Procurement is key to security, IT execs say

Procurement officers have the power to significantly improve the security of government IT systems by including software reliability and security requirements in the contracts they award to vendors—and strengthen the country’s cyberinfrastructure in the process.

That key message was hammered home repeatedly at a two-day forum earlier this month hosted jointly by the Defense and Homeland Security departments.

“We have to shift the paradigm from patch management to software assurance,” said Andy Purdy, acting director of DHS’ National Cyber Security Division.

Vendors will not invest in improving the quality of their software of their own volition, said Priscilla Guthrie, deputy CIO and deputy assistant secretary of Defense for networks and information integration. “We’ve got to use acquisition organizations to put together a software assurance policy,” Guthrie said. “We have to get acquisition organizations to work with us to make sure [it’s] part of the way we buy.”

Dan Wolf, information assurance director of the National Security Agency, said improving the quality of software is a matter of national security.

“Our adversaries have made a big point of how information operations are a preferred weapon,” Wolf said, warning that the country’s enemies are focusing on finding ways to infiltrate and take over critical systems.

Alan Paller, director of research at the SANS Institute of Bethesda, Md., added that procurement officers need to include different language regarding software performance, security and reliability in contracts, as the best way to get vendors to take action.

Integrators, Paller said, are of the opinion that, “If it’s in the [Federal Acquisition Regulations] we can ignore it, but if it’s in the contract we do it.”

About the Author

Connect with the GCN staff on Twitter @GCNtech.


  • Acquisition
    network monitoring (nmedia/

    How companies should prep for CMMC

    Defense contractors should be getting ready for the Defense Department's impending cybersecurity standard expected to be released this month.

  • Workforce
    Volcanic Tablelands Calif BLM Bishop Field Office employee. April 28, 2010

    BLM begins move out of Washington

    The decision to relocate staff could disrupt key relationships with Congress and OMB and set the stage for a dismantling of the agency, say former employees.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.