If you can only improve what you can measure, as the saying goes, there is still a lot of work to be done in the area of information assurance/ cybersecurity.

That’s one conclusion to be drawn from a recent report by the Department of Defense’s Information Assurance Technology Analysis Center (IATAC), titled “Measuring Cyber Security and Information Assurance,” which looks at the vexing question of how to objectively evaluate efforts to defend military and other networks. Although network defense depends critically on the ability to gauge security status in real time, the report makes clear, there is no universally recognized way to rate the success of that defense and how it changes over time and in response to different policies.

To be sure, there has been progress, especially compared with a decade or so ago, when there was real debate over whether IA metrics would be useful or even feasible. These days there seems to be a consensus that measuring IA is a good idea, and indeed is essential in light of growing federal mandates in this area.

Government, industry and academia have been working hard to develop measurement strategies, and a number of processes and frameworks have emerged to offer guidance. IA statistics can be combined into composite ratings, such as the Common Vulnerabilities Scoring System, to create an overall picture of security status. Automatic tools for IA measurement also exist, although more often as custom developments than commercially available products.

The report concludes with a call for further efforts to advance the state of the art of IA measurement, including development of a standard set of definitions and common data formats. Particularly important for the military, it seems to me, will be to come up with real-time measures for immediate diagnosis of intrusions and other security events. You can’t tell if you’re winning unless you can keep score.

Harrison Donnelly, Editor This e-mail address is being protected from spambots. You need JavaScript enabled to view it 301.670.5700 x114