Dempsey, Zuckerburg and cyber security

Guess who’s been busy visiting Mark Zuckerberg and other Silicon Valley luminaries recently?

Gen. Martin Dempsey, that’s who. Along with a handful of other Defense Department officials, chairman of the Joint Chiefs of Staff were in Silicon Valley in August picking the brains of leaders throughout the valley and discussing the need to quickly share information on cyber threats.

Dempsey mentioned the trip in a press conference last month but did not say who he met with. Now, Killer Apps has learned that he sat down with Facebook’s Zuckerberg, Google execs (including tech legend Vint Cerf), several startups, an unnamed venture capital firm, and executives of companies belonging to the Enduring Security Framework — a loose organization sponsored by the National Security Agency that "helps the public and private sector cooperatively address cyber threats," according to a Sept. 13 email from DoD spokeswoman, Lt. Cdr. Cindy Fields.

"The conversation included discussions of the role of venture capital in creating innovation, the pressing need for better cyber security, the cyber security legislation now pending in Congress, ways industry and government can better share information about cyber threats, and new approaches to securing computers and networks from malware," Fields wrote.

"I was in Silicon Valley recently, for about a week, to discuss vulnerabilities and opportunities in cyber with industry leaders," said Dempsey during an Aug. 14 press conference at the Pentagon. "This is a domain, as you know, without borders or buffer zones, where public-private collaboration is the only way to safeguard our nation’s critical infrastructure. They agreed — we all agreed on the need to share threat information at network speed. And I’d like to see a return in Congress’ push towards cyber legislation that does at least this."

His remarks came just after Senate republicans shot down a bill proposing rapid information sharing about cyber attacks and threats between private companies and the government, dubbed the Cyber Security Act of 2012, over the minimum cyber security standards it would have required of companies involved in critical infrastructure. That bill contained information-sharing provisions that were watered down compared to earlier pieces of cyber security legislation that failed after protest from Internet companies and civil liberties advocates.

The Pentagon may not get any cyber security legislation to help it out in the immediate future, given the upcoming elections and Congress’s need to reach a deal on reducing the national deficit before January. However, that’s not stopping it from reaching out to private companies to discuss the latest tech and trying to persuade them to share info on attacks and increase their security standards.

"As a place full of new ideas about many things relevant to the military, DoD already has strong engagement with Silicon Valley," said Fields. "Recently, the DoD CIO [chief information officer] and the Director of DISA [Defense Information Systems Agency] spent a week talking to major corporations, rising entrepreneurs, venture capitalists and academics. DoD intends to continue this dialogue on a regular basis to maintain strong leadership relationships with the private sector. General Dempsey plans to continue that engagement, especially on cyber security, one of the signature issues of his tenure."

DoD must work with both critical infrastructure companies — utilities, banks, and Internet service providers — to enhance their corporate security standards and "the tech industry around how they can help with providing much more secure devices, how can they help with making sure that the technology that we all use is much more secure," Teri Takai, the CIO, told Killer Apps during a Sept. 4 interview. "I was just out in Silicon Valley a couple of weeks ago, looking at where they’re going, what they are thinking, some really fascinating discussions with some of the small companies and also with some of the research universities about what they’re thinking."

She added that since "you don’t want to have to legislate it all, I think it’s going to be important that with our knowledge [of cyber threats] we continue to work with all of the sectors to really make sure that we’re trying to push the [cyber security] envelope."

Takai acknowledged that getting private companies to invest in better network defenses in a time of belt-tightening might be the DoD’s biggest challenge.