Cybersecurity

Military hits snag in Silicon Valley recruitment

The fight between the FBI and Apple over a locked iPhone is threatening to undermine the Pentagon’s attempt to recruit talent from Silicon Valley. 

Defense Secretary Ash Carter spent this week out West, meeting with tech executives and launching new cybersecurity initiatives that will rely on help from the Bay Area.

{mosads}But under the looming shadow of the FBI’s request that Apple help bypass the iPhone’s security measures, Carter also made a noticeable effort to send a signal to techies: We get you. 

“We need our data security and encryption to be as strong as possible,” he said, later adding, “I’m not a believer in backdoors,” echoing the arguments Apple has used to rebuff the FBI’s appeal.

Carter’s outreach is part of a broad push across the government to build ties to the center of the tech industry. The Department of Homeland Security has opened a Silicon Valley office and President Obama held a daylong cybersecurity conference at Stanford University last year.

The military is working to quickly ramp up a half-staffed U.S. Cyber Command that is trying to fill 6,200 positions across 133 teams by 2018. And officials acknowledged last week they had launched an unprecedented cyber war campaign against the Islamic State in Iraq and Syria (ISIS). 

Given the staffing needs, the Apple-FBI standoff is coming at a bad time for the Pentagon. 

“I do think the timing is unfortunate from a relationship perspective,” said Michael McNerney, a former cybersecurity policy advisor for the secretary of Defense who now runs anti-hacking firm Efflux Systems.

Carter has said he wants to “rebuild bridges” to Silicon Valley that were badly damaged in 2013 when government leaker Edward Snowden exposed the extent of government spying.

After taking over at the Pentagon last year, Carter became the first Defense chief to visit Silicon Valley in nearly two decades. He has since tallied three visits in 12 months and opened up the Pentagon’s first ever offices in the Bay Area.

This week, Carter also unveiled two new programs that some security experts see as a major shift in how the Pentagon approaches technology.

One is a first-of-its-kind government initiative dubbed “Hack the Pentagon,” which will reward hackers for uncovering security flaws, or bugs, in the DOD’s networks.

“This is a huge, significant shift,” said Katie Moussouris, a long-time hacker and chief policy officer at HackerOne, which coordinates similar “bug bounty” programs for companies.

It’s the Pentagon “accepting the dark arts, accepting hackers’ skills as something that is really important,” she added.

The second initiative is a Pentagon advisory board headed by Eric Schmidt, the executive chairman of Google’s parent company. The 12-member panel will try to inject Silicon Valley culture into the DOD.

“Cross-pollination like this is a refreshing and much-needed step,” said Carl Herberger, a former Air Force cybersecurity officer now at security firm Radware. The moves help the DOD get away from “the more or less inbreeding culture of the past,” he added.

But the Apple-FBI feud overshadowed both announcements out West, as security experts gathered in San Francisco for RSA, the cybersecurity industry’s largest annual conference.

People were mostly watching for what Carter would say about the case, which has pitted the law enforcement world against the tech and privacy community.

The FBI wants Apple to create software that could disable a security feature on an iPhone used by Syed Farook, one of the two shooters in the San Bernardino, Calif., terrorist attacks that left 14 people dead.

Apple has resisted, characterizing the software as a “backdoor” that could be used to crack into all other iPhones. Complying would also set a precedent that endangers global encryption and online privacy, the company says.

“There are limits on what I can say about the case that’s been in the news lately, I’m sure you know which one I’m talking about,” Carter said on Tuesday, before giving a full-throated defense of encryption and noting, “DOD is the largest user of encryption in the world.”

“Future policy shouldn’t be driven by any one particular case,” Carter said.

“There will not be some simple, overall technical approach, including the so-called backdoor,” he continued. “In this global marketplace, failing to work together would risk letting others set the standard on their terms and according to their values.”

Some took the comments as an attempt to publicly show daylight between the DOD and the FBI.

Carter “has a global perspective, he runs a global organization,” McNerney said. “He has to think about not just immediate tactical security issues, but also global transnational threats.”

Silicon Valley is receptive to the global perspective: It’s one of the main defenses Apple, Google, Microsoft and others have used to justify their resistance to the FBI’s call for help.

If the FBI forces these companies to work on behalf of American law enforcement, the tech companies say, who will trust their products overseas? And what will stop other governments from asking for the same hacking assistance?

“For a long time, a challenge the government has when talking to U.S. companies is that they seem to not understand that companies, especially a company like Apple, is a worldwide company, it’s a globally-driven company,” said Herberger, the former Air Force cyber officer.

But even with Carter pushing the right buttons, he’ll continue to face a wary Bay Area audience.

“I think there’s always going to be that left hand, right hand mistrust, and it’s going to take many more years to rebuild that trust,” said Moussouris of HackerOne.

And if the FBI is successful in its court battle against Apple, all bets are off. 

“I have no idea how this is going to play out,” McNerney said.