or governor doesn't knock it out of the park in his home state in 2018, then he or she is going to drop precipitously on any list for any national election."

Commentary: Pensions should avoid politics and invest for the benefit of our workers

This OpEd authored by Cambridge Global Chairman, Christopher Burnham, originally ran in the The Hill, December 10, 2017.

Why do public fiduciaries think they should impose their political agenda on other people’s retirement benefits? Is not the standard of care to manage public retirement funds with the highest return at the lowest reasonable risk? With more than 50 percent of all state pension funds significantly underfunded and at least five states, including my native Connecticut, facing immanent bankruptcy due to grossly unfunded state employee and teacher pension systems, why would both beneficiaries and taxpayers, who will be forced to makeup those liabilities, want to politicize the management of the money? As I will also be a beneficiary in a few years, please manage the money without a political agenda.

When I was elected state treasurer of Connecticut in 1994, I inherited the worst performing state pension system in America for the previous 10 years. Within the first six months we fired the vast majority of money managers and indexed 75 percent of the portfolio. Yet, I was attacked for holding tobacco stocks in the portfolio, by virtue of the fact that we owned an S&P 500 stock index fund. I refused to play politics with the pension, particularly after 10 years of politics had relegated pension fund performance to the gutter. Instead, we focused on the highest return at a reasonable risk, and performance skyrocketed from dead last to the top 25 percent in the country, overnight.

Now a new era of activists, without any regard to fiduciary responsibility, is injecting politics into pension systems, yet again, by trying to make states, counties and municipalities across the country divest of shares in energy companies. Why would we seek to undermine the integrity of a secure retirement for our teachers and government employees? If they, individually, want to invest in activist funds, they should force states to move to a system similar to the U.S. government employee retirement system, or to a full or partial defined contribution system, such as Rhode Island recently did. Then retirees can make decisions for themselves.

However, to force a political agenda to be shoved into the investment of their retirement accounts is wrong, and a clear violation of fiduciary responsibility. Moreover, if you divest from energy investments, where do you stop? If you remove energy companies, why not remove fast food companies? How about booze, gambling and producers of sugary drinks? As a combat veteran, I am very grateful for the strength of our American defense industry and believe we should invest more in defense companies. Would everyone else agree with me?

Additionally, pressure is mounting on banks. Recently, U.S. Bank, the leading provider of financial products and services to the federal government for over 30 years, has ceded to these activist groups and announced radical changes to corporate policies, including ceasing its investments in energy infrastructure. Its management announced that U.S. Bank plans to stop providing construction for energy pipelines, although it has not announced that that it will no longer service the major railroad carrier, which carry all of the coal Minnesota uses to produce over 30 percent of their electric energy needs. Fiduciary responsibility also means responsibility to shareholders.

We must not allow individual political and ideological agendas to break the special trust and confidence our government and teacher retirees should have in those who are elected or appointed to be the fiduciaries of retirement systems across our country. Unless mandated by law, such as owning shares in companies doing business in North Korea, there is no room for ideological agendas in the management of other people’s money, particularly our teachers and government employees.

Christopher B. Burnham is the former state treasurer of Connecticut, where he was sole fiduciary of the $16 billion Connecticut pension system, and former undersecretary general of the United Nations, where he was sole fiduciary of the $42 billion United Nations pension system. He is now chairman of consulting firm Cambridge Global Advisors.

IN-THE-NEWS: CGA's Doug Lute tells USA Today about the national security implications of protecting our election infrastructure

This piece originally appeared in USA Today, December 7, 2017

Illinois' most populous county has a plan to keep hackers out, after the state's voter registration list was breached during last year's presidential race. There's one big sticking point: the money. 

The director of elections for Illinois' Cook County and a group including Ambassador Douglas Lute will present a strategy to bolster U.S. election systems' defenses against foreign intruders on Thursday. 

That roadmap comes with a request for the federal government to fund their plan, underlining a hurdle for many municipalities as they head into the 2018 midterm and 2020 presidential elections.

