At the recent Security Innovation Network (SINET) event held in Washington D.C not too long ago a sober assessment of our nation’s capacity to retain an adequate cyber defense emerged.
The state of our cyber defense was summarized by Michael Chertoff, former Secretary of the Division of Homeland Security when he concluded that it may possibly take “a digital 9-11” to get business enterprise, shoppers and governments to fortify their cyber security defenses. In impact we are fighting an asymmetrical war and, at present, we appear to be losing.
Echoing this theme, Mr. Vivek Wadhwa, a respected cyber security analyst, argues, “Government merely can’t innovate fast sufficient to retain pace with the threats and dynamics of the Internet or Silicon Valley’s quickly altering technologies.”
Wadhwa goes on to point out that revolutionary entrepreneurial technologies advancements are necessary but the government, because of it overwhelming dependencies on huge contractors, is not equipped to take benefit of new and effective cyber defense technologies.
Wadhwa concludes that accurate innovation developed through smaller entrepreneurial firms is getting stifled by Federal Government procurement practices.
The Federal Government Acquisition Tactic is Inadequate:
Even though Wadhwa’s argument is focused on technology improvement only it also applies equally to service providers who adapt new technology to new and enhancing defensive tactics such as vulnerability assessment, evaluation of threats and remedial action.
Given that productive defense against cyber attacks is an on going approach of monitoring and taking coercive action, the role of services and the cyber warrior is also critical and outdated Federal buying patterns are equally damaging.
Much of the challenge stems from the present buying and acquisition patterns of the government. For years now the government has preferred to bundle needs in to massive “omnibus” or IDIQ contracts (with negotiated task orders) that favor the biggest contractors but stifle innovation and flexibility. Cyber security requirements are treated on a like basis with Information technology requirements and this is a mistake.
In addition, current Congressional contracting “reforms” have encouraged protest actions on new contracts and task orders for both new and current contracts, resulting in a substantial delay of the procurement procedure. In the speedy evolving globe of cyber security, delayed deployment of often obsolete technologies solutions increases the threat of a prosperous attack.
Simply because these contracts are particularly huge, they need several levels of approval-generally by Congress or senior administration officials. It typically takes three-4 years for government to award these and successful bidders often have to go via a grueling “certification” method to get approved to bid. Proposal efforts for large bundled contracts expense millions of dollars to prepare and to lobby government officials and political leaders in order to win.
Due to the fact of obtaining patterns that are slanted toward large, slower moving contractors new technology needed to meet the multitude of cyber threats will be ignored in the coming years. This puts the nation at threat.
Compact contractors are normally overlooked in favor of huge contractors who often use contract cars to give solutions and options that are frequently out of date in the swiftly changing cyber globe.
Startups can not wait this extended or afford the expense of bidding. But it is not enough to demonize massive contractors when the root lead to lies is how the government procures technologies.
In order to remedy this dilemma an overhaul of the acquisition and procurement method is expected to level the playing field for little cyber safety organizations: it ought to be produced much easier for startups and little service providers to bid for government contracts.
One particular helpful way to do this is to unbundle the cyber requirements for IT acquisitions and use a lot more tiny small business set asides for contract awards. In addition protests at the General Accounting Office will have to be discouraged and reserved only for obvious abuses of the contracting procedure.
get Unlimited VPN USA must be reduced to months rather than years some projects need to be completed in smaller measures so that the main contractors, whose goal is generally revenue maximization and putting unqualified bench staff, are not the only ones certified to complete them.
Cyber attacks on our sensitive infrastructure and government agencies have increased drastically. We need the newest technologies and greatest tools in order to win the cyber war.