[ISN] Information assurance still a tough sell at DOD, ex-official says

From: InfoSec News (alerts@private)
Date: Mon Aug 20 2007 - 22:26:13 PDT


http://www.fcw.com/article103553-08-20-07-Web

By Sebastian Sprenger
August 20, 2007

Despite a growing number of attacks on military networks, securing 
enough money for information assurance programs in the defense budgets 
is still a hard sell at the Defense Department, said Linton Wells, who 
recently left a senior post in the departments Office of the Chief 
Information Officer.

Its been the source of enormous frustration, Wells said in an Aug. 6 
interview, recounting some of the difficulties he faced during his 
four-year tenure in the CIOs office.

Wells left the Pentagon in June to hold the positions of distinguished 
research fellow and force transformation chair at the National Defense 
University in Washington.

Convincing senior budget officials from the services to invest in 
information assurance has been difficult because the results of money 
spent in that area are difficult to measure, Wells said.

Its a tough audience, because what they say is, Show me how this $2 
million you want to put on this is going to turn cell C17 from red to 
yellow to green in 2011,? Wells said. And thats often a hard thing in 
information assurance.

Wells said officials in charge of putting together the budget for the 
security of DODs networks need better metrics for measuring return on 
investment for information assurance programs.

We have not done a good job in making the case that a dollar spent here 
is going to lead to a quantifiable increase there, he said.

John Garstka, a director in the forces transformation and resources 
office under the auspices of the undersecretary of Defense for policy, 
said quantifying the ROI for anything in the information domain is 
difficult. Regarding information assurance programs especially, he said, 
it only comes into play when theres a crisis.


____________________________________
Attend HITBSecConf2007 - Malaysia 
Taking place September 3-6 2007 featuring seven tracks of technical 
training and a dual-track security conference with keynote speakers 
Lance Spitzner and Mikko Hypponen!  -  Book your seats today! 
http://conference.hitb.org/hitbsecconf2007kl/



This archive was generated by hypermail 2.1.3 : Mon Aug 20 2007 - 22:34:08 PDT