USAF IT standardization will boost protection

Share this article:

The U.S. Air Force has said it will improve security and save millions by consolidating 38 contracts for Microsoft software and nine support contracts across its units into two enterprise-wide agreements.

The consolidation will result in a small number of standard configurations that enforce strict security policies for all Microsoft desktop and server software, officials said.

"The major driver for us was really security," said Air Force CIO John Gilligan, explaining that a highly reliable network is essential for the service in a time of "net-centric warfare."

Currently, the Air Force has thousands of different software configurations and patching is a painstaking and time-consuming process which involves a lot of manual work, including testing patches for compatibility.

"We were spending more money patching and fixing than buying software," he said.

About once a week, the service experiences an automated cyber attack that disrupts an unpatched system, he added.

Having standard configurations will allow the Air Force to quickly and automatically push out patches, said Gilligan. The Air Force is working with Microsoft to develop the configurations using benchmarks from the Center for Internet Security. They will be designed to meet specific Air Force needs and all of the service's 525,000 personnel will be required to use them.

The contract consolidation is expected to save the service more than $100 million over six years.

Alan Paller, director of research at the SANS Institute, praised the Air Force initiative and said it sets a precedent that other organizations will be eager to follow.

"It demonstrates precisely how organizations can put the appropriate burden of security back on the vendors, where there are massive economies of scale," he said.

"If you don't do this, the alternative is every single site that buys the stuff has to do exactly the same thing. Recreate the wheel every time and the costs are huge."

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Email promises free pizza, ensnares victims in Asprox botnet instead

Email promises free pizza, ensnares victims in Asprox ...

Cloudmark came upon an email that offers free pizza, but clicking on the link to get the coupon ends with victims being ensnared in a botnet.

Report: most orgs lacking in response team, policies to address cyber incidents

In its Q3 threat intelligence report, Solutionary learned that 75 percent of organizations it assisted had no response team or policies and procedures to address cyber incidents.

Flash redirect campaign impacts Carnegie Mellon page, leads to Angler EK

Flash redirect campaign impacts Carnegie Mellon page, leads ...

Malwarebytes found that, since early July, thousands of sites had been targeted in the campaign.