At the current Security Innovation Network (SINET) occasion held in Washington D.C lately a sober assessment of our nation’s capacity to maintain an adequate cyber defense emerged.
The state of our cyber defense was summarized by Michael Chertoff, former Secretary of the Division of Homeland Safety when he concluded that it may possibly take “a digital 9-11” to get small business, customers and governments to fortify their cyber security defenses. In impact we are fighting an asymmetrical war and, at present, we seem to be losing.
Echoing this theme, Mr. Vivek Wadhwa, a respected cyber security analyst, argues, “Government basically can’t innovate speedy enough to maintain pace with the threats and dynamics of the Web or Silicon Valley’s quickly changing technologies.”
Wadhwa goes on to point out that innovative entrepreneurial technologies advancements are necessary but the government, since of it overwhelming dependencies on significant contractors, is not equipped to take benefit of new and potent cyber defense technology.
Wadhwa concludes that true innovation created by way of smaller entrepreneurial firms is being stifled by Federal Government procurement practices.
The Federal Government Acquisition Tactic is Inadequate:
Even though Wadhwa’s argument is focused on technologies development only it also applies equally to service providers who adapt new technology to new and enhancing defensive tactics such as vulnerability assessment, analysis of threats and remedial action.
Because efficient defense against cyber attacks is an on going method of monitoring and taking coercive action, the role of solutions and the cyber warrior is also important and outdated Federal obtaining patterns are equally damaging.
Substantially of the difficulty stems from the present buying and acquisition patterns of the government. For managed it services has preferred to bundle requirements in to big “omnibus” or IDIQ contracts (with negotiated job orders) that favor the largest contractors but stifle innovation and flexibility. Cyber safety needs are treated on a like basis with Data technology requirements and this is a error.
In addition, recent Congressional contracting “reforms” have encouraged protest actions on new contracts and task orders for each new and existing contracts, resulting in a substantial delay of the procurement process. In the quick evolving world of cyber security, delayed deployment of often obsolete technology solutions increases the risk of a effective attack.
Since these contracts are incredibly massive, they require many levels of approval-generally by Congress or senior administration officials. It typically takes 3-4 years for government to award these and thriving bidders regularly have to go via a grueling “certification” course of action to get approved to bid. Proposal efforts for large bundled contracts expense millions of dollars to prepare and to lobby government officials and political leaders in order to win.
For the reason that of shopping for patterns that are slanted toward significant, slower moving contractors new technologies essential to meet the multitude of cyber threats will be ignored in the coming years. This puts the nation at threat.
Small contractors are usually overlooked in favor of large contractors who frequently use contract vehicles to provide services and options that are normally out of date in the quickly changing cyber planet.
Startups can’t wait this lengthy or afford the expense of bidding. But it is not enough to demonize large contractors when the root lead to lies is how the government procures technologies.
In order to remedy this issue an overhaul of the acquisition and procurement process is required to level the playing field for smaller cyber safety businesses: it must be produced simpler for startups and small service providers to bid for government contracts.
A single efficient way to do this is to unbundle the cyber needs for IT acquisitions and use extra smaller business set asides for contract awards. In addition protests at the Basic Accounting Office ought to be discouraged and reserved only for apparent abuses of the contracting process.
Procurement times must be decreased to months rather than years some projects really should be performed in smaller sized steps so that the significant contractors, whose purpose is often revenue maximization and placing unqualified bench employees, are not the only ones certified to total them.
Cyber attacks on our sensitive infrastructure and government agencies have improved significantly. We have to have the most current technologies and finest tools in order to win the cyber war.