Print
Email
Home
>
Early Warning Blog
>
Lexington Study: Picking The Wrong Cybersecurity Providers Could Be Fatal
Archives
Current
May 2013
April 2013
March 2013
February 2013
January 2013
December 2012
November 2012
October 2012
September 2012
August 2012
July 2012
June 2012
May 2012
April 2012
March 2012
February 2012
January 2012
December 2011
November 2011
October 2011
September 2011
August 2011
July 2011
June 2011
May 2011
April 2011
March 2011
February 2011
January 2011
December 2010
November 2010
October 2010
September 2010
August 2010
July 2010
June 2010
May 2010
April 2010
March 2010
February 2010
January 2010
December 2009
November 2009
October 2009
September 2009
August 2009
July 2009
Recent
Bin Laden Quote Makes The Case for Air Power
Pentagon Reduces F-35 Cost Estimate $4.5 Billion
Global Power, Global Reach Is The Air Force
Asking The Right Questions About Active/Reserve Mix
Why Defense Stocks Are Going Up
Three Challenges For Air Force 2023
Huntington Ingalls May Be The Safest Bet In The Defense Sector (From Forbes)
BBP 2.0 Mostly Old Whines In A New Bottle
The Air Force’s Self-Imposed Identity Crisis
Huge Northrop Grumman Stock Buyback Will Boost E.P.S. For Years To Come
Blaming The Military For Society's Problems
The E-2D Advanced Hawkeye Will Empower Integrated Fire Control
F-35 International Sales Will Reinforce U.S. Asia-Pacific Pivot
The Bottom Line On Cutting Defense-Industry Compensation: You Get What You Pay For
Army Move To Slash Warfighter Network Sows Confusion On Priorities
Value Of Alliances Demonstrated In Persian Gulf Naval Exercise
Budget Cuts Are Killing Military Preparedness (From Forbes)
Fire Extinguishers In Tiananmen Square
Gun Control Turns Into The Biggest Mis-Step Of Obama's Presidency
NATO's Secretary General Bangs The Tin Cup
The Air Force Is In Much Better Shape Than It Seems
Is China Building A “Use It Or Lose It” Military?
Goure Nails It: China Can't Compete At The Cutting Edge
It’s McDonald's One, China Zero
British Test Pilot On Vertical Takeoff F-35: "A Joy To Fly"
Right Wing Assault On Ex-Im Bank Threatens U.S. Exports, Jobs (From Forbes)
Is China A Great Power?
A Credible Successor to the Army’s Kiowa Helicopter Begins to Emerge
Sequestration Begins To Bite For House Supporters
U.S. Revamps Missile Defense Policy
Head Of Pentagon IED Office Sees Boston Bombs As Part Of A Pattern (From Forbes)
Tags
14 Ohio-class SSBNs 2011 budget 2012 Election 450 Minuteman III ICBMs 50/50 737 787 787 Dreamliner A&D A2/AD A320 A330 AA/AD AAV ABL Abram Acquisition Reform Acquisitions ADAS ADS Advanced Distributed Aperture System Advanced Hawkeye AEA Aegis AEHF Aerostat AESA Afghan surge Afghanistan Agility Aging Air Fleet AgustaWestland AH-1Z Air Defense Air Dominance Air Force Air Force Modernization Air France Air Logistics Center Air Logistics Centers Air Mobility Air National Guard Air Power Air Superiority Airborne ISR airborne laser airborne surveillance Airbus Aircraft Carrier Aircraft Carriers Airlift Airpower AirSea Battle Al Qaeda Alliances Alliant Techsystems Allies Alternate Engine Al-Yamamah American Enterprise Institute America's Future Ammunition Industrial Base Amphibious amphibious warfare AMPV AMT Anniston Anti-Access Anti-Access/Area Denial Apache APL ARFORGEN ARG Armored Vehicles Arms Control Arms Sales Arms Transfers Army Arnold Punaro Arrow Ashton Carter