Green Light Granted for Offense: Let’s Go!
On March 20, General Keith Alexander delivered a statement before the House Committee on Armed Services. The prepared statement highlighted the roll-out of Cyber Support Element (CSE) placements at all six combatant commands to tailor mission support requirements for cyberspace operations. In effect, this testimony confirmed that cyber warfare (aka offense) will be conducted by each of the combatant commands, rather than led by USCYBERCOM or NSA.
We are not going to debate the execution nuances of the above plan from an infrastructure, policy, or contracting standpoint. Rather, let us assume those issues have been (and will be) resolved and concentrate on how companies could pre-position for the start-up of a major, long-term outsourcing opportunity for offensive-based solutions. How can a cyber company market to this emerging customer set? What should a company with great technological solutions and talented workforce, but limited business development resources, limited understanding of the overall mission, and few, if any, clearances do to garner immediate market share?
Some ideas to jumpstart approaches to command thought leadership:
New Hires. Announce hiring (full-time employees, not advisors / consultants) of subject matter experts within legacy defense fields. These hires must have mission understanding and forward-leaning strategic vision that can work with cyber experts to craft hybrid warfare solutions.
Demonstrate Hardest Problems. Pick relevant attention-grabbing topics. For example, showcase how technology can bridge Title 10 and Title 50 authorities. Find optimal (read: unconventional) venues to showcase these demonstrations.
Leverage Independant Resources. There are a significant number of universities and labs that have set up cyber centers / sandboxes to work on advanced research and development. Within these centers, we would suggest a) partnering with peer cyber companies to offer an integrated solution; b) assimilate integration of offense capabilities into legacy defense techniques, tactics, and procedures; c) consistently showcase how your capability can deal with software refresh and 0 day exploits.
Customer and Employee Training. Education is a solid way to concurrently show intellectual prowess, get in front of the customer, create brand loyalty / trust, and recruit new talent. Training curriculum that addresses refresh for 0 days and mission understanding is rare and valuable.
 U.S. House. Committee on Armed Services Subcommittee on Emerging Threats and Capabilities. Statement of General Keith B. Alexander Commander United States Cyber Command. (Date: Mar 2012).