DOD Unveils New Strategy to Mitigate System Threats
By Amaani Lyle
American Forces Press Service
WASHINGTON, July 19, 2012 The Defense Department has taken on a holistic, risk-based methodology to safeguard system and network security as part of a new strategy, a senior Pentagon official said recently.
The DOD Trusted Defense Systems Strategy provides an overarching framework for design and delivery of trusted systems with a focus on supply chain threats and minimizing risk exposure, said Principal Deputy Kristen Baldwin, office of the deputy assistant Secretary of Defense for systems engineering.
“In 2009, we received direction from Congress to develop the Department’s strategy to … understand the vulnerabilities in our systems and how we go about mitigating them,” Baldwin said.
The strategy, Baldwin explained, breaks down into four major areas: prioritization of security requirements, comprehensive program protection planning to identify critical components, partnership with industry, and capability enhancement through research and development.
Each of these tenets, Baldwin said, is designed to protect the department’s secure software, hardware and the full complement of systems that rely on networks.
Baldwin also described the associated risks due to the shift from stand-alone to networked systems and the burgeoning number of suppliers and critical components.
The strategy’s crosshairs, she said, lie on nation-state, terrorists, criminal or rogue developers who may exploit vulnerabilities remotely or attempt control of systems through supply chain opportunities.
“We must protect not only technologies we hold sacred but also protect the abilities of that system to function as intended and not be compromised,” Baldwin said, adding that stakeholder integration among acquisition, intelligence, engineering, industry, research communities is key to success and implementation of the strategy.