Guest editorial by Allen Badeau, CTO of NCI, Inc.
With the financial impact of cybersecurity breaches expected to exceed $5 billion by 2020, the old adage ‘slow and steady’ will not win the race against such catastrophic attacks.
Cyber threats are constantly changing and presenting bold new challenges that can disrupt both legacy and latest generation systems.
Vigilance and the ability to apply the right technology fast enough are critical success factors in cybersecurity.
Cybersecurity is more than a technology issue. It is a critical business risk and one of the fastest-growing threats in the world.
With the Internet of Things ecosystem continuing to grow, there is a hyper-convergence of technologies that will have far-reaching impacts on the government’s cybersecurity posture.
Government and industry IT leaders must work across these technologies to address emerging issues.
In the meantime, there are a few key improvements that I would recommend to help federal agencies acquire better cybersecurity solutions faster, and keep better pace with new threats.
Government agencies should ask for more solutions-based bids.
A majority of traditional government IT bids are really staffing jobs, meaning that the bidder describes his experience, estimates how many people will be working on the project and then provides hourly rates.
That makes it very difficult for the government to distinguish what the best solution is going to be for a project or program.
With a solutions-based approach, government buyers say, “This is my problem. Tell me how you’re going to fix the problem and how much it’s going to cost to fix the problem.”
If government buyers would issue more of those procurements, they would be able to make decisions with much more confidence based on their specific needs.
They would be able to speed up the procurement process and obtain best value, as compared to the traditional government pricing model, which has not been shown to work effectively for cybersecurity.
(Hear from the Author, Allen Badeau, CTO for NCI, on ‘How the IoT Changes How Government Approaches Cybersecurity,’ courtesy of NCI and YouTube)
SIAM Procurement Approach
Agencies also should consider adopting a more commercial-based approach to acquisitions, similar to the European Service Integration and Management (SIAM) model.
In a SIAM procurement approach, the contractor is truly the integrator and they have ultimate accountability to the government customer to get that job done on time and on budget.
This structure enables the contractor to pull in commercial partners and effectively manage vendors so that if one party is not getting the job done, they can quickly be replaced with a better performing partner.
Many of today’s procurement models were originally designed to help the government obtain best value for goods, and when these models were adapted to take on procurements as elusive as cybersecurity programs, their shortcomings became apparent.
The commercial world typically enjoys more flexibility and creativity in its approach to procurement.
They know that they cannot wait to bring the latest technology on board, or they will lose out to their competition.
They have applied that same sense of urgency to cybersecurity, and that has resulted in some very interesting ways to procure great technology solutions that deliver best value.
At NCI, we are focused on delivering practical cybersecurity solutions for our customers’ most complex challenges.
We do that by actively working with customers and developing new technologies to integrate into our solutions, such as artificial intelligence, software-defined networks and quantum computing.
Our technology innovations and customer relationships help us better understand the challenges inherent in current environments, along with the costs and benefits of applying new technologies.
Headquartered in Reston, Virginia, NCI is a leading provider of government enterprise solutions and services.
Allen Badeau is the CTO for NCI, Inc. of Reston, Virginia.