Information assurance is not receiving appropriate attention at high levels within the Department of the Navy. Currently no single individual within the Department of the Navy has this responsibility and authority.
Recommendation: The Department of the Navy should push for research to address its critical NCII information assurance needs.
Because there is a large shortfall of current security technologies relative to naval needs, the Department of the Navy must be an advocate within the DOD for long-term research in several areas not being addressed by industry, including intrusion assessment, intrusion-tolerant systems, prevention of denial of service, approaches to retrofitting legacy systems with some security and reliability functionality, mobile code security, extending the capabilities of virtual private networks, and dependability. There is also a need to develop DOD-specific solutions for areas that industry is not addressing because there are no common commercial analogues, particularly in tactical networking.