Mitigating risk to DOD information networks by improving network security in third-party information networks
Kansteiner, Michael J.
Buettner, Raymond R.
MetadataShow full item record
Poorly defended third-party information networks can act as an attack vector for cyber attackers to successfully breach larger and more robustly defended information networks. Therefore, third-party networks connecting to Department of Defense (DOD) information networks may pose a significant risk to the DOD. The DOD has attempted to alleviate this risk to its networks by requiring covered defense contractors to meet certain network security standards and by initiating a cyber threat information sharing program: the DOD Defense Industrial Base (DIB) Cyber Security/Information Assurance (CS/IA) Program. However, these DOD actions are not aggressive enough to adequately mitigate this risk to DOD networks. To adequately address this problem, an expanded and more aggressive incentive-based program is required. Existing federal government, incentive-based programs were analyzed as potential exemplars from which to build a new incentive-based network security program. The Department of Homeland Security's (DHS's) Safety Act Program was ultimately chosen as the primary exemplar. Using this model, an Enhanced DOD CS/IA Program was designed to offer the DOD a system that can influence the improvement of third-party network security through a structure of synchronized network security controls and incentives. By implementing the proposed DOD Enhanced CS/IA Program to improve the network security of third-party networks that connect to DOD networks, the DOD can better mitigate the risk of cyber attacks to its own networks.
RightsThis publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.
Showing items related by title, author, creator and subject.
Naval Postgraduate School Center for Homeland Defense and Security (CHDS) (Monterey, California. Naval Postgraduate SchoolCenter for Homeland Defense and Security, 2008-06);June 2008. How do we define “homeland security?” Is it best addressed at a local, state, or national level? These are the underlying questions posed by our authors in this issue of Homeland Security Affairs. In “What is ...
Falby, Naomi; Thompson, Michael F.; Irvine, Cynthia E. (IEEE, 2004-06-00);The Center for the Information Systems Studies and Research (CISR) at the Naval Postgraduate School has established a broad program in computer and network security education. The program, founded on a core in traditional ...
Naval Postgraduate School Center for Homeland Defense and Security (CHDS) (Monterey, California. Naval Postgraduate SchoolCenter for Homeland Defense and Security, 2007-09);September 2007. Six years after the attacks of 9/11, the practice and discipline of homeland defense and security have evolved and matured, moving into an era of self-evaluation. The essays and articles in Volume III, Issue ...