At the current Safety Innovation Network (SINET) occasion held in Washington D.C lately a sober assessment of our nation’s capacity to preserve an sufficient cyber defense emerged.
The state of our cyber defense was summarized by Michael Chertoff, former Secretary of the Department of Homeland Security when he concluded that it may take “a digital 9-11” to get business enterprise, consumers and governments to fortify their cyber security defenses. In impact we are fighting an asymmetrical war and, at present, we appear to be losing.
Echoing this theme, Mr. Vivek Wadhwa, a respected cyber security analyst, argues, “Government merely can not innovate quick sufficient to keep pace with the threats and dynamics of the Online or Silicon Valley’s swiftly changing technologies.”
Wadhwa goes on to point out that innovative entrepreneurial technology advancements are needed but the government, since of it overwhelming dependencies on huge contractors, is not equipped to take benefit of new and powerful cyber defense technology.
Wadhwa concludes that correct innovation developed through smaller entrepreneurial firms is being stifled by Federal Government procurement practices.
The Federal Government Acquisition Method is Inadequate:
Although Wadhwa’s argument is focused on technologies development only it also applies equally to service providers who adapt new technology to new and improving defensive tactics such as vulnerability assessment, analysis of threats and remedial action.
Considering that powerful defense against cyber attacks is an on going procedure of monitoring and taking coercive action, the function of solutions and the cyber warrior is also important and outdated Federal getting patterns are equally harmful.
Considerably of the challenge stems from the present acquiring and acquisition patterns of the government. For Bitdefender Premium Security UK has preferred to bundle requirements in to huge “omnibus” or IDIQ contracts (with negotiated activity orders) that favor the biggest contractors but stifle innovation and flexibility. Cyber safety needs are treated on a like basis with Facts technologies needs and this is a error.
In addition, recent Congressional contracting “reforms” have encouraged protest actions on new contracts and job orders for both new and existing contracts, resulting in a considerable delay of the procurement process. In the rapid evolving planet of cyber safety, delayed deployment of normally obsolete technologies options increases the risk of a productive attack.
For the reason that these contracts are exceptionally substantial, they need quite a few levels of approval-normally by Congress or senior administration officials. It ordinarily requires three-four years for government to award these and effective bidders regularly have to go through a grueling “certification” course of action to get approved to bid. Proposal efforts for substantial bundled contracts expense millions of dollars to prepare and to lobby government officials and political leaders in order to win.
Mainly because of getting patterns that are slanted toward big, slower moving contractors new technologies necessary to meet the multitude of cyber threats will be ignored in the coming years. This puts the nation at threat.
Little contractors are usually overlooked in favor of significant contractors who often use contract cars to give solutions and solutions that are typically out of date in the rapidly changing cyber world.
Startups cannot wait this long or afford the expense of bidding. But it is not adequate to demonize significant contractors when the root result in lies is how the government procures technology.
In order to remedy this challenge an overhaul of the acquisition and procurement course of action is expected to level the playing field for small cyber security organizations: it have to be produced easier for startups and little service providers to bid for government contracts.
One particular helpful way to do this is to unbundle the cyber needs for IT acquisitions and use much more modest business set asides for contract awards. In addition protests at the Basic Accounting Office should be discouraged and reserved only for obvious abuses of the contracting process.
Procurement instances should be reduced to months rather than years some projects must be accomplished in smaller measures so that the major contractors, whose goal is often income maximization and putting unqualified bench staff, aren’t the only ones qualified to complete them.
Cyber attacks on our sensitive infrastructure and government agencies have increased drastically. We want the most current technology and greatest tools in order to win the cyber war.