Today Nextgov published an op-ed by Northrop Grumman Vice President and Chief Information Security Officer Michael Papay, HSPI Director Frank Cilluffo, and HSPI Associate Director Sharon Cardash, entitled “Pentagon Needs to Build Cybersecurity into the Acquisition Process.” The piece speaks to the intersection of cybersecurity and DOD acquisition, noting that what is really needed is to embed cybersecurity into our systems, designs, and culture/mindset. The piece offers a 3-pronged plan for moving forward: educate, evangelize, engineer.
In the view of the authors, the above subjects are important, but under-examined; and also timely — especially during National Cybersecurity Awareness Month. Given the complexity of these topics, however, the op-ed is necessarily a topline treatment. For a more in-depth discussion of the challenges at play, see the related Issue Brief, produced jointly by the GW Cybersecurity Initiative and Northrop Grumman.
The Issue Brief explores the nexus of acquisition, components, and cybersecurity — first from the standpoint of potential vulnerabilities, and then from the perspective of remedying of them. The discussion begins in a DOD context, and subsequently expands to include critical infrastructure, and the Internet of Things. The report concludes with a series of action recommendations, targeted to different stakeholders in the defense realm, to bring the acquisition of components into alignment with a robust cybersecurity posture. Read more here.