TechNet Asia-Pacific 2009—SIGNAL's Online Show Daily
Quote of the Day:
“This is war, and we’re up against the largest standing army there ever has been.”—Rear Adm. Gib Godwin, USN (Ret.), vice president, Northrop Grumman
The problems presented by information technology acquisition pale in comparison to those of cybersecurity acquisition. Challenges range from rapidly changing requirements to outmoded criteria for the security workforce. And, these challenges coalesce agains the backdrop of an ever-increasing cyberspace menace that is growing in both size and sophistication.
Those points were discussed by panelists in the opening session of TechNet Asia-Pacific 2009, being held in Honolulu, Hawaii, November 2-5. The only event of the first day was a four-hour acquisition seminar titled “Cyber Security—Its Acquisition and Environment.”
Federal spending on cybersecurity is expected to grow dynamically over the next five years, according to Kathleen Miller, director of procurement and logistics, DISA, chief, Defense
Money alone won’t solve the myriad problems in cyber acquisiton. Rear Adm. Gib Godwin, USN (Ret.), vice president, Northrop Grumman
The retired admiral noted that every dollar we spend in cybersecurity is a dollar we aren’t spending on defense or some other application. And, because cybersecurity is based on the threat, defensively we’ll always be a step behind. “Lock up the valuables the way Walmart does—lock up the iPods and leave the dog food out there to be stolen,” he analogized.
Much of the challenge is defined by the constantly changing nature of the threat. That cyberthreat army includes youngsters, thieves, terrorists and government agents. They are getting smarter every day, Adm. Godwin said, noting that botnets are growing in effect and sophistication. About 170,000 zombie computers in 74 countries took part in the July 4, 2009. cyberattacks. And, 2800 new codes are created every day.
To provide effective cybersecurity, we must be bigger, faster and smarter. “Unfortunately, the acquisition process is none of these,” he said, noting that it is limited, slow and inflexible.
Leanne Hurley, senior associate, Booz Allen Hamilton, warned that contract vehicles tend to be focused narrowly. Saying that “Cybersecurity is a team sport,” Hurley pointed out that cyber requires contracts that cover broader multiple disciplines. The same holds true for expertise. For example, technical people must understand command and control relationships because everything is interconnected.
And, the cybersecurity workforce has considerable problems of its own. The definitions of the cybersecurity workforce are outdated and need to be revamped, according Hurley. We don’t know who and what we have in the cybersecurity workforce, she said, pointing out that one security job description dates back to 1980 and people are being hired by its criteria. Government needs to do a better job of characterizing cybersecurity jobs both to staff the workforce and to know who and what are in that workforce.