DOD's market power

The Defense Department's latest effort to strengthen the security of its information systems and networks is largely an economic gambit — and one that will succeed or fail based on the department's ability to follow through on the initial premise.

Beginning July 1, many key commercial software products — including Web browsers, operating systems and databases — must be certified as secure using an international standard known as Common Criteria. If a product fails, it's off-limits to DOD buyers.

DOD is sending a message to two audiences. Ostensibly, the policy is intended to ensure that, on a case-by-case basis, Defense organizations do not buy commercial products that come with security gaps that hackers might exploit.

But the department also is attempting to exercise its considerable buying powers to influence the information technology market. By threatening to ban products that have not been certified, DOD officials are hoping to spur development of more secure software.

Its influence, though not what it was before the last IT market boom, is still significant. Microsoft Corp., among other vendors, has made changes to its core software products to accommodate DOD requirements. Vendors often would rather invest money in making changes than lose millions of dollars of potential business.

But that approach does not guarantee success. For many years, DOD required vendors to have their software certified under the Trusted Computer System Evaluation Criteria. Many vendors, though, were granted waivers, and those who actually invested the time and money to have their products certified found little interest from their customers.

In playing the economic card this time around, the department needs to convince both buyers and sellers that it intends to enforce the policy. If enforcement were lax and loopholes plentiful, contracting officers would quickly resort to old habits. If that happens, and vendors do not see sufficient returns on their investments, they will not play along.

DOD's clout is only as good as its will is strong.

WRITE US

We welcome your comments. To send a letter to the editor, use this form.

Please check out the archive of Letters to the Editor for fellow readers' comments.

Featured

  • Workforce
    Avril Haines testifies SSCI Jan. 19, 2021

    Haines looks to restore IC workforce morale

    If confirmed, Avril Haines says that one of her top priorities as the Director of National Intelligence will be "institutional" issues, like renewing public trust in the intelligence community and improving workforce morale.

  • Defense
    laptop cloud concept (Andrey Suslov/Shutterstock.com)

    Telework, BYOD and DEOS

    Telework made the idea of bringing your own device a top priority as the Defense Information Systems Agency begins transitioning to a permanent version of the commercial virtual remote environment.

Stay Connected