5 Reasons Shutting Down DISA Would Be a Bad Idea

By Lloyd McCoy, Market Intelligence Manager

Not for the first or last time, Congress this year considered getting rid of some agencies as a cost-cutting move, and the Defense Information Systems Agency (DISA) may end up on that list. DISA provides networking and communications hardware and software for systems and services across all of the DOD. What might happen if the agency that handles military networking, computing and communications services gets the axe?

Senior leader communication support – DISA provides secure communication services to the White House and to other senior leaders. Keeping the infrastructure and its security under one roof creates operating efficiencies.

CYBERCOM could, theoretically, handle the role, but it would dilute that agency’s core mission of ensuring U.S. military cyber superiority – and force considerable reorganization to do so.

Spectrum management – Managing the electromagnetic spectrum is crucial to the security of communication, navigation and warfighting. That’s part of DISA’s job for the DOD, and it’s more important than ever with the networking of our ground, sea and aviation military assets. It would be a coordination nightmare to make service branches and military agencies share risk assessment and vulnerability information in their warfighting communications.

Global Information Grid – DISA plays a vital role in providing the circuits and cables of the huge military intranet. Even if CYBERCOM takes the responsibility of protecting endpoints and overseeing configurations and patching, DOD would have its hands full making sure that security vulnerabilities could be managed across the entire department.

Enterprise services – DISA is basically the “App Store” for the DOD. Most of DISA’s services could be adopted by the military services – in fact, they’ve already done so in the case of mobility. If this job were decentralized, every military department would be responsible for the security of their own services.

Taking the mobility example, DISA’s DOD Mobility program enforces policy for end-user devices and mobile device management. Decentralizing mobile security standards would mean each military agency would have to adhere to department-wide security standards, which would add to their operational burden.

Security standards –DISA oversees standards for IT hardware and software. Security Requirements Guides (SRGs) provide high level requirements, and Security Technical Implementation Guides (SGITGs) provide detailed guidelines for specific products. Without requirements, more vulnerabilities and larger attack surfaces might find their way throughout the DOD.

It’s true that government needs to make some tough budgeting choices. Closing agencies should absolutely be up for discussion. But shutting down DISA in the name of economic efficiency could make the rest of DOD less efficient – and more vulnerable to security threats.

Like what you read? Subscribe to immixGroup’s Government Sales Insider blog for more insight on government technology.

This blog is adapted from an article originally published in CSO magazine online. The full article can be found at here.