Pentagon Sets New Framework for Security Policy
The Department of Defense this week established a new Defense Security Enterprise that is intended to unify and standardize the Department’s multiple, inconsistent security policies.
The new security framework “shall provide an integrated, risk-managed structure to guide DSE policy implementation and investment decisions, and to provide a sound basis for oversight and evolution.”
The Defense Security Enterprise, launched October 1 by DoD Directive 5200.43, is a response to the often incoherent and internally contradictory state of DoD security policy.
An Inspector General report earlier this year said that there were at least 43 distinct DoD policies on security that could not all be implemented together.
“The sheer volume of security policies that are not coordinated or integrated makes it difficult for those at the field level to ensure consistent and comprehensive policy implementation,” the DoD IG wrote. (“DoD Security Policy is Incoherent and Unmanageable, IG Says,” Secrecy News, September 4, 2012.)
But under the new Defense Security Enterprise, “Standardized security processes shall be implemented, to the maximum extent possible and with appropriate provisions for unique missions and security environments,” the DoD directive said.
The new structure is supposed to “ensure that security policies and programs are designed and managed to improve standards of performance, economy, and efficiency.”
But the directive does not explain how to proceed if “performance, economy, and efficiency” prove to be incompatible objectives.
Nor does it provide a working definition for the crucial concept of “risk management.” This term, often contrasted with “risk avoidance,” implies an increased tolerance for risk (i.e. risk of failure). But the practical meaning (or the limit) of this tolerance is nowhere made explicit.
The Defense Security Enterprise will be managed by “a core of highly qualified security professionals,” the DoD directive said.
The research community lacks strategies to incentivize collaboration on high-quality data acquisition and sharing. The government should fund collaborative roadmapping, certification, collection, and sharing of large, high-quality datasets in life science.
The potential of new nuclear power plants to meet energy demand, increase energy security, and revitalize local economies depends on new regulatory and operational approaches at the NRC.
In anticipation of future known and unknown health security threats, including new pandemics, biothreats, and climate-related health emergencies, our answers need to be much faster, cheaper, and less disruptive to other operations.
To unlock the full potential of artificial intelligence within the Department of Health and Human Services, an AI Corps should be established, embedding specialized AI experts within each of the department’s 10 agencies.