Keep Your System Vehicles Inspected

February 2009

Making sure your computer system satisfactorily goes through Information Assurance (IA) Certification and Accreditation (C&A) is the same as getting your car inspected. It ensures your system meets the official minimum security and IA maintenance standards. It also prevents equipment failures and crashes on the vital and very congested Army information superhighway, the LandWarNet.

C&A builds availability, integrity and confidentiality into every Army system. It ensures the Army’s LandWarNet is a reliable and formidable tool for the warfighter. By eliminating security weaknesses upfront, the system can get into the fight better, faster and with less chance of shutting down or becoming dangerous for its users due to security breaches.

The C&A process is a logical step-by-step progression of tasks. This means it does not work well if a system owner jumps into step three at the last moment without paying attention to steps one and two. Again, it is like taking care of a car. Think about safety during the manufacturing/building stage. Plan to make it safe. Then during the process make sure it has all the protective elements in place and make sure they work. If this is addressed at the start, then the entire C&A process goes a lot more smoothly. Also, keep it maintained so it can pass the same kind of safety checks over its operational lifetime. Taking the time early saves headaches, time and—most importantly—money at the end. 

There are a wide range of cost and time constraints that affect every IT program and system. There never seems to be enough hours or money to get everything done—much like our personal lives. Unfortunately this leads to a “fix it when it breaks” mentality. The problem with that, like a car, it costs even more to repair a system after a breakdown than if the initial inspection and maintenance were performed completely and correctly.

And then there is the issue of enforcement. The local Highway Patrol will prevent you from driving an unsafe vehicle on the road much like IA officials will not allow uncertified systems to be placed on the LandWarNet. The reason is the same: doing these things makes the (cyber) highway more dangerous. Having your system blocked from the LandWarNet until it meets standards is minimally frustrating and, worse, detrimental to mission success.

While system owners are responsible for their cyber vehicles, many of them are not experienced system mechanics. It takes time to come up to speed on the complex and wide-ranging systems used. Yet, also like cars, there are detailed, easy-to-follow manuals and top-notch professional available to help you through the process. (Army personnel can visit https://informationassurance.us.army.mil/ for these resources.)

Ensuring through C&A that a system is protected against intrusion and compromise not only keeps Army operations and lives secure, but offers a peace of mind that allows system owners to focus on other important tasks.

The On Cyber Patrol© cartoon and supporting articles are created and made available by the U.S. Army’s Office of Information Assurance and Compliance, NETCOM, CIO/G6. For more information on the OCP program or to submit ideas for upcoming cartoons/articles, contact oncyberpatrol@hqda.army.mil.

Enjoyed this article? SUBSCRIBE NOW to keep the content flowing.