At the recent Security Innovation Network (SINET) event held in Washington D.C lately a sober assessment of our nation’s capacity to preserve an sufficient cyber defense emerged.
The state of our cyber defense was summarized by Michael Chertoff, former Secretary of the Division of Homeland Security when he concluded that it may take “a digital 9-11” to get company, shoppers and governments to fortify their cyber security defenses. In impact we are fighting an asymmetrical war and, at present, we appear to be losing.
Echoing this theme, Mr. Vivek Wadhwa, a respected cyber security analyst, argues, “Government merely cannot innovate quickly sufficient to hold pace with the threats and dynamics of the World wide web or Silicon Valley’s swiftly altering technologies.”
Wadhwa goes on to point out that innovative entrepreneurial technologies advancements are required but the government, simply because of it overwhelming dependencies on significant contractors, is not equipped to take benefit of new and powerful cyber defense technology.
Wadhwa concludes that correct innovation created via smaller sized entrepreneurial firms is getting stifled by Federal Government procurement practices.
IT Solutions is Inadequate:
Even though Wadhwa’s argument is focused on technologies development only it also applies equally to service providers who adapt new technologies to new and improving defensive tactics such as vulnerability assessment, evaluation of threats and remedial action.
Because effective defense against cyber attacks is an on going approach of monitoring and taking coercive action, the part of services and the cyber warrior is also essential and outdated Federal buying patterns are equally damaging.
Much of the challenge stems from the present obtaining and acquisition patterns of the government. For years now the government has preferred to bundle specifications in to substantial “omnibus” or IDIQ contracts (with negotiated process orders) that favor the biggest contractors but stifle innovation and flexibility. Cyber safety specifications are treated on a like basis with Information and facts technologies requirements and this is a mistake.
In addition, recent Congressional contracting “reforms” have encouraged protest actions on new contracts and job orders for both new and current contracts, resulting in a important delay of the procurement procedure. In the rapidly evolving globe of cyber security, delayed deployment of typically obsolete technology options increases the risk of a profitable attack.
Because these contracts are particularly huge, they require quite a few levels of approval-commonly by Congress or senior administration officials. It usually requires 3-four years for government to award these and productive bidders often have to go by means of a grueling “certification” process to get authorized to bid. Proposal efforts for substantial bundled contracts expense millions of dollars to prepare and to lobby government officials and political leaders in order to win.
Mainly because of shopping for patterns that are slanted toward significant, slower moving contractors new technologies necessary to meet the multitude of cyber threats will be ignored in the coming years. This puts the nation at risk.
Modest contractors are generally overlooked in favor of substantial contractors who often use contract cars to give services and solutions that are usually out of date in the rapidly altering cyber world.
Startups can not wait this lengthy or afford the expense of bidding. But it is not enough to demonize huge contractors when the root bring about lies is how the government procures technology.
In order to remedy this issue an overhaul of the acquisition and procurement approach is necessary to level the playing field for small cyber security providers: it ought to be created less complicated for startups and compact service providers to bid for government contracts.
A single successful way to do this is to unbundle the cyber needs for IT acquisitions and use additional small enterprise set asides for contract awards. In addition protests at the Common Accounting Office will have to be discouraged and reserved only for apparent abuses of the contracting procedure.
Procurement occasions really should be decreased to months rather than years some projects must be carried out in smaller methods so that the big contractors, whose objective is usually revenue maximization and putting unqualified bench employees, are not the only ones certified to complete them.
Cyber attacks on our sensitive infrastructure and government agencies have elevated significantly. We have to have the most recent technology and greatest tools in order to win the cyber war.