The Cybersecurity Challenge in Acquisition
Abstract
To improve cybersecurity, the acquisition community must understand and manage multipledimensions of cyber-attacks both as an opportunity and as a risk that can compromise thebottom line of the organizations they work for and with. In particular, the acquisition community must understand and recognize the cyber threats inherent in procuring complex modern systems with significant cyber components. If cybersecurity is not designated as a requirement of a modern system, it is often challenging to add effective security on later, andthe severity of the cyber vulnerabilities may only be identified after a breach has already occurred. If appropriate cybersecurity is designed and built-in, these systems will have higherup-front costs but potentially lower life-cycle costs because of the reduced need to fix vulnerabilities in the systems later. Additionally, individuals working in acquisition need torecognize that given the sensitive nature of their work, including intellectual property and financial data, their IT processes, information, and systems will be an attractive target forcyber threats from both criminal sources (e.g., organized crime) and nation state adversaries,and the complexity and integration of the modern supply chain will add vulnerabilities to theselinked supplier systems.
Document Details
- Document Type
- Technical Report
- Publication Date
- Apr 30, 2016
- Accession Number
- AD1016746
Entities
People
- Craig Arndt
- Robin Dillon-merrill
- Sonia Kaestner
Organizations
- Georgetown University