At the current Safety Innovation Network (SINET) event held in Washington D.C not too long ago a sober assessment of our nation’s capacity to keep an sufficient cyber defense emerged.
The state of our cyber defense was summarized by Michael Chertoff, former Secretary of the Department of Homeland Security when he concluded that it may perhaps take “a digital 9-11” to get organization, customers and governments to fortify their cyber security defenses. In impact we are fighting an asymmetrical war and, at present, we appear to be losing.
Echoing this theme, Mr. Vivek Wadhwa, a respected cyber security analyst, argues, “Government basically cannot innovate quickly adequate to preserve pace with the threats and dynamics of the Net or Silicon Valley’s rapidly altering technologies.”
Wadhwa goes on to point out that revolutionary entrepreneurial technologies advancements are necessary but the government, for the reason that of it overwhelming dependencies on big contractors, is not equipped to take advantage of new and powerful cyber defense technologies.
Wadhwa concludes that true innovation developed by means of smaller entrepreneurial firms is becoming stifled by Federal Government procurement practices.
The Federal Government Acquisition Technique is Inadequate:
Despite the fact that Wadhwa’s argument is focused on technologies development only it also applies equally to service providers who adapt new technologies to new and enhancing defensive techniques such as vulnerability assessment, analysis of threats and remedial action.
Given that effective defense against cyber attacks is an on going process of monitoring and taking coercive action, the part of services and the cyber warrior is also important and outdated Federal obtaining patterns are equally dangerous.
Much of the dilemma stems from the present purchasing and acquisition patterns of the government. For years now the government has preferred to bundle requirements in to big “omnibus” or IDIQ contracts (with negotiated task orders) that favor the biggest contractors but stifle innovation and flexibility. Cyber safety specifications are treated on a like basis with Facts technologies specifications and this is a error.
In addition, recent Congressional contracting “reforms” have encouraged protest actions on new contracts and job orders for each new and current contracts, resulting in a significant delay of the procurement approach. In the rapid evolving planet of cyber security, delayed deployment of often obsolete technology solutions increases the risk of a profitable attack.
Mainly because these contracts are really big, they require lots of levels of approval-typically by Congress or senior administration officials. It ordinarily takes 3-4 years for government to award these and profitable bidders often have to go via a grueling “certification” process to get approved to bid. Proposal efforts for large bundled contracts cost millions of dollars to prepare and to lobby government officials and political leaders in order to win.
Mainly because of obtaining patterns that are slanted toward large, slower moving contractors new technology required to meet the multitude of cyber threats will be ignored in the coming years. This puts the nation at risk.
Little contractors are usually overlooked in favor of large contractors who regularly use contract automobiles to offer solutions and solutions that are normally out of date in the swiftly altering cyber globe.
Startups cannot wait this lengthy or afford the cost of bidding. But IT services in Raleigh is not adequate to demonize huge contractors when the root lead to lies is how the government procures technology.
In order to remedy this issue an overhaul of the acquisition and procurement course of action is essential to level the playing field for modest cyber safety providers: it need to be created much easier for startups and tiny service providers to bid for government contracts.
A single powerful way to do this is to unbundle the cyber needs for IT acquisitions and use a lot more compact small business set asides for contract awards. In addition protests at the Basic Accounting Office will have to be discouraged and reserved only for obvious abuses of the contracting method.
Procurement instances ought to be decreased to months rather than years some projects need to be carried out in smaller sized methods so that the significant contractors, whose goal is usually revenue maximization and putting unqualified bench employees, aren’t the only ones qualified to comprehensive them.
Cyber attacks on our sensitive infrastructure and government agencies have elevated significantly. We want the latest technologies and greatest tools in order to win the cyber war.