Accession Number:



Mitigating Risk to DOD Information Networks by Improving Network Security in Third-Party Information Networks

Descriptive Note:

Technical Report

Corporate Author:

Naval Postgraduate School Monterey United States

Personal Author(s):

Report Date:


Pagination or Media Count:



Poorly defended third-party information networks can act as an attack vector for cyber attackers to successfully breach larger and more robustly defended information networks. Therefore, third-party networks connecting to Department of Defense DOD information networks may pose a significant risk to the DOD. The DOD has attempted to alleviate this risk to its networks by requiring covered defense contractors to meet certain network security standards and by initiating a cyber threat information sharing program the DOD Defense Industrial Base DIB Cyber SecurityInformation Assurance CSIAProgram. However, these DOD actions are not aggressive enough to adequately mitigate this risk to DOD networks. To adequately address this problem, an expanded and more aggressive incentive-based program is required. Existing federal government, incentive-based programs were analyzed as potential exemplars from which to build a new incentive-based network security program. The Department of Homeland Securitys DHSs Safety Act Program was ultimately chosen as the primary exemplar. Using this model, an Enhanced DOD CSIA Program was designed to offer the DOD a system that can influence the improvement of third-party network security through a structure of synchronized network security controls and incentives. By implementing the proposed DOD Enhanced CSIA Program to improve the network security of third-party networks that connect to DOD networks, the DOD can better mitigate the risk of cyber attacks to its own networks.

Subject Categories:

Distribution Statement: