Justifying New Federal Cyber CampusTop Administration Official Shares Insights on Strategy
When President Obama proposed spending $35 million to design a federal cyber campus to promote a "whole-of-government" approach to cybersecurity incident response, the administration provided scant details on the initiative buried deep in its $3.9 trillion fiscal year 2015 budget proposal (see Cybersecurity Priorities Unveiled in FY 2015 Budget).
On March 4, when the proposal was released, General Services Administration Administrator Dan Tangherlini said the initiative would shift about 600,000 square feet of leased space to a federally owned building in the Washington area. Cyber-response teams from the departments of Homeland Security and Department of Justice would anchor the campus, and cyber-response personnel from other civilian agencies - and eventually the private sector - could be located there, too.
We have found over and over again ... you still need to have that physical co-location in order to inspire and build trust.
Tangherlini's comments focused on real estate, and he emphasized that co-locating government cyber-incident-response personnel on the same campus would save the government millions of dollars now spent to support scores of facilities.
The $35 million to design the campus represents no more than a raindrop in a thunderstorm of proposed federal spending; it's less than 1/10,000th of Obama's budget. But a senior administration official I spoke with this week contends the money for the campus design signifies a major White House commitment to secure critical IT systems in the foreseeable future.
"We're putting one of our signature efforts into the budget," the senior administration official says. "This sends a message we continue to hammer home: The federal government has a long-standing mission in this space. It's a critical mission and we need to put this operational response in the foundation."
The senior administration official, speaking on background, emphasized that cost savings is only one factor for the initiative.
The Fort Meade Model
The official says it's a good idea to have individuals performing similar cybersecurity functions from different agencies working close to one another. Think of the cyber campus as being a civilian version of Fort Meade, Md., where the National Security Agency and military cyber command are situated and where other intelligence agencies assign some of their IT security personnel to work. "I don't know what the cyber campus ultimately would look like, but certainly we want to create a long-time permanent home for this mission that we certainly see as one that will be around for a while," the official said.
Though virtual tools exist to allow personnel to collaborate over secure networks, the official sees value in individuals working side by side, or at least within walking distance of each other.
"Despite all the virtuality and despite the fact that we're talking about cyberspace, you're still talking about people," the official said. "And ultimately, we have found over and over again in a whole array of missions, you still need to have that physical co-location in order to inspire and build trust and to do good idea sharing.
"I don't mean information sharing. You can do a lot of that virtually. Idea sharing, the spreading of ideas, and just the ability to work together and coordinate together, all of that is really fostered by having that proximity. That's still true, even in the cyberworld as virtual as it is. We see a lot of mission benefit behind creating a campus like this."
How important is it to co-locate cyber-defenders on the same campus to respond to cyber-incidents? Share your thoughts below.