Support the commanders

The government has been criticized for mismanaging just about every aspect of its business. But one near the top, if not at the top, of the list of government trouble spots has to be information security.

So it should be no surprise that the Defense Department, one of the more challenged agencies in securing its information systems, proposed a rather bold plan to lock them down. DOD directive 8500.2 makes commanders responsible for the security of the information systems under their authority.

For commanders, who may lack much information technology experience, the added responsibility could be unsettling, especially because many DOD information systems are vulnerable. A House subcommittee late last year gave the department an F for its information security management. DOD could take solace in the fact that 13 of the 23 other agencies the subcommittee graded also received an F.

The new policy could be viewed as a way to shift the accountability for, and therefore the criticism of, information security out of the Pentagon. In the future, commanders will have to answer for poor security.

However, the new directive places the responsibility for security closer to the source — with the person in charge.

But the key to making the directive work is giving DOD personnel the skills needed to secure the systems. The directive calls for DOD to provide employees with the proper security training and education. The risk here is that, as in many other training efforts, the actual education will not be properly managed, given a high enough priority or fully funded. That would be a tragic mistake, especially if commanders are held accountable for the Pentagon's mistakes.

As the policy states, DOD "has a crucial responsibility to protect and defend its information and supporting information technology." If that is accurate, DOD also has a crucial responsibility to support its commanders and IT professionals by giving them the best training and education so they can do the best job. n


  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.