Asia Asia- Pacific Asia-Pacfic Pivot Asia-Pacific Asia-Pacific Pivot Asia-Pacific Region Asia-Pacific Strategy Assymetric Warfare AT-6 ATK AUSA Austal Australia AW609 AWACS B-52 Babcock & Wilcox BAE Systems BAE-EADS bail out Bain Capital BAMS Barack Obama Barbero Bath Iron Works BBP BCA Bechtel Beechcraft Benghazi Better Buying Power Bin Laden Bio-Engineering Biofuel Biohacker Biotechnology Black Hawk Blackhawk Bloomberg Bloomberg Business News BMD BMDR Boeing Bombers Boston BRAC Bradley Bradley Fighting Vehicle Britain British Military British Ministry of Defense Brookings Institution Brown budget Budget Control Act Budget Debate Budget Deficit Budget Drills Byron Callan C-130 C-17 C-2 C-5M CAPE Cargo Containers Cargo Screening Carrier Strike Group carriers CENTCOM Central Africa CH-47 Chabraja Chief Executive Officer China Chinook helicopter Chuck Hagel CIRCM climate change closing tank plant Cluster Bombs Cluster Munitions Coast Guard Collaborative Defense Comanche helicopter Commercial Space Common Infrared Countermeasures Common Vertical Lift Support Platform Communications Competitive Engagement Competitiveness Computer Sciences Corporation Concurrency Conflicts of Interest Congress Consolidation Constellation Contingency Support Contractors Continuing Resolution Contract Services Contracting Core Corzine cost Counterinsurgency Counterterrorism CRH Critical Enablers Critical Infrastructure Crowdsourcing Crusader artillery CSAR CTF Customer Pay CVLSP CVN CVN-78 CVN-91 Cyber cyber attack cyber defense cyber offense Cyber Security Cyber Threats Cyber Warfare Cybersecurity Cyberwar Cyberwarfare DARPA DB-110 DCAA DDG 1000 DDG-1000 DDG-51 debt Debt Agreement Defense Acquisistions Defense Acquisition System Defense Acquisitions Defense Budget Defense Business Board Defense Contract Requirements Defense Contractors Defense Contracts Defense Cuts Defense Downturn Defense Drawdown defense funding cut Defense Industrial Base Defense Industry Defense Planning Defense Priorities Defense Procurement Defense Sector Defense Spending Defense Stocks Defense Strategy Defense Weather Satellite System deficit Deficit Debate Deficit Reduction Delta Delta Air LInes Democrats Democrats & Defense Department of Defense Depot Depot Maintenance Depots Deputy Secretary Of Defense deterrence Detroit Arsenal Tank Plant DHS Dick Cheney Diversification DLA DOJ Donald Rumsfeld Dong Feng Dreamliner Drive down cost Drone Drones DRS Technologies DWSS DynCorp E-2 E-2D E-3 EA-18G EADS EASE Economic Growth Economic Recovery Economy Efficiency Drive Efficiency Initiative EFV Egypt EH101 EH-101 Elections Electric Grid Electric Power Grid Electronic Attack Electronic Warfare EMARSS energy security Energy Strategy Environmentalism EOTS EPA EPAA Erin Moseley ERP EU euro crisis Europe European Union eurozone EW Excaliber Exelis Ex-Im Bank Expeditionary Fighting Vehicle Export Controls Export Financing Export-Import Bank F/A-18 F117 F-15 F-16 F-22 F-35 F-35 engine F-35B FAA Fairfax County Fajr 5 rocket FCS Federal Reserve Fighter Sales Fincantieri Finmeccanica Fire Fighting Fire Resistant Environmental Ensemble fiscal cliff FMS FMTV Force Posture Force Protection Force Readiness Force Structure forcible entry Ford class Foreign Arms Sales Foreign Military Sales Forest Service Franco-British security FREE free speech Free Trade Future Combat System Future Combat Systems future warfare Gaddafi Gadhafi GAO Gates Gaza GBI GCV GE GEN III General Dynamics General Electric General Martin Dempsey General Mattis General McChrystal General Odierno General Schwartz GFE GISP Global Hawk Global Influence Global Strike Global Zero GMD GMR Goldman Sachs Gordon England Gorgon Stare Government Accountability Office GPS III Great Britain Greece Greyhound Ground Based Interceptor Ground Combat Vehicle Ground Mobile Radio Gun Control guns versus butter Hagel Hal Rogers Hamas Handheld Manpack Radio Hapag-Looyd HASC Hawker Beechcraft Hawkeye Healthcare Helicopters Heritage Foundation HH-60G High-Speed Rail HMS Homeland Defense Homeland Security Homeland Security Air Fleet Hu Jintao Human Spaceflight Humvee Huntington Ingalls Hybrid Drive Hybrid Strategies Hybrid Threat Hybrid Threats hybrid warfare Hypersonic Hypoxia ICBM IED Immelt Improvised Explosive Devices Incremental Funding India Industrial Base Industrial Policy Inherently Governmental Insitu Insourcing installations abroad Integrator Intellectual Property Intelligence Community IR&D Iran Iran Sanctions Iraq Iron Dome ISR Israel IT Providers ITT ITT Corporation ITT Defense J-20 Jacksonville Jammer Jammers Japan Jay Johnson Jay L. Johnson Jeffrey Immelt Jet Engines JFCOM JIEDDO JLENS JLTV Jobs Bill Joint Chiefs of Staff Joint Forces Command Joint Heavy Lift Joint Operating Environment Joint Stars Joint Strike Fighter Joint Tactical Radio System Jones Act JSTARS JTRS KBR KC-45 KC-46 KC-X Kent Kresa Kiowa Kiowa helicopter Korea L-3 Communications LAAR Lake City Larry Prior LAS LCAAP LCS LEMV Leon Panetta Libya Lieberman Life Cycle Costs Light Air Support Lima Lima Army Tank Plant Linda Gooden Linda Hudson lithium-ion batteries Littoral Combat Ship Lockheed Martin Logistics Long Endurance Multi-Intelligence Vehicle (LEMV) LRS LUH Lynn M1 M-1 Mabus Maersk maintenance MANPAD ManTech manufacturing Marillyn Hewson Marine Corps Marine Highway Initiative Marine One Marines Marinette Maritime Transport Mars Massachusetts M-ATV McNerney MDA MEADS MECV merger MEU MH-60 Michael O'Hanlon Middle East Middle East Unrest Mid-term election Military Military Communications military cuts Military Depots Military Electronics Military Pension Military Preparedness Military Readiness Military Retirement System Military Satellites Military Space Military Spending Military Strategy Military Vote Mine Countermeasures Mine Warfare Missile Defense Missile Defense Agency Missile Security Missile Tracking Satellite Mitt Romney MMPDS Modernization MPC MQ-9 MRAP MRC MRO Multiyear Contract Multiyear Procurement MV-22 NABCO NASA National Defense National Guard National Intelligence Estimate National Military Strategy National Research Council National Security National Security Appropriations Bill National Security Review National Security Strategy National Taxpayer Union NATO Navistar Navy Navy Acquisitions Navy Marine Corps Intranet Navy SEAL Navy SEALS NCADE NDAA Net Assessment NETCENTS Network-Centric Warfare Networks New Mexico New START Next Generation Enterprise Network Next Generation Jammer NGEN Nick Chabraja NIE NIFC-CA Nigeria NII Nimitz class NLOS-LS NLRB NMCI NMD Non-Proliferation Norm Dicks North Korea Northrop Grumman November Election NPR NRO NSA nuclear Nuclear Detection Nuclear Deterrence Nuclear Energy Nuclear Power Nuclear