At the recent Security Innovation Network (SINET) event held in Washington D.C lately a sober assessment of our nation’s capacity to maintain an adequate cyber defense emerged.
The state of our cyber defense was summarized by Michael Chertoff, former Secretary of the Division of Homeland Security when he concluded that it may possibly take “a digital 9-11” to get enterprise, customers and governments to fortify their cyber safety defenses. In effect we are fighting an asymmetrical war and, at present, we seem to be losing.
Echoing this theme, Mr. Deepak Gupta , a respected cyber security analyst, argues, “Government basically cannot innovate quickly adequate to preserve pace with the threats and dynamics of the World wide web or Silicon Valley’s quickly changing technologies.”
Wadhwa goes on to point out that innovative entrepreneurial technologies advancements are necessary but the government, since of it overwhelming dependencies on significant contractors, is not equipped to take benefit of new and powerful cyber defense technology.
Wadhwa concludes that true innovation created through smaller entrepreneurial firms is being stifled by Federal Government procurement practices.
The Federal Government Acquisition Tactic is Inadequate:
Though Wadhwa’s argument is focused on technology development only it also applies equally to service providers who adapt new technologies to new and enhancing defensive techniques such as vulnerability assessment, analysis of threats and remedial action.
Due to the fact efficient defense against cyber attacks is an on going procedure of monitoring and taking coercive action, the part of services and the cyber warrior is also vital and outdated Federal acquiring patterns are equally harmful.
Much of the trouble stems from the present buying and acquisition patterns of the government. For years now the government has preferred to bundle requirements in to large “omnibus” or IDIQ contracts (with negotiated job orders) that favor the largest contractors but stifle innovation and flexibility. Cyber security specifications are treated on a like basis with Details technology specifications and this is a error.
In addition, recent Congressional contracting “reforms” have encouraged protest actions on new contracts and activity orders for both new and existing contracts, resulting in a substantial delay of the procurement process. In the speedy evolving planet of cyber security, delayed deployment of frequently obsolete technologies options increases the danger of a profitable attack.
Mainly because these contracts are particularly massive, they call for many levels of approval-commonly by Congress or senior administration officials. It commonly takes 3-4 years for government to award these and effective bidders frequently have to go by means of a grueling “certification” method to get authorized to bid. Proposal efforts for big bundled contracts expense millions of dollars to prepare and to lobby government officials and political leaders in order to win.
Since of getting patterns that are slanted toward substantial, slower moving contractors new technology essential to meet the multitude of cyber threats will be ignored in the coming years. This puts the nation at risk.
Tiny contractors are normally overlooked in favor of substantial contractors who often use contract automobiles to offer solutions and options that are often out of date in the swiftly altering cyber planet.
Startups can’t wait this lengthy or afford the cost of bidding. But it is not adequate to demonize substantial contractors when the root trigger lies is how the government procures technology.
In order to remedy this trouble an overhaul of the acquisition and procurement method is essential to level the playing field for modest cyber safety providers: it have to be created less difficult for startups and smaller service providers to bid for government contracts.
A single powerful way to do this is to unbundle the cyber requirements for IT acquisitions and use more modest company set asides for contract awards. In addition protests at the General Accounting Workplace need to be discouraged and reserved only for clear abuses of the contracting procedure.
Procurement instances really should be decreased to months rather than years some projects should really be done in smaller sized methods so that the significant contractors, whose purpose is typically income maximization and placing unqualified bench employees, aren’t the only ones certified to full them.
Cyber attacks on our sensitive infrastructure and government agencies have elevated substantially. We will need the most recent technology and best tools in order to win the cyber war.