SAN DIEGO: The Pentagon’s new National Defense Strategy has shaped the 2019 budget request due out this month, Deputy Defense Secretary Patrick Shanahan said here. The strategy, he said, will lead swiftly to major reforms in everything from cybersecurity to how the military deploys forces around the world,
“Tomorrow morning about nine o’clock eastern standard time, I’ll be sitting with the chairman and the secretary, signing off the implementation guidance that goes along with this (budget),” Shanahan told the AFCEA-USNI WEST conference here. “We’re going to deliver the budget on time (with) Defense Planning Guidance (and) financial guidance… to do these things, so it’s not just talk.
“It would have been so easy to take a pass on the strategy this year… because of all the turmoil,” Shanahan said, noting the transition to a new administration, counterterrorism in Iraq, Syria, and Afghanistan, natural disasters and North Korean missile launches. Instead, the administration pushed hard to get it done, precisely so there would be an overarching strategy to guide the response to specific crises.
The recently released 11-page unclassified summary of the otherwise-classified National Defense Strategy was “the result of a sprint to put together a strategy that would build a budget,” he said. Every aspect of the budget has been “massaged” to make sure it serves the strategy, he said.
Defense Secretary Jim Mattis is changing process and policy inside the Pentagon as well, with new roles for the Joint Staff — something Joint Chiefs’ chairman Gen. Joseph Dunford has pushed for years. “How do we be more joint? The joint piece of this is leveraging the Joint Staff,” Shanahan said. “The speed element (is), for certain processes that relate to the deployment of resources, we’re going to go from a months scale to less-than-24-hours scale.”
After his public remarks, reporters pressed Shanahan for details.
“When I read the National Defense Strategy, the biggest change has to do with how quickly we will deploy forces,” he told us, citing the strategy’s imperative to “be strategically predictable, but operationally unpredictable.” The ideal is to be so reliable that allies can count on us and adversaries are deterred, but so quick and flexible no enemy can predict our specific actions.
“The work that we’re doing is to put the processes and mechanisms in place to do that right away,” Shanahan continued. “It’s a different role for the secretary in terms of … the number of resources available for movement or employment. (For the Joint Staff), it’s more dynamic, in terms of how quickly they’re able to make those recommendations and how quickly they can move those forces.”
Shanahan says he’s is also drawing on his long experience at Boeing to tighten the Defense Department’s cybersecurity standards.
“I used to wear Fitbit up to this last week,” Shanahan said to laughter, a reference to the revelation that Fitbit tracking data could be used to pinpoint US troops and their bases. “We leave digital footprints all over the place.”
The Defense Department needs to have a much higher standard of security, including for its contractors, Shanahan said. Instead of having financial disclosure statements, he mused, why not have “a digital disclosure statement (that) everybody you do business with is secure.”
What would this look like? the reporters asked afterward.
“I came from a company where product integrity and safety was the first order of business,” said Shanahan, who came to the Pentagon from Boeing. “Cyber falls into that category, (like) safety or security, as being one of those things that should be uncompromising.”
“How fast do you tear the Band-Aid off?” Shanahan said. “My preference would be, tonight, to say ‘that’s it, we’re going to drop the safe’ (and) come down hard, because we should.” But it’s not practical to insist every contractor meet tough new standards overnight, he acknowledged. Indeed, security will take some long-term cultural change, he said: “I want to make it so the culture here has the same focus on safety, security, as the one I experienced growing up (at Boeing). That should be for the CEOs at the top of their list: ‘Are we safe? Are we secure?'”
Ultimately, cybersecurity should become second nature, a matter of basic hygiene. “I have a son who’s 23 years old…I don’t call him up and ask him whether he’s brushed his teeth,” Shanahan said. “In areas of safety, protecting your workers, in terms of protecting our data or protecting their information, there should be this standard, you never cross the line.”