Sunday, February 13, 2011

Sufficient Policy for Information Technology?

A search for “ASD(NII)” of the Official Department of Defense Web Site for DoD Directives, Instructions and Administrative Instructions found 5,058 citations as well as 115 citations for “CIO”. *

Since system interoperability and system security are the key requirements for cyber operations, the following is a partial list of policies that provide Directives and Instructions for implementation:

DODD 4630.05; INTEROPERABILITY AND SUPPORTABILITY OF INFORMATION TECHNOLOGY (IT) AND NATIONAL SECURITY SYSTEMS (NSS).
DODD 5015.2; DOD RECORDS MANAGEMENT PROGRAM.
DODD O-5100.30; DEPARTMENT OF DEFENSE (DoD) COMMAND AND CONTROL (C2).
DODD S-5100.44; DEFENSE AND NATIONAL LEADERSHIP COMMAND CAPABILITY (DNLCC).
DODD 8000.01; MANAGEMENT OF THE DEPARTMENT OF DEFENSE INFORMATION ENTERPRISE.
DODD 8115.01; INFORMATION TECHNOLOGY PORTFOLIO MANAGEMENT.
DODD 8190.1; DOD LOGISTICS USE OF ELECTRONIC DATA INTERCHANGE (EDI) STANDARDS.
DODD 8320.02; DATA SHARING IN A NET-CENTRIC DEPARTMENT OF DEFENSE.
DODD 8320.03; UNIQUE IDENTIFICATION (UID) STANDARDS FOR A NET-CENTRIC DEPARTMENT OF DEFENSE.
DODD 8500.01E; INFORMATION ASSURANCE (IA).
DODD O-8530.1; COMPUTER NETWORK DEFENSE (CND).
DODD 8570.01; INFORMATION ASSURANCE (IA) TRAINING, CERTIFICATION, AND WORKFORCE MANAGEMENT.
DODI 1025.3; ADMINISTRATOR, NATIONAL SECURITY EDUCATION PROGRAM.
DODI 4630.8; PROCEDURES FOR INTEROPERABILITY AND SUPPORTABILITY OF INFORMATION TECHNOLOGY (IT) AND NATIONAL SECURITY SYSTEMS (NSS).
DODI 4650.01; POLICY AND PROCEDURES FOR MANAGEMENT AND USE OF THE ELECTROMAGNETIC SPECTRUM.
DODI 5205.13; Defense Industrial Base (DIB) Cyber Security/Information Assurance (CS/IA) Activities.
DODI 8100.04; DOD UNIFIED CAPABILITIES (UC).
DODI 8110.1; MULTINATIONAL INFORMATION SHARING NETWORKS IMPLEMENTATION.
DODI 8115.02; INFORMATION TECHNOLOGY PORTFOLIO MANAGEMENT IMPLEMENTATION.
DODI 8410.02; NETOPS FOR THE GLOBAL INFORMATION GRID (GIG).
DODI 8420.01; COMMERCIAL WIRELESS LOCAL-AREA NETWORK (WLAN) DEVICES, SYSTEMS, AND TECHNOLOGIES.
DODI 8500.2; INFORMATION ASSURANCE (IA) IMPLEMENTATION.
DODI 8510.01; DOD INFORMATION ASSURANCE CERTIFICATION AND ACCREDITATION PROCESS (DIACAP).
DODI 8523.01; Communications Security (COMSEC).
DODI O-8530.2; SUPPORT TO COMPUTER NETWORK DEFENSE (CND).
DODI 8560.01; COMMUNICATIONS SECURITY (COMSEC) MONITORING AND INFORMATION ASSURANCE (IA) READINESS TESTING.
DODI 8910.01; Information Collection and Reporting. 
DTM 09-013; Registration of Architecture Descriptions in the DoD Architecture Registry System (DARS).
DTM 09-026; Responsible and Effective Use of Internet-based Capabilities.

SUMMARY
The DoD Directives and Instructions are comprehensive. They cover, in detail, every topic related to interoperability of systems and security security. Consequently any flaws in cyber operations are not due to an absence of a policy but due to a lack of implementation.

* http://www.dtic.mil/whs/directives/corres/dir.html