While last year's general election made clear the voting system was vulnerable to hackers, and the federal government has instructed the nation's 9,000 election officials to make their voting rolls safer, many municipalities lack funding to make these changes. 

The last time there was significant federal funding for election infrastructure at the local level was the Help America Vote Act of 2002, passed in the aftermath of the controversy surrounding the 2000 president election recount. That resulted in almost $3 billion in funds for new voting equipment

"For a relatively modest investment it seems to me that we can shore up the system significantly," Noah Praetz told USA TODAY.

His five-page plan, sponsored by Cook County Clerk David Orr and being presented at the University of Chicago's Harris School of Public Policy, is part of a broader effort by an ad hoc bipartisan group working to strengthen the U.S. election system after Russian intrusions during the 2016 U.S. presidential race. It calls on the federal government to aid states, laying out a list of 20 defense tactics election officials can take to protect election integrity.

"Make no mistake, this will be a painful and expensive undertaking," it reads.

Just how expensive isn't known. The U.S. election system is highly decentralized. Each jurisdiction has different staff, equipment and funding and must deal with differing local and state regulations governing elections.

For Cook County, which is responsible only for county-wide elections as the city of Chicago holds its own elections, "it's going to cost many millions." Praetz said he couldn't be more specific because the county is in the middle of a procurement process.

Even hundreds of millions is just "a rounding error of the defense department budget," said Lute, a retired three-star general who served under both Obama and George W. Bush.

"We're buying hard defense for America to the tune of $700 billion a year. And for literally less than one-one-thousandth of that, we could make dramatic inroads to secure our election systems. Which quite frankly may be more fundamental [to our security] than the next fighter plane," he said.

Russia will be back

The problem with Russia, which denied any interference in the U.S. election, isn't going to go away, say election officials. The 2016 attacks were a classic Russian intelligence military operation.

"Initially it is rather clumsy. They probe and they make mistakes and they get found out. But they also learn very quickly. I expect that in 2018 they will be back, with a much more sophisticated and targeted approach," said Lute, most recently the former United States Permanent Representative to the North Atlantic Council, NATO’s standing political body.

2016 was a heads up

The 2016 election was a watershed in terms of awareness about foreign election meddling. No one knows the problem better than Illinois, one of two states where federal authorities say Russian hackers succeeded in infiltrating the election system.

The hackers operated undetected for three weeks, viewing the records of 90,000 voters and, according to the Illinois State Board of Elections, attempted to delete or alter some voter data.

Time is also short. Illinois also is one of two states with the earliest primaries in the county, meaning its voters will go to the polls in March.

The white paper suggests the creation of a national digital network for local election officials to quickly share information about threats and incidents. This is in contrast to 2016, when officials in 21 states only learned they'd been targeted almost a year after the fact.

Next, every local and state election official should have a security officer on staff, to deal with these issues. 

The paper then goes on to outline a standard list of the things any company would implement to protect the security of its networks, but which election officials have overall been slow to roll out because of a lack of funding, knowledge and awareness of the dangers.

The final suggestion is the idea that every election jurisdiction needs to come up with a plan about how it will recover if it is hacked. That could mean paper backups of voter registration lists, storing paper ballots or saving digital scans of ballots.

"If we detect breaches and recover from them quickly, we will survive. And so will our democracy," the paper says.  

PRESS RELEASE: Cambridge Global Advisors CEO Jake Braun Receives O’Reilly Defender Award for Elevating U.S. Voting Infrastructure Cybersecurity Concerns

November 3, 2017 (New York, NY) – This week, CEO of Cambridge Global Advisors (CGA) Jake Braun was awarded the O’Reilly Defender Award for Research at the annual O’Reilly Security Conference in New York City.  The award “celebrates those who have demonstrated exceptional leadership, creativity, and collaboration in the defensive security field.” It was given to Mr. Braun for his recent contributions in the “Voting Machine Hacker Village” at DEFCON and for increasing awareness around cyber threats and vulnerabilities in U.S. election and voting infrastructure. 

