This is a 2011 paper presented to FITSI.org and addresses an ambitious topic for me to cover: “IA Fusion”. My approach explores how DoD and Federal Government contractors can cut costs while simultaneously improving overall quality and minimizing the chance for a “stop work” order from the Government customer.
Cybersecurity measures to address ongoing attack vectors come at greater and greater expense (budgeted atÂ $3.2 billion back in fiscal 2010), even as DoD and the federal government are being pushed hard to cut costs. OMB’s call to â€œturnaround or terminate at least one-third of poorly performing projects” speaks tellingly to the cost and expenseÂ involved in cybersecurity certifications: a contractor must deliver secured systems expeditiously or risk beingÂ tagged as a â€œpoor performer.â€
This paper provides a roadmap called â€œIA Fusionâ€ for a DoD contractor seeking to cut costs even while improving IA. As Professor John Savage of Brown University testified to Congress, â€œit is better to build in security rather than try to add it after the factâ€ and â€œhardware and software vendors and network providers should be required to conform to reasonable cyber security guidelines.â€ Decisions by individual contributors are the linchpin of IA; IA Fusion helps an organization to translate IA policies into IA practices at the ground level.
IA Fusion gives an organization the competitive edge necessary to survive and thrive in todayâ€™s demanding DoD business environment by integrating IA throughout the software development process. Moreover, IA Fusionâ€™s holistic management, education, and measurement approaches can be extended to projects across the organization â€“ even those projects not directly related to the DoD.