What Needs to Change?
Chris Gunderson of the Naval Postgraduate School posited some interesting ideas during yesterday afternoon's plenary sessions about why everyone keeps hearing the same things about changes that need to be made. Certain things, he suggested, we should just acknowledge and move past.
Chris Gunderson of the Naval Postgraduate School posited some interesting ideas during yesterday afternoon's plenary sessions about why everyone keeps hearing the same things about changes that need to be made. Certain things, he suggested, we should just acknowledge and move past:
- Gunderson believes that we have all the policy we need; we don't need to add more policy.
- He added that there is a federation issue. If you can't federate systems, you can't be netcentric.
- Considering the engineering and boundary perspectives, engineers just can't bolt on security after the fact--have to make sure it's in up front. David Minton of Raytheon, who partnered with Gunderson to create the World Wide Consortium for the Grid, explained this with a metaphor: Safety is built into commercial airplanes, because the models they are based on are built to high-end specifications. To make airplanes (or airlines) affordable for consumers, engineers have to consider what to take out, and it won't be the safety features. Minton said this model can help us understand how to put security in the enterprise.
- Resonating with other panels at SOLUTIONS, Gunderson emphasized that there isn't not a technology issue anymore. Service-oriented architecture, cloud technology, and open source communites can get us there.
- However, given facts of life with regard to scale, time and cost, there is no way to get there from here, as he put it, outside "Main Street." Many times, the solutions we need are already on the shelf.
- Gunderson advocated for an integrated perspective in which the acquisition model is not segregated from the command and control it supports. "Continuing improvement of business is part of C2," he said.