Air Force CIO urges software firms to excise vulnerabilities
Technology companies looking to do business with the Air Force must reduce vulnerabilities in their software products, the department's chief information officer said on Tuesday.
"One of the big challenges to the software industry is, we absolutely have to improve the quality of our software," John Gilligan told an industry crowd during a breakfast sponsored by Input, a market analysis firm. "We cannot deal with the trend of one or more software vulnerabilities identified each day that, if they were exploited, could shut us down."
Noting that the Air Force's war-fighting and administrative systems depend heavily on the branch's information infrastructure, Gilligan said improving cybersecurity within all Air Force networks is one of his top priorities.
"This is the area that keeps me awake at night," he said. "My nightmare is that we engage in a conflict, only to find that ... we are under a very hostile and knowledgeable attack on our cyber infrastructure."
Gilligan said the Air Force is on the "leading edge" of cybersecurity practices, but its information-protection tools still are not as mature as he would like them to be. "We still have some distance to go, and we can use a lot of help from industry in this area," he said. "It is not an overnight fix, but this has got to be a fundamental shift in the software industry."
Meanwhile, he said other department-wide initiatives have boosted the Air Force's ability to protect its information systems. For example, Gilligan is overseeing the consolidation of networks, servers and applications at Air Force bases throughout the world into a "common-use infrastructure" that he expects to be 90 percent complete by Oct. 1.
"This is probably the area where we've made the most progress," Gilligan said. "If you had gone on our bases two years ago, you would have found 10-plus local area networks. Today, you'd find one integrated network, and in many cases, those networks are being run off base ... at the major command headquarters."
Gilligan added that the Air Force has made dramatic progress in consolidating its e-mail systems, going from about 1,300 servers two years ago to about 400 now. "The consequence is not just a reduction in the number of computers, but it's actually significantly increasing the ability to secure and protect those systems," he said.
Gilligan also is working to strengthen the Air Force's capital-investment process, adopting a "portfolio management" policy to make better use of the roughly $6 billion the department plans to spend on information technology in fiscal 2003.
"Our overall objective is to free up dollars so that we can put more of our IT expenditures against our primary war-fighting missions," he said. "As we get a better handle on where we are spending money, we are in a better position to be able to focus that money to leveraging the types of technologies that [industry is] bringing us."
Current commercial opportunities within the Air Force include the department's knowledge-management initiatives and its crypto modernization program, according to Gilligan.