Balancing DOD's security, tech needs

At a time of such heightened awareness of the security risks associated with technology, no one seemingly would advocate allowing users to disregard security policies in the interests of buying cheaper, faster commercial computers. But many Defense Department organizations have found themselves needing to do just that.

The problem stems from the growing gap between DOD's security policy and the rapid rate at which Defense agencies are deploying new technology. According to a 1988 directive, DOD users must buy commercial products that have been evaluated by the National Security Agency and designated as trusted computer products, with most programs requiring a basic C2 rating. But the evaluation process is a lengthy one, and often several new versions of a product will hit the market by the time the original evaluation is complete.

Always an inconvenience, this disconnection between policy and technology has become simply unworkable for many users across DOD. The services in particular recognize that fielding the latest technology enables them to launch new and more powerful applications often at a lower cost than previously possible.

For example, the Navy is looking to shift many of its command and control applications to Microsoft Corp.'s Windows NT operating system, yet only one version of the product, now outdated, has been C2-certified. To protect its systems, the Navy has developed its own Windows NT security configuration guidelines that the other services might adopt.

Clearly, many DOD users will deal with security responsibly, but the situation is otherwise untenable. The rapid rate of change is part of the very nature of the technology embraced by the department. DOD, like all agencies, must always balance the need to maintain standards with the need to buy and deploy the latest technology.

DOD must take steps to craft and enforce new security policies that allow the services to keep pace with technology without compromising the security of their systems.


  • Comment
    Pilot Class. The author and Barbie Flowers are first row third and second from right, respectively.

    How VA is disrupting tech delivery

    A former Digital Service specialist at the Department of Veterans Affairs explains efforts to transition government from a legacy "project" approach to a more user-centered "product" method.

  • Cloud
    cloud migration

    DHS cloud push comes with complications

    A pressing data center closure schedule and an ensuing scramble to move applications means that some Homeland Security components might need more than one hop to get to the cloud.

  • Comment
    Blue Signage and logo of the U.S. Department of Veterans Affairs

    Doing digital differently at VA

    The Department of Veterans Affairs CIO explains why digital transformation is not optional.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.