The Third Offset and a Fifth Domain? Balancing Game-Changing Innovation and Cyber Risk Mitigation

Abstract: Cyber has changed the scope of the national security mission and is placing new strains on our diplomatic, warfighting, legal, and economic/budgetary processes. Cybersecurity processes and techniques are increasingly critical to our warfighting missions, but they can also inhibit the pace and potential for high impact, game-changing innovation. Throughout its history, the Navy has shown the ability of innovation (in policy, process, and technology) to change the game when our security is on the line. We believe the Navy is capable of dramatically impacting not only the U.S. capabilities in cyber conflict and information operations, but also in cyber defense and information assurance, as well as cybersecurity for our society. While cyber risk management is challenging, the transition from DoD Information Assurance Certification and Accreditation Process (DIACAP) to the Risk Management Framework (RMF) has the potential to harmonize our cybersecurity efforts with our need (and demonstrated ability to provide) for game-changing strategies, tactics, and technologies. We offer a foundation for the foregoing assertions and recommendations on ways to encourage innovation in the context of effective cyber risk management.