Information assurance still a tough sell at DOD, ex-official says

Despite a growing number of attacks on military networks, securing enough money for information assurance programs in the defense budgets is still a hard sell at the Defense Department, said Linton Wells, who recently left a senior post in the department’s Office of the Chief Information Officer. “It’s been the source of enormous frustration,” Wells said in an Aug. 6 interview, recounting some of the difficulties he faced during his four-year tenure in the CIO’s office. Wells left the Pentagon in June to hold the positions of distinguished research fellow and force transformation chair at the National Defense University in Washington. Convincing senior budget officials from the services to invest in information assurance has been difficult because the results of money spent in that area are difficult to measure, Wells said. “It’s a tough audience, because what they say is, ‘Show me how this $2 million you want to put on this is going to turn cell C17 from red to yellow to green in 2011,’” Wells said. “And that’s often a hard thing in information assurance.” Wells said officials in charge of putting together the budget for the security of DOD’s networks need better metrics for measuring return on investment for information assurance programs. “We have not done a good job in making the case that a dollar spent here is going to lead to a quantifiable increase there,” he said. John Garstka, a director in the forces transformation and resources office under the auspices of the undersecretary of Defense for policy, said quantifying the ROI for anything in the information domain is difficult. Regarding information assurance programs especially, he said, “it only comes into play when there’s a crisis.”