Home » CCHS in the News » New op-ed and report on cybersecurity and DOD acquisition

New op-ed and report on cybersecurity and DOD acquisition

Today Nextgov published an op-ed by Northrop Grumman Vice President and Chief Information Security Officer Michael Papay, HSPI Director Frank Cilluffo, and HSPI Associate Director Sharon Cardash, entitled “Pentagon Needs to Build Cybersecurity into the Acquisition Process.” The piece speaks to the intersection of cybersecurity and DOD acquisition, noting that what is really needed is to embed cybersecurity into our systems, designs, and culture/mindset. The piece offers a 3-pronged plan for moving forward: educate, evangelize, engineer.

In the view of the authors, the above subjects are important, but under-examined; and also timely — especially during National Cybersecurity Awareness Month.  Given the complexity of these topics, however, the op-ed is necessarily a topline treatment. For a more in-depth discussion of the challenges at play, see the related Issue Brief, produced jointly by the GW Cybersecurity Initiative and Northrop Grumman.

The Issue Brief explores the nexus of acquisition, components, and cybersecurity — first from the standpoint of potential vulnerabilities, and then from the perspective of remedying of them. The discussion begins in a DOD context, and subsequently expands to include critical infrastructure, and the Internet of Things. The report concludes with a series of action recommendations, targeted to different stakeholders in the defense realm, to bring the acquisition of components into alignment with a robust cybersecurity posture. Read more here.

1 Comment

  1. Even more confirmation on the need for securing vital information systems in today’s growing cyber security world. Cyber security threats are going to continue to grow in the coming years, so it’s highly essential that companies start securing their entire digital infrastructure, which begins by putting in place information security policies and procedures, provisioning and hardening of such systems, and then undertaking comprehensive security awareness training for employees. Call it the 3-point stance for protecting your organization. The problem is that most companies have (1). Outdated policies (2). Don’t have formalized procedures and checklists for hardening their information systems, and (3) do little or nothing when it comes to security awareness training. This won’t cut it in today’s world, so it’s time to get serious about information security.

Comments are closed.