DOD's market power

The Defense Department's latest effort to strengthen the security of its information systems and networks is largely an economic gambit — and one that will succeed or fail based on the department's ability to follow through on the initial premise.

Beginning July 1, many key commercial software products — including Web browsers, operating systems and databases — must be certified as secure using an international standard known as Common Criteria. If a product fails, it's off-limits to DOD buyers.

DOD is sending a message to two audiences. Ostensibly, the policy is intended to ensure that, on a case-by-case basis, Defense organizations do not buy commercial products that come with security gaps that hackers might exploit.

But the department also is attempting to exercise its considerable buying powers to influence the information technology market. By threatening to ban products that have not been certified, DOD officials are hoping to spur development of more secure software.

Its influence, though not what it was before the last IT market boom, is still significant. Microsoft Corp., among other vendors, has made changes to its core software products to accommodate DOD requirements. Vendors often would rather invest money in making changes than lose millions of dollars of potential business.

But that approach does not guarantee success. For many years, DOD required vendors to have their software certified under the Trusted Computer System Evaluation Criteria. Many vendors, though, were granted waivers, and those who actually invested the time and money to have their products certified found little interest from their customers.

In playing the economic card this time around, the department needs to convince both buyers and sellers that it intends to enforce the policy. If enforcement were lax and loopholes plentiful, contracting officers would quickly resort to old habits. If that happens, and vendors do not see sufficient returns on their investments, they will not play along.

DOD's clout is only as good as its will is strong.

WRITE US

We welcome your comments. To send a letter to the editor, use this form.

Please check out the archive of Letters to the Editor for fellow readers' comments.

Featured

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.