DOD plans information assurance policy

A comprehensive information assurance architecture should be in place about a year from now, the director of information assurance for the Defense Department said today.

The department has long been pursuing an architecture that it can point to as a model for how problems associated with information assurance can be overcome. Toward that goal, the department will issue four documents in the next four months, said Robert Lentz, DOD's director of information assurance.

"The information assurance architecture is clearly the most important thing we're working on right now," Lentz said. "And these four policy documents will play a very important role in bringing that architecture into being."

The first two, due in a matter of weeks, will be for wireless and what he termed "ports and protocol." The other two policy areas — certification and accreditation and education and training — will follow by early January.

"Wireless is something we've been working on for some time now," Lentz said, speaking this morning at the E-Gov Information Assurance conference. "It's almost ready to go. Ports and protocol should be out in the next six to eight weeks as well."

Ports and protocol represents a fundamental change in thinking about DOD's Computer Network Defense, replacing the philosophy of "deny by exception" with "permit by exception," according to Defense documents.

Perhaps the trickiest policy to be developed so far, Lentz said, is for education and training. While certification and accreditation deals with networks, education and training deals with people.

"We've never done a personnel-oriented policy in information assurance before," he said.

Lentz and his boss, DOD chief information officer John Stenbit, have asserted that the largest security hole in the department's information assurance battle is the people connected to the network. Defense networks have been crippled not necessarily because of malicious intent, but because personnel either weren't trained properly or ignored safety protocols.


  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.