The Department of Defense's decision to have the National Security Agency lead its information assurance (IA) efforts should improve the department's IA work overall and eventually could lead to the DOD's adopting a more stringent network security policy, industry analysts told NetDefense.

Loren Thompson, chief operating officer of the Lexington Institute, said the DOD's selection of the NSA to lead its IA policies was a prudent decision because the NSA "has a good understanding of what needs to be done to protect information.

"Because the NSA is the nation's single leading intelligence and eavesdropping agency, it has a much better idea of how information is moved around, stolen or protected than many other organizations do," he said. "There are other places in the DOD that [have] similar abilities, but no one else there has the people and the resources that the NSA does. You can kind of look at information assurance as the opposite end of the coin for NSA."

Jeff McKaughan, a defense and aerospace analyst with the Teal Group, told NetDefense that the DOD's decision to go with NSA is "an absolutely good move.

"The way I look at it, the advantage of having [NSA oversee IA] is it is what they do," McKaughan said. "They already know how to do it, so they have the advantage of knowing how to do it." Any frustration that industry might have concerning the DOD's decision to go with the NSA over a private solution probably will be short-lived, McKaughan said. "I would think there would be some initial disappointment, but I don't think you will hear a whole lot [from industry] because some of these companies will still probably get some outsourcing [contracts] from this," he said.

This past week, Priscilla E. Guthrie, the DOD's deputy chief information officer, said the department had decided to have NSA lead its IA efforts based on security work the agency did for the DOD a few months ago building a security component for the Global Information Grid. The NSA, created in 1952, coordinates, directs, and performs highly specialized activities to protect U.S. information systems and produce foreign intelligence information.

"We asked NSA to build an IA architecture. NSA did a knock-your-socks-off job of doing this," Guthrie said during a luncheon held Dec. 15 by the American Council for Technology and Industry Advisory Council in Arlington, Va.

Although the NSA will lead the department's IA initiatives, that does not mean the agency will build everything or own all of the IA dollars, Guthrie said. Instead, the agency will put together a GIG IA portfolio so the department can have a point-of-contact agency if portions of the GIG lack adequate security.

"NSA will deliver a vision for what it's going to take to secure the environment," she said during the luncheon. "Some have asked me, 'Why NSA? They don't have the skill set.' I don't know a better construct for the department. This is a blueprint for us to [affect] this broad IA environment."