By Chuck Brooks, President of Brooks Consulting International
Throughout my career in both government and industry, I have been a strong proponent of the role of small business to be able to create innovative solutions for national security and homeland security. The success of the science and technology innovation supply chain requires public/private cooperation and every level of business—large, medium, and small. In fact, historically, some of the best ideas and security solutions have come from the creative and agile approaches by small businesses. On this vital topic, I had the opportunity to interview Kelley Kiernan, the chief technology officer of the Department of the Navy’s Small Business Innovation Research Program and the director of the Blue Cyber Initiative. Kelley is a gifted public speaker and educator, as well as a scientist and engineer for AFWERX at the Air Force Research Lab in Dayton, Ohio.
Chuck Brooks will be an introducer and panel moderator at GovCon Wire’s Defending the Homeland: Science & Technology Forum. The event, happening virtually tomorrow, April 18, will center the voices of executives from top government agencies and the private sector to investigate how S&T can best be wielded to enhance national security. You don’t want to miss it! Register here.
Brooks: Can you tell us about the mission of Blue Cyber?
Kiernan: Chuck, the Blue Cyber Initiative is funded by the Department of the Navy’s Small Business Innovation Research Program, which is an arm of the Small Business Administration’s $4 billion America’s Seed Fund program. Bob Smith is the leader at Department of Navy who enables this great — and always free and open to the public — program consisting of:
- Daily office hours for small businesses to seek resources for their cybersecurity journey.
- A weekly Small Business Cybersecurity Ask-Me-Anything webinar.
- A monthly six-hour, soup-to-nuts bootcamp on small business cybersecurity.
- A beautiful Blue Cyber website with all of our events, 30 small business cybersecurity presentations and 10 state-of-the-art videos to inform small businesses on the concepts and practices for robust cybersecurity.
Blue Cyber is a radical, early partnership between the Department of the Navy and small business contractors supporting them as they bake in robust cybersecurity and a culture of information protection. Blue Cyber is profound support to U.S. small businesses with free, public events each week. Blue Cyber reached over 11,000 small businesses in FY22 and we are on track for another great year supporting small business cybersecurity at the Department of the Navy.
It is quite novel that the Department of Defense would conduct this type of outreach. Tell us about the backstory of Blue Cyber’s inception.
Well, this is a good news story if there ever was one. And this is a good time for me to state that “the views presented are mine and do not necessarily represent the views of DoD or its Components.” As the CTO of the Department of the Air Force Small Business Innovation Research Program responsible for analyzing the over 7,000 technologies in that program’s portfolio, I spoke with many of the research small businesses. They all had cybersecurity or information protection questions. Although it had never been done, I asked the Air Force chief information security officer if I could conduct outreach to these firms on a weekly basis. Dr. Wanda Jones-Heath, the then-Department of the Air Force chief information security officer said “yes” in 2021 and her willingness to support an initiative to take cybersecurity outreach to the customer, with only an outreach goal, was a risk that led to two years of daily support of U.S. small business cybersecurity by the Blue Cyber Initiative. It was such a bold move!
How does Blue Cyber help small businesses?
Blue Cyber answers basic cybersecurity questions, provides educational material on cybersecurity concepts, such as encryption and cybersecurity standards. As mentioned, Blue Cyber also has daily office hours to listen to the small business’ struggles on their journey to protect their intellectual property and financials, and sometimes, sensitive Department of Defense information. Blue Cyber ferrets out the grants and free services being offered mostly by state entities, such as the Procurement Technical Assistance offices and National Institute of Standards and Technology Manufacturing Extension Program Centers in each state and refers the small businesses to these resources. The Blue Cyber website is here: https://www.safcn.af.mil/CISO/Small-Business-Cybersecurity-Information/.
What is the major challenge to U.S. small business creating robust cybersecurity?
Those companies who need to protect their intellectual property and/or DOD controlled unclassified information need professional information technology or cybersecurity service/staff to implement the NIST standard. But 70 percent of these companies have less than 30 employees, so they don’t have IT staff. This gap this means our micro-small businesses struggle to implement a sophisticated, comprehensive cybersecurity standard. A consultant is not the same as staff when it comes to daily cybersecurity culture and program maintenance tasks. We need a solution designed to embrace our contractor partners and fully support small businesses in a compliant environment; allowing DoD contractors to work at applying their genius to innovate, research and create the next great thing.
What are the innovations in this space?
The chief innovator in this space is the DAF CISO, Aaron Bishop. Bishop provides inspiring leadership creating new paths to cybersecurity for the Department of the Air Force airmen and guardians and their contractors; he’s changing cybersecurity.
The primary innovation in this space is a grassroots workforce innovation. There are a few quarter-time cyber engineers out there who will join a U.S. small business and work closely with them and their budget moving them forward on their cybersecurity journey; this is a comprehensive creation/sustainment solution we have seen from Indiana University. We’ve also seen the wonderful CASCADE program from the California Governor’s Office which puts community college cybersecurity interns, with reach-back to their college cyber staff, into DOD-supported small businesses. Our U.S. small businesses are working technology solutions to our toughest problems, and we need to innovate with them for a cyber solution providing an affordable comprehensive secure environment.
If I were to start a new business or product line to help small business, what would that business model look like?
It would look like a facilitated, comprehensive, secure environment like the one I get to use each day or a “Quarter-time Cyber Engineers R US” product. This would provide the administrative/daily maintenance of a cybersecurity culture and the missing comprehensive professional cybersecurity support/staff married to the success of that small business. It is vital to find a comprehensive solution including the workforce to sustain the maintenance and protection of the small business’ intellectual property and DoD sensitive data/networks. Don’t just set them up for success, Chuck — see them through!
What is the future for Blue Cyber?
Blue Cyber was so successful at providing outreach to U.S. small businesses at the Department of the Air Force that the Department of the Navy SBIR Program asked to sponsor it for a year. Blue Cyber’s radical cybersecurity outreach on a near-daily basis and availability for consultation every week has proven to be a highly effective and novel model for US Small Business ecosystem support. All of our events are on www.sbir.gov/events.
The Department of the Navy SBIR program makes small business cybersecurity support truly available to our contractors and potential contractors; we know Blue Cyber is good for the nation.
Kelley, thank you for sharing both your insights and advice, and for a very informative discussion on the importance of the small business ecosystem and its impact on innovation and cybersecurity.
Be sure to tune in tomorrow when Brooks leads another dialogue with important federal change-makers: GovCon Wire’s Defending the Homeland: Science & Technology Forum. Register here for this exciting event.