1

Cybersecurity Tiered Vulnerabilities

2

Tier I/II$Ks

Tier III/IV$Ms

Tier V/VI$Bs

Create New Vulnerabilities

Discover New Vulnerabilities

Exploit Known Vulnerabilities

3

Information Technology Evolution

Info

rmat

ion

Dri

ven

Cap

abili

ty

• Central computer center• Software in computer center only• Work brought to the computer center

1950 1960 1970 1980 1990 2000 2010 2020

1. Centralized - Mainframe

2. Networked - Decentralized

3. Internet - Cloud

• PC enabled and network• Software distributed in both server and client computers

• Work from the user location

• Virtualized compute; global network enabled

• Software decoupled from hardware

• Work from anywhere

Adding functional capability has become easier with each new wave

We are in early stages of Wave 3 information technology

Mainframe and Client-Server waves remain in place

Waves represent many co-dependent technologies, matured over time

But enterprise infrastructure gaps & vulnerabilities have become more critical

DoD is using Wave 2 acquisition & budget processes to acquire Wave 3 capability

Wave 2 Acquisition for Wave 3 Technology