Exploring cybersecurity requirements in the defense acquisition process.

摘要

The federal government is devoted to an open, safe, free, and dependable cyberspace that empowers innovation, enriches business, develops the economy, enhances security, fosters education, upholds democracy, and defends freedom. Despite many advantages--- federal and Department of Defense cybersecurity policies and standards, the best military power equipped with the most innovative technologies in the world, and the best military and civilian workforces ready to perform any mission---the defense cyberspace is vulnerable to a variety of threats. This study explores cybersecurity requirements in the defense acquisition process. The literature review exposes cybersecurity challenges that the government faces in the federal acquisition process, and the researcher examines cybersecurity requirements in defense acquisition documents. The study reveals that cybersecurity is not at a level of importance equal to that of cost, technical, and performance in the current defense acquisition process. The study discloses the defense acquisition guidance does not reflect the change of cybersecurity requirements, and the defense acquisition processes are deficient, ineffective, and inadequate to describe and consider cybersecurity requirements, weakening the government's overall efforts to implement cybersecurity framework into the defense acquisition system. The study recommends defense organizations elevate the importance of cybersecurity during the acquisition process, to help the government's overall efforts to develop, build, and operate in an open, secure, interoperable, and reliable cyberspace.