Reduction Nuclear Shipbuilding Nuclear strategy nuclear triad Nuclear Weapons Nunn-McCurdy O&M Obama Obamacare Odierno Office of Air and Marine OH-58 Ohio Ohio Class Ohio Replacement Oil O'Keefe OMB Operations and Maintenance Osama bin Laden Oshkosh Oshkosh Corporation Osprey Outsourcing overheating P.W. Singer P-8 P-8A PAA Pacfic Pacific Pakistan Panetta Partner Capacity Partnering Patriot Pave Hawk PBL Pentagon Pentagon Budget Pentagon Cuts Pentagon Spending PEO Soldier Perchlorate Performance Based Logistics Performance-Based Agreement Performance-Based Logistics Persian Gulf Phalanx Phased Adaptive Approach Phased Adaptive Architecture Pilot Training PLA Navy Poseidon Pratt & Whitney Predator Presidential Helicopter Private Contractors Procurement PSSD PTSS Public Interest Research Group Public Private Partnership Public-Private Partnership Public-Private Partnerships Pyongyang QDR QHSR Raider Rapid Equipping Force Rapid Fielding Initiative Rare Earth Ray Mabus Raytheon Readiness Reaper Rebalancing Reconnaissance Helicopter Reelection REF Regulatory Burden Republicans Reset Restart F- 22 RFI Richard Aboulafia Rifleman RIMPAC Rivet Joint RMD 802 Robert Gates Robert O. Work Robert Stevens Rocket Industry Rocket Motors Rocketdyne Rolls-Royce Romney Ron Epstein RPV RQ-170 RQ-4 RQ-7 Rules of Engagement Russia S-300 S-97 SAIC Samsung satellite Satellites Saxby Chambliss SBINet SBIRS Scan Eagle Seapower Secretary Donley Secretary Gates Section 808 Sentinel Sequestration Shadow ship building Shipbuilding Should Cost Methodology Sierra Nevada Sierra Nevada Corporation Sikorsky Situational Awareness SLAMRAAM SM-3 Smart Defense Smart Defense Initiative SOF Soft Power Solar Electric Propulsion Soldier As A System Soldier Equipment solid rocket motor SOSCOE South Korea Space Space Based Infared System space disaggregation Space Launch Space Shuttle Space Tracking and Surveillance Satellite SpaceX Space-X Special Operations Special Operations Forces SSBN SSBN(X) Standard Missile Standard Missile 3 START START Treaty Stealth Helicopter Steel Strait of Hormuz Strategic Architecture strategic arms control Strategic Arms Treaty Strategic Review Stryker STUAS submarine Submarines Subsidies Super Committee Super Galaxay Super Hornet Supply Chain Supply Chain Management Sustainable Defense Sustainment swing states Switchblade Syria T-38 T-38 Trainer Tactical Communications Taiwan Taliban Tanker Tankers Tea Party Teal Group Technical Data terror terrorism Testing Requirements Textron THAAD The Economist Theater Express Tiltrotor Tilt-rotor TLSP Trade Deficit Trade Policy Trade Subsidies Transformation Trident Trident submarine Troop Reduction Turkey Tysons Corner U.K. U.N. Investigation U.S. Army U.S. embassy in Cairo U.S. Manufacturing U.S. Navy U.S. Strategy U-2 UAS UAV UAVs UCLASS UH-1Y UH-60 UK United Kingdom United Technologies Unmanned Aerial System Unmanned Aerial Systems Unmanned Aerial Vehicles unmanned air systems (UASs) Unmanned Aircraft Urgent Operational Needs US Ports US101 USFS USS Missouri Utah V-22 V-22 Osprey Vertical Lift Virginia Virginia-class submarine WAPS war War On Terror WARN Washington Weapons Programs Weapons Spending Wes Bush WGS White House Transparency Measure Wichita Wideband Global Satcom Wikileaks William Perry WIN-T World Trade Organization WTO Yemen York
Early Warning Blog
<< Previous
Next >>

