Accession Number:

AD1016746

Title:

The Cybersecurity Challenge in Acquisition

Descriptive Note:

Conference Paper

Corporate Author:

Georgetown University Washington United States

Personal Author(s):

• Kaestner,Sonia
• Arndt,Craig
• Dillon-Merrill,Robin

Report Date:

2016-04-30

Pagination or Media Count:

33.0

Abstract:

To improve cybersecurity, the acquisition community must understand and manage multipledimensions of cyber-attacks both as an opportunity and as a risk that can compromise thebottom line of the organizations they work for and with. In particular, the acquisition community must understand and recognize the cyber threats inherent in procuring complex modern systems with significant cyber components. If cybersecurity is not designated as a requirement of a modern system, it is often challenging to add effective security on later, andthe severity of the cyber vulnerabilities may only be identified after a breach has already occurred. If appropriate cybersecurity is designed and built-in, these systems will have higherup-front costs but potentially lower life-cycle costs because of the reduced need to fix vulnerabilities in the systems later. Additionally, individuals working in acquisition need torecognize that given the sensitive nature of their work, including intellectual property and financial data, their IT processes, information, and systems will be an attractive target forcyber threats from both criminal sources e.g., organized crime and nation state adversaries,and the complexity and integration of the modern supply chain will add vulnerabilities to theselinked supplier systems.

Descriptors:

• acquisition
• cyberattacks
• computer security techniques
• denial of service attack
• computer network security
• contracts
• department of homeland security
• internet
• risk management
• vulnerability
• malware

Subject Categories:

Distribution Statement:

APPROVED FOR PUBLIC RELEASE