Search

The U.S. Defense Department is shifting its information assurance approach away from denying access to intruders toward surviving intrusions amid operations. This approach acknowledges that cybermarauders—whether mere individual hackers or foreign intelligence operatives—are likely to penetrate defense networks at the worst possible time, and the key to maintaining those networks will be to instill a network resiliency that allows them to operate in less than optimal conditions.

Information security has not kept up with information exploitation as the United States fully embraced the information age. The greater reliance on information systems across the entire breadth of government, military and civilian activities has opened the nation to cyberattacks on its military systems, its vital infrastructure and its economy as a whole.

The preeminence of the expanded use of cyberspace, the desire for more openness in government, and the demands for faster and better information sharing within and among enterprises—particularly in the context of inter-agency and coalition information sharing—have changed fundamentally the demands of information security. The wider reach of our networks and the quest for timely, relevant information have improved decision-making but have made us more dependent on cyberspace and more vulnerable.

For federal chief information officers (CIOs), it is the best of times and the worst of times. The broader, less literary question is: Do CIOs matter?

Network systems are similar to icebergs. Less than 10 percent of their volume is visible to the user of an application. Almost all of the hidden code, measured in hundreds of thousands of lines of logic, is invisible in the operating system, in the database management software, in security safeguards and in communication routines. The problem with such software is that for each application—and the U.S. Defense Department has more than 7,000 major software projects—contractors will develop the hidden coding to suit separate requirements.

At the heart of "DoD Information System Certification and Accreditation Reciprocity" is the policy that if a system owner from any service hands a certified and accredited system to the network owner from any other service, the network owner should have the confidence that putting that system on his or her network will not result in creating information assurance or related vulnerabilities. Can we handle this?

CACI International Incorporated has been awarded a $125 million prime contract to support the U.S.

The U.S.

Science Applications International Corporation (SAIC) has been awarded a task order by the U.S.

The U.S.