Acquisition, Funding Complicate Defense Information Security Efforts

Risk must be weighed against cost for future military security procurements, according to panelists at West 2012 in San Diego. Not only must planners consider that basic tradeoff for incorporating security, they also must do battle with an outmoded acquisition system and new capabilities that are changing the nature of the cyber threat. While calling for balance in security cost versus risk, Department of the Navy Chief Information Officer Terry Halvorsen also admitted that no one-whether in government or in industry-is good at truly quantifying the cost effectiveness of security measures. Neither does the government know exactly what it spends on accreditation certification, but that amount is growing every day, he noted. Rear Adm. Patrick H. Brady, USN, commander, Space and Naval Warfare Systems Command, also endorsed the concept of balancing risk and cost, but he added that customers need to be sure that they are buying the right products. He called for a move away from the consumption mindset in which organizations are incentivized to spend their allocated funds. In addition to focusing on combat readiness, security acquisition efforts also must have the correct contracting strategies and can sustain competition throughout the lifetime of the product.