DOD looking ahead on security

The Defense Department already is considering how to protect information in a network-centric environment, according to the department's deputy chief information officer.

Priscilla Guthrie, DOD's deputy CIO, said a white paper is circulating within the department that attempts to lay out the department's information assurance (IA) requirements in the envisioned network-centric environment, in which data would be made available as quickly as possible to those in the organization or on the battlefield who need it.

The Pentagon issued a directive last October that provided a framework for protecting information. DOD Directive 8500.1, which took effect Oct. 24, 2002, asks the services to identify IA requirements and include them in the design, acquisition, installation, operation, upgrade and replacement of all DOD information systems.

DOD 8500.2—the detailed instructions on how to carry out that policy and how it will be enforced—was delivered to DOD CIO John Stenbit this month for review and approval. Guthrie said she did not know if he had yet approved it.

Directive 8500.1 and the instructions in 8500.2 will help DOD protect its information in the short run, but the white paper calls for "persistent, continuous IA" in the future, Guthrie said.

The paper was written "to help people understand where we're headed," and to help industry, especially product developers and integrators, plan for that net-centric environment, she said.