Recently, the government is focused on the nation’s capacity to maintain an adequate cyber defense. The state of the cyber defense has already mentioned the requirement of a digital 9–11 to get business, consumers and governments to fortify their cyber security defenses. In effect this is an asymmetrical war and, at present, we appear to be losing.
Echoing this theme, Federal Government’s security analysts always argues that “Government simply can’t innovate fast enough to keep pace with the threats and dynamics of the Internet or Silicon Valley’s rapidly changing technologies.” They also point out how innovative entrepreneurial technology advancements are required but the government, because of it overwhelming dependencies on large contractors, is not equipped to take advantage of new and powerful cyber defense technology.
The Federal Government Acquisition Strategy is Inadequate:
Although technology development is a business imperative , it also applies equally to service providers who adapt new technology to new and improving defensive tactics such as vulnerability assessment, analysis of threats and remedial action. For the IDIQ contracts, this is more than important.
Since effective defense against cyber attacks is an on going process of monitoring and taking coercive action, the role of services and the cyber warrior is also critical and outdated Federal buying patterns are equally harmful.
Much of the problem stems from the present buying and acquisition patterns of the government. The government has always favoured “omnibus” or IDIQ contracts (with negotiated task orders) that is great for the large contractors but stifle innovation and flexibility. Like IDIQ contracts, cyber security and IT technology requirements are not same and considering them same is quite a mistake.
Reforms That Have Emerged
In addition, recent Congressional contracting “reforms” have encouraged protest actions on new IDIQ contracts and task orders for both new and existing contracts, resulting in a significant delay of the procurement process. In the fast evolving world of cyber security, delayed deployment of often obsolete technology solutions increases the risk of a successful attack.
Because these IDIQ contracts are extremely large, they require many levels of approval-usually by Congress or senior administration officials. It involves no less than three years before the government start giving projects to the successful bidders frequently. They have to go through a grueling “certification” process to get approved to bid. Proposal efforts for large bundled contracts cost millions of dollars to prepare and to lobby government officials and political leaders in order to win.
Buying patterns have changed and more inclined towards large contractors. Various new technologies will be required to meet the cyber threats that were once ignored. This puts the nation at risk.
Small contractors are often overlooked in favor of large contractors who frequently use contract vehicles to provide services and solutions that are often out of date in the rapidly changing cyber world.
Startups can’t wait this long or afford the cost of bidding. But it is not enough to demonize large contractors when the root cause lies is how the government procures technology.
In order to remedy this problem an overhaul of the acquisition and procurement process is required to level the playing field for small cyber security companies: it must be made easier for startups and small service providers to bid for government IDIQ contracts.
Final Thoughts
One effective way to do this is to unbundle the cyber requirements for IT acquisitions and use more small business set asides for contract awards. In addition protests at the General Accounting Office must be discouraged and reserved only for obvious abuses of the IDIQ contracts.
Cyber-attacks on our sensitive infrastructure and government agencies have increased significantly. We need the latest technology and best tools in order to win the cyber war.
