It is no secret the United States government has been playing catch-up when it comes to cybersecurity. Ever since the SolarWinds hack compromised thousands of organizations, with many victims in the U.S, the federal leaders have made cybersecurity a priority focus.
The Biden Administration has announced numerous measures aimed at improving the nation's cybersecurity infrastructure and has encouraged collaboration between the public and private sector, which many experts believe is a key component when it comes to improving cybersecurity as a whole.
But these improvements in the last year or so will hardly make up for decades of lax cybersecurity protocols, according to Nicolas Chaillan, who was the Department of Defense's first Chief Software Officer before recently resigning.
He cites cybersecurity leadership, a lack of funding, and the power and potential of a foreign adversary.
U.S. has 'no chance' in competing with China
Chaillan shared a lengthy LinkedIn post upon announcing his resignation, thanking all of his colleagues and highlighting everything he was able to accomplish in his 22-plus years in cybersecurity.
He also shared the reasons he decided to say goodbye to the U.S. government.
One of the first reasons was a reason why many of us choose to resign, retire, or step away from a career, and that is the birth of a child. He says that, like many fathers, the birth of his first child changed his life and view of the world.
It was because of this he began thinking about his future, and what his kids' futures will look like, which led him to this conclusion:
"I realize more clearly than ever before that, in 20 years from now, our children, both in the United States and our Allies’, will have no chance competing in a world where China has the drastic advantage of population over the US.
If the US can't match the booming, hardworking population in China, then we have to win by being smarter, more efficient, and forward-leaning through agility, rapid prototyping and innovation. We have to be ahead and lead. We can't afford to be behind.
Timeliness is foundational to both AI/ML and cybersecurity, but also for enabling the delivery of capabilities at the pace of relevance. That is where DevSecOps came in. We created the DoD Enterprise DevSecOps Initiative, certainly the largest DevSecOps engagement in the world, within the most complex organization in the world."
Senior cybersecurity official blames leadership
In Chaillan's LinkedIn post, he shared a recent article in which he called on leadership to "walk the walk." Time and time again, he asked for more funding and staffing and to prioritize basic IT issues within the Department.
"A lack of response and alignment is certainly a contributor to my accelerated exit. There have been continuous and exhausting fights to chase after funding 'out-of-hide,' because we are not enabled to fix enterprise IT teams within Program Offices."
He also provided a strong criticism of how the DOD approaches cybersecurity:
"Please stop putting a Major or Lt Col. (despite their devotion, exceptional attitude, and culture) in charge of ICAM, Zero Trust or Cloud for 1 to 4 million users when they have no previous experience in that field—we are setting up critical infrastructure to fail. We would not put a pilot in the cockpit without extensive flight training; why would we expect someone with no IT experience to be close to successful?
They do not know what to execute on or what to prioritize which leads to endless risk reduction efforts and diluted focus. IT is a highly skilled and trained job; staff it as such. I told my leadership that I could have fixed Enterprise IT in six months if empowered.
Yet with my 22 years of expertise running IT innovation, I was underutilized and poorly leveraged by the DOD, as most of my time was wasted trying to convince folks to engage with me and consider more relevant and efficient solutions, while I watched as they continued to deliver capabilities that do not meet the basic needs of our warfighters."
And he included this stinger of a line in his criticism of U.S. government officials:
"While we wasted time in bureaucracy, our adversaries moved further ahead."
It's easy to understand his frustrations, and in cybersecurity circles, he is not the only one to feel this way.
At the end of his post, he notes this:
"At this point, I am just tired of continuously chasing support and money to do my job. My office still has no billet and no funding, this year and the next."
No funding for this year or the next!
If you wish to know more about this situation, including other reasons why Chaillan resigned and all of the good things he was able to accomplish in his time with the DOD, check out his informative LinkedIn post.