Progress is cyber policy is mostly apolitical and organic and international. A mistake we in the US have sometimes made is viewing our cyber policy as being purely domestic, when the key feature of the cyber domain itself is to transcend borders and to be interlinked.
If you look at what works for other countries, one policy effort in a major ally stands out as being something we desperately need to adopt: The UK's NCSC Industry-100 platform.
At its heart, it's very simple. Essentially, you can find talent within private industry, ask them to take 20% of their time and donate that as work for the US Government. In exchange, they get experience they can't get elsewhere, and we hold their clearance.
It requires management, and funding, some basic distributed infrastructure, and the ability to scale, and it requires the will to enact a different way of recruiting and dealing with talent. But the follow-on effects would be vastly out of proportion to what we invest, and we need to do it as soon as possible. With this effort, we solve clearance issues, counterintelligence, recruitment and training, industry relationship building. We inform our government and our technical industry at the same time. Instead of saying private-public partnership, we actually build one.
It's past time. Let's get to work.
While not the same, we do have US Digital Service and other, agency-specific digital services that draw temporary talent from the technology sector. They get paid, but we hold clearances and push fly-away teams into short-term projects across the government. We also have the Defense Innovation Unit in several tech-heavy cities that helps with early tech adoption for DoD and the Joint AI Center that is creating AI/ML standards and also fosters smart application of AI in government.
ReplyDelete