The “Voting Village” was an innovative three-day demonstration (July 27-30, 2017) held in Las Vegas at DEFCON – the world’s largest, longest-running hacker conference – that assembled more than 25 pieces of election equipment including voting machines and pollbooks still widely used in U.S. elections today.  The Voting Village made them accessible to 1000+ hackers who were encouraged to test the technology and expose cyber vulnerabilities for educational purposes. The event’s concept was born out of U.S. intelligence reports regarding Russian attempts to interfere in the 2016 elections and the U.S. Department of Homeland Security’s recent confirmation that voter registration databases in at least 21 states were breached last year. 

Mr. Braun shared the O’Reilly Defender award with several other “Voting Village” colleagues including Matt Blaze (University of Pennsylvania), Joseph Lorenzo Hall (Center for Democracy & Technology), Harri Hursti (Nordic Innovation Labs), Margaret MacAlpline (Nordic Innovation Labs) and Jeff Moss (DEFCON).  Last month, this six-person team released a report on the Voting Village findings. Together, the team has been elevating concerns around vulnerabilities in U.S. election equipment and networks and is currently working to assemble stakeholders critical to invoking policy change at the federal, state and local level ahead of nationwide elections in 2018.

Speaking of the award, Jake Braun said: “The Voting Village was about exposing the weaknesses in our voting systems and finding ways to educate others, especially in light of what we know about Russia’s attempts to hack the 2016 Presidential Election. I am immensely proud of this award, which serves as a recognition that voting security is more than just a cyber or hacker issue. Protecting the vote is indeed a national security imperative that requires our leaders band together to find solutions.”

In addition to his CEO role at CGA, Mr. Braun currently serves as a faculty member at the University of Chicago where he teaches cybersecurity policy. He is also a former White House and Public Liaison for the U.S. Department of Homeland Security and remains an advisor to DHS and the Pentagon on cybersecurity issues.

IN-THE-NEWS: CGA's Nate Snyder Participates in Panel with Former CIA Director John Brennan

Cambridge Global Advisors (CGA) is proud to announce the participation of Nate Snyder, former senior counterterrorism official in the Department of Homeland Security and current CGA employee, in last Wednesday's discussion with John Brennan, former Director of the Central Intelligence Agency regarding the outlook of global security. The event was hosted by The Center on National Security at Fordham University School of Law in New York, where Brennan is Distinguished Fellow for Global Security. It was attended by widely recognized national security thought leaders, published researchers, current CT practitioners, national media, and national security correspondents. 

The conversation was moderated by David Ignatius, columnist for the Washington Post. Video of the conversation can be found here.  

IN-THE-NEWS: CGA Supports DEFCON on Issuing Report on Voting-Village/Election Security

Cambridge Global Advisors (CGA) was pleased to partner with DEFCON and the Atlantic Council to issue a new report on the findings of DEFCON's first-ever Voting Machine Hacking Village.  Held at the DEFCON in Vegas back in July, the Voting Village allowed thousands of participants to "hack" several pieces of election equipment still in use in U.S. elections today.  On the heels of news regarding Russian attempts to infiltrate and influence our elections in 2016, this Village and timely report adds to the growing understanding of the vulnerabilities facing our democracy today.  

Cambridge CEO Jake Braun helped to bring the Village to DEFCON this year, as well as helped to author the report and moderate the report launch event on October 10, 2017 in DC.  CGA Partner and former U.S. Ambassador to NATO, Doug Lute, also participated in the event as a panelist discussing the national security implications of foreign hacking attempts aimed at U.S. elections and our democracy.

Watch the full event at CSPAN.

Download the full report from DEFCON.org

Read a full clips-wrap up

IN-THE-NEWS: CGA cited in Politico: "Hacker study: Russia could get into U.S. voting machines"

American voting machines are full of foreign-made hardware and software, including from China, and a top group of hackers and national security officials says that means they could have been infiltrated last year and into the future.

