Federal Cyber Security: Are We Winning or Losing

A grim assessment of our nation’s capabilities to sustain an appropriate cyber defence surfaced at the recent Security Innovation Network (SINET) gathering in Washington, D.C.You may want to¬† visit for more.

Former Secretary of Homeland Security Michael Chertoff summed up the condition of our cyber defence when he said it might take “a digital 9-11” to motivate businesses, consumers, and governments to beef up their cyber security defences. In fact, we are fighting an asymmetrical battle, which we appear to be losing at the moment.

“Government just can’t innovate quickly enough to keep pace with the risks and dynamics of the Internet or Silicon Valley’s swiftly changing technologies,” says Mr. Vivek Wadhwa, a respected cyber security analyst.

Wadhwa goes on to say that while innovative entrepreneurial technological developments are essential, the government is not positioned to take advantage of new and powerful cyber protection technology due to its heavy reliance on major contractors.

Wadhwa contends that Federal Government procurement procedures suffocate actual innovation created by tiny entrepreneurial enterprises.

The Acquisition Strategy of the Federal Government Is Inadequate:

Although Wadhwa’s theory is centred on technology development, it also applies to service providers who adapt new technology to new and better defensive techniques including vulnerability assessment, threat analysis, and remediation action.

Because effective cyber security is a continuous process of monitoring and coercion, the role of services and the cyber warrior is also vital, and outmoded Federal purchasing practises are as destructive.

Much of the issue originates from the government’s current purchasing and acquisition processes. For years, the government has opted to group requirements into big “omnibus” or IDIQ contracts (with negotiated task orders) that benefit the larger contractors while stifling innovation and flexibility. It is a mistake to handle cyber security requirements in the same way that information technology requirements are considered.