COTS will never meet Defense security needs, Pentagon official says

Commercial-off-the-shelf software and hardware will never be able to meet the IT security needs of the Defense Department, because corporations can't make the business case to strengthen their commercial products to the level needed, according to Dr. Linton Wells II, acting assistant secretary of Defense, networks and information integration, Office of the Secretary of Defense.

'We've been singularly unimpressed with commercial security'COTS will never get there,' Wells said at a forum held today by the Multi-Sector Crisis Management Consortium, adding later, 'but we think industry can do a lot better.'

The Air Force, Army, Navy and Marine Corps all have enterprisewide initiatives under way to move to standardized desktop and communications environments.

The Air Force, for instance, just announced the awardees for its $9 billion Network-Centric Solutions contract, which specifically calls for 'a family of [Defense Department] adopted commercially standardized networking solutions.'

The service also negotiated an enterprise license agreement with Microsoft and Dell to use Microsoft's Windows, Office, Exchange and other commercial products on all 525,000 desktops in the service.

Asked about this trend, Wells said his office has established and maintains a 'near real-time' monitoring system that tracks the military's global networks to detect anomalies and respond to possible attacks, and that the issue is receiving more visibility and resources than ever before.

'There's a four-star [general] in Omaha,' in charge of the global taskforce on network operations, Wells said.


  • automated processes (Nikolay Klimenko/

    How the Army’s DORA bot cuts manual work for contracting professionals

    Thanks to robotic process automation, the time it takes Army contracting professionals to determine whether prospective vendors should receive a contract has been cut from an hour to just five minutes.

  • Russia prying into state, local networks

    A Russian state-sponsored advanced persistent threat actor targeting state, local, territorial and tribal government networks exfiltrated data from at least two victims.

Stay Connected