DEFCON, the world’s largest hacker conference, will release its findings on Tuesday, months after hosting a July demonstration in which hackers quickly broke into 25 different types of voting machines.

The report, to be unveiled at an event at the Atlantic Council, comes as the investigation continues by four Hill committees, plus Justice Department special counsel Robert Mueller, into Russian meddling in the 2016 elections, on top of the firm intelligence community assessments of interference.

Though the report offers no proof of an attack last year, experts involved with it say they’re sure it is possible—and probable—and that the chances of a bigger attack in the future are high.

“From a technological point of view, this is something that is clearly doable,” said Sherri Ramsay, the former director of the federal Central Security Service Threat Operations Center, which handles cyber threats for the military and the National Security Agency. “For us to turn a blind eye to this, I think that would be very irresponsible on our part.”

Often, voting machine companies argue that their supply chain is secure or that the parts are American-made or that the number of different and disconnected officials administering elections would make a widespread hack impossible. The companies also regularly say that since many machines are not connected to the internet, hackers’ ability to get in is limited.

But at the DEFCON event in Las Vegas, hackers took over voting machines, remotely and exposed personal information in voter files and more.

Las Vegas was a timed event to prove a point. But the hackers say that taking the machines apart in the months since has exposed deeper vulnerabilities. Parts and programs that could easily be embedded with malware and sleeper commands are being incorporated from all over the world, from suppliers and shippers without clear security measures.

That easily opens the possibility that a country with large resources and a long-term view—like Russia—could get access.

It sounds like science fiction, or at least “Ocean’s 11,” but cybersecurity experts are frantically waving their hands, trying to get Americans to see that in foreign capitals, the American voting system just looks like easy opportunity.

Ramsay, who’s been talking with DEFCON about the report but isn’t a formal advisor, pointed out the U.S. is exposed well beyond voting machines, with the same “supply chain” issue creating risks to the electrical grid, the banking system and beyond. She pointed to the Ukrainian power grid’s being shut down twice in the last two years, which researchers have said looks like either Russia flexing its muscle against a rival country, or worse, practicing for a larger American attack.

Security experts and some lawmakers investigating Russia’s digital meddling in the 2016 election have called on voting machine vendors to offer up their code outside for inspection, but the firms have resisted.

The DEFCON report findings are especially compelling in light of the Department of Homeland Security’s recent notification to 21 states last month of Russian attempts to intervene in the 2016 elections.

“We can now definitively say that the Russians could hack our entire elections, remotely, all at once,” said Jake Braun, a former DHS official who’s now the CEO of Cambridge Global Advisors.

Some measures to combat these issues would be complicated, like changing the entire manufacturing process for the machines, and discarding any that have ever been connected to the internet or lack an audit process. Some are as basic as changing a password —the report states that one machine “was found to have an unchangeable, universal default password – found with a simple Google search – of ‘admin’ and ‘abcde.’”

Though President Donald Trump has repeatedly dismissed talk of election hacking attempts, concerns are mounting that Russia and others are already moving to the next incursion.

“What really concerns me is having suffered these probing attacks last year, we may be in for an even more sophisticated, more potentially effective assault next time around—and oh, by the way, others were watching,” said Ambassador Doug Lute, a retired Army lieutenant general who served as the permanent representative to NATO from 2013-2017.

Lute wrote the introduction to the DEFCON report, and said that from watching Russian President Vladimir Putin in action, he is anxious about what looks likely to come based on what he’s already seen, and feels like alarms should be ringing about voting in the 2018 midterms.

“It felt eerily familiar to Russian military tactics,” Lute said. “And it felt very uncomfortable in terms of how little time we have.”

This article originally appeared in Politico, October 9, 2017.

COMMENTARY: DHS office leading the way on federal cyber innovation

This article originally appeared in Fifth Domain, September 26, 2017.

By: Chris Cummiskey

It isn’t often that the words innovation and government find their way into the same sentence. When they do, it is often to decry the lack of innovation in government practices. Silicon Valley and other corporate leaders have long lamented that the federal government just doesn’t seem to understand what it takes to bring innovation to government programs.

