Letter to the editor: Don’t showboat; fund cyber fixes at DoD
Katie Arrington, the former DoD chief information security officer for acquisition and sustainment, says dedicated funding is needed to address long-standing cy...
With all due respect, I take a little bit — no, a lot of umbrage with the article DoD turns up cyber heat on weapons systems development, from Oct. 10. The legacy weapon systems that they are discussing do not have funds available, nor the timelines or the workforce to implement the needed changes. This is why I have been repeatedly asking Congress for funding to do this. Literally asking for years. As part of the leadership over the National Defense Authorization Act (NDAA) 2018 Section 1647 for the assessment of weapon systems, the DoD CIO and the services all said “no” to having a slush fund to repair what we knew we would find. The reason was because any new program that starts, or changes to a program, means a pet project or something critical will stop.
When I was in the department and leading the strategic cybersecurity program (SCP) one of the asks was to have a 10% mark up to fix legacy cyber vulnerabilities. You cannot fix that which you do not have the resources to do so. Let’s not beat up on the programs. Let’s look at who funds those programs.
Let’s take a Navy carrier, for example. You cannot repair a cyber vulnerability at sea. You have to wait until that carrier comes to port for maintenance. And, oh, by the way, no two navy carriers are the same since they are built completely differently with different software loads, different updates etc., so to make broad statements like this are just showboating.
Zero trust will take at least 10 years to implement because once a system goes through an acquisition milestone you cannot go backwards. That is why we needed to start with a baseline of “this will be the day that zero trust and cybersecurity will be the basis of all programs.” But to look at legacy systems and understand the complexity of the broad statements made in this article are detrimental to the morale of the warfighter, the morale of the defense industrial base and it only gives the adversaries fuel to their fire.
-Katie Arrington, the former DoD chief information security officer for acquisition and sustainment
Letter to the editor: Don’t showboat; fund cyber fixes at DoD
Katie Arrington, the former DoD chief information security officer for acquisition and sustainment, says dedicated funding is needed to address long-standing cy...
With all due respect, I take a little bit — no, a lot of umbrage with the article DoD turns up cyber heat on weapons systems development, from Oct. 10. The legacy weapon systems that they are discussing do not have funds available, nor the timelines or the workforce to implement the needed changes. This is why I have been repeatedly asking Congress for funding to do this. Literally asking for years. As part of the leadership over the National Defense Authorization Act (NDAA) 2018 Section 1647 for the assessment of weapon systems, the DoD CIO and the services all said “no” to having a slush fund to repair what we knew we would find. The reason was because any new program that starts, or changes to a program, means a pet project or something critical will stop.
When I was in the department and leading the strategic cybersecurity program (SCP) one of the asks was to have a 10% mark up to fix legacy cyber vulnerabilities. You cannot fix that which you do not have the resources to do so. Let’s not beat up on the programs. Let’s look at who funds those programs.
Let’s take a Navy carrier, for example. You cannot repair a cyber vulnerability at sea. You have to wait until that carrier comes to port for maintenance. And, oh, by the way, no two navy carriers are the same since they are built completely differently with different software loads, different updates etc., so to make broad statements like this are just showboating.
Zero trust will take at least 10 years to implement because once a system goes through an acquisition milestone you cannot go backwards. That is why we needed to start with a baseline of “this will be the day that zero trust and cybersecurity will be the basis of all programs.” But to look at legacy systems and understand the complexity of the broad statements made in this article are detrimental to the morale of the warfighter, the morale of the defense industrial base and it only gives the adversaries fuel to their fire.
-Katie Arrington, the former DoD chief information security officer for acquisition and sustainment
Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.
Related Stories
DoD CIO turns up cyber heat on weapons systems development
Want to know more about weapons systems cyber protection? There’s a webinar for that
Protecting weapons systems against cyber attack: It’s all about resilience