Lexington Study: Picking The Wrong Cybersecurity Providers Could Be Fatal

Author:
Loren B. Thompson, Ph.D.
Date:
Monday, July 09, 2012
Tags
Cybersecurity

The federal government is spending billions of dollars annually combating attacks on U.S. computer networks and information resources. However, it does not appear to have firm criteria for how government agencies and owners of critical infrastructure should go about selecting providers of cybersecurity services. That's a problem, because the cyber business is full of companies that lack the depth, breadth and commitment to cope with the kind of online attacks that countries like China are mounting. This week, the Lexington Institute is releasing a study that identifies the core requirements cybersecurity providers must meet if they are to successfully support federal efforts to guard the nation's vital networks against disruption or subversion. Here is a brief summary of the study's findings and link to the full text.
-----

Findings In Brief

The information revolution has transformed every facet of commerce and culture, including the military enterprise. Unfortunately, it has also empowered extremists, criminals and agents of enemy nations who can use cyberspace to subvert or destroy information resources vital to U.S. security. The federal government has launched a comprehensive cybersecurity initiative to counter such threats. The most advanced, persistent threats are posed by state-sponsored perpetrators, especially those operating in China and Russia.

The federal government has made major strides in developing defenses against cyber espionage and aggression. However, its efforts are impeded by the changing character of threats and the infancy of techniques for addressing them. The absence of agreed standards and metrics for assessing performance sometimes leads federal agencies to select cybersecurity providers who lack the breadth and depth to cope with all potential threats. The government cannot sustain a truly comprehensive cybersecurity posture unless its top providers satisfy five core requirements:

1. Situational awareness. Capable providers must be able to precisely monitor the performance of information systems and networks they are protecting, predicting and/or detecting threats based on extensive understanding of adversary behavior. Awareness of dangers must be shared with potential victims in time for them to minimize harm, and providers must then be able to assess the success of remedial actions.

2. Full-spectrum skills. A comprehensive cybersecurity posture requires providers with expertise and experience in the full array of relevant skills. That includes all the major disciplines associated with computer-network defense, computer-network attack, and computer-network exploitation. Without an integrated understanding of all the necessary skills, federal providers cannot deploy the full panoply of tools needed to counter advanced threats.

3. Operational agility. The pace of activity in cyberspace requires providers that are extremely agile in responding to new threats. Ideally, those providers should be able to apply their situational awareness and full-spectrum skills to anticipate danger before it actually occurs, but at the very least they must have the capacity to detect, analyze, isolate and defeat enemy moves quickly, even when the threat is a “zero-day” attack with no previous history.

4. Organizational maturity. Maturity models are used in many fields to assess organizational effectiveness in applying best practices. In the cybersecurity arena, such models can be used to assess both government preparedness and the practices of outside providers. Mature solutions to cyber challenges typically stress values such as affordability, scalability and technical readiness. Companies capable of providing those solutions tend in turn to have mature cultures stressing retention of talent, continuous training, and diverse expertise.

5. Enterprise commitment. Cybersecurity is an infant industry with many recent entrants. The commitment of some providers to the business is hard to gauge. However, it is not feasible to fashion comprehensive responses to cybersecurity challenges unless customers and providers alike are committed to the mission. The commitment of providers can be determined by assessing how long they have been in the business, how deeply they have invested in talent, and how extensive their collaborative ties are with other centers of expertise.

This report was written by Dr. Loren Thompson of the Lexington Institute staff as part of the institute’s continuing inquiry into the changing requirements of national security.

Return to Early Warning Blog
<< Previous
Next >>
1600 Wilson Boulevard, Suite 900
Arlington, VA 22209
P: 703-522-5828 | F: 703-522-5837
©2009 Lexington Institute. All Rights Reserved.
Website designed by Borcz:Dixon | Powered by Agency of Record