U.S. Defense Department networks will need to operate with the minimum security available as connectivity and the threat picture evolve, said a top defense official. Terry Halvorsen, acting Defense Department chief information officer, minced no words as he described how tight budgets are limiting options across the board.
“I want for all these networks, the minimum level of security to get the mission done,” Halvorsen declared. “If we try to do the best security everywhere, we will not get to what we want. We don’t have the money; we don’t have the time.”
Speaking at the Wednesday luncheon at the AFCEA International Cyber Symposium, being held June 24-25 in Baltimore, Halvorsen noted, “The minimal level security we do today will be different from the minimum level security we have two years from now.” And, he added, the department “absolutely has to know what it costs. If we don’t know what things cost, we won’t be able to fund them.”
Halvorsen also noted the difficulty in establishing effective security standards. It is easy to set new security requirements that apply to a clean slate, he observed, but, that is a problem in the Defense Department, where most of the information technology is legacy. “We have to establish a minimum level for legacy systems that is effective and that we can achieve today,” he stated.