One office in the federal government is having an outsized, positive impact on bringing private sector innovation to government cybersecurity problem solving. The Cybersecurity Division (CSD) of the Science & Technology Directorate at the Department of Homeland Security has figured out how to crack the code in swiftly delivering cutting edge cyber technologies to the operators in the field. Some of these programs include: cybersecurity for law enforcement, identity management, mobile security and network system security.

The mission of CSD is to develop and deliver new technologies and to defend and secure existing and future systems and networks. With the ongoing assault on federal networks from nation-states and criminal syndicates, the mission of CSD is more important than ever.

CSD has figured out how to build a successful, actionable strategy that produces real results for DHS components. Their paradigm for delivering innovative cyber solutions includes key areas such as a streamlined process for R&D execution and technology transition, international engagement and the Silicon Valley Innovation Program (SVIP).

R&D Execution and Technology Transition

One of the greatest impediments to taking innovative ideas and putting them into action is the federal acquisition process. As a former chief acquisition officer at DHS, I certainly understand why there needs to be federal acquisition regulations. The challenge is these regulations can be used to stifle the government’s ability to drive innovation. I am encouraged by the efforts to overcome these obstacles by federal acquisition executives like DHS Chief Procurement Officer Soraya Correa – who is leading the fight to overcome these hurdles.

Under the leadership of Dr. Doug Maughan, CSD has created a process with the help of procurement executives that swiftly establishes cyber capabilities and requirements with input from the actual users. They have designed a program that accelerates the acquisition process to seed companies to work on discreet cyber problems. The CSD R&D Execution Model has been utilized since 2004 to successfully transition over 40 cyber products with the help of private sector companies. The model sets up a continuous process that starts with workshops and a pre-solicitation dialogue and ends with concrete technologies and products that can be utilized by the operators in the various DHS components. To date the program has generated cyber technologies in forensics, mobile device security, malware analysis and hardware enabled zero-day protections and many others.

International Engagement

Maughan often states that cybersecurity is a global sport. As such, many of the challenges that face the United States are often encountered first by other countries. Maughan and his team have worked diligently to leverage international funding for R&D and investment. CSD is regularly featured at global cyber gatherings and conferences on subjects ranging from international cyber standard setting to sharing R&D requirements for the global entrepreneur and innovation communities.

Silicon Valley Innovation Project (SVIP)

It seems like the federal government has been trying to get a foothold in Silicon Valley for decades. Every president and many of their cabinet secretaries in recent memory have professed a desire to harness the power of innovation that emanates from this West Coast enclave. One of the knocks on the federal government is that it just doesn’t move fast enough to keep pace with the innovation community. Maughan and the folks at CSD recognize these historic impediments and have moved deftly to build a Silicon Valley Innovation Project (SVIP) that is delivering real results. To help solve the hardest cyber problems facing DHS components like the Coast Guard, Customs and Border Protection, the United States Secret Service and the Transportation Safety Administration, SVIP is working with Silicon Valley leaders to educate, fund and test in key cyber areas. The program is currently focusing on K9 wearables, big data, financial cybersecurity technology, drones and identity. The SVIP has developed an agile funding model that awards up to $800,000 for a span of up to 24 months. While traditional procurement processes can take months, the SVIP engages in a rolling application process where companies are invited to pitch their cyber solutions with award decisions usually made the same day. The benefits of this approach include: speed to market, extensive partnering and mentoring opportunities for the companies and market validation.

Conclusion

Moving innovative cyber solutions from the private sector to the federal government will always be a challenge. The speed of innovation and technological advancement confounds federal budget and acquisition processes. What Maughan and CSD have proven is that with the right approach these systems can complement one another. This is a huge service to the men and women in homeland and cybersecurity that wake up every day to protect our country from an ever-increasing stream of threats.

Chris Cummiskey is a former acting under secretary/deputy under secretary for management and chief acquisition officer at the U.S. Department of Homeland Security.