While the IC’s research organization looks into adding security to cloud environments, in the here and now, intelligence agencies are sharing more data.
Cyberattacks are increasing in frequency and sophistication, and today’s bad actors are more determined than ever to penetrate secure networks and perpetrate harm. The recent executive order on cybersecurity is evidence the federal government has recognized this threat and is committed to protect against cyberattacks.
Traditional federal IT acquisition processes have been slow to transition to this new paradigm. Historically, it was acceptable for agencies to employ multiyear “requirement to deployment” timelines because technology did not evolve quickly, and neither did mission requirements or cyberthreats.
However, a multiyear clock is no longer sufficient to keep up with — much less stay in front of — the threat vectors federal IT officials are facing on a daily basis. As such, defense and national security agencies must streamline their hardware and software procurement time frames and processes. They must quickly and efficiently acquire, integrate and deploy solutions, services and staff.
Fortunately, there are opportunities for vendors and defense agencies to work together to accelerate federal software acquisition procedures. In embracing these opportunities, agencies will be able to bolster cybersecurity more quickly and will be well positioned to better predict, prepare for and respond to expanding threat vectors.
Hardware and software vendors can embrace their roles as true mission partners and help agencies achieve these objectives.
Vendors can work with government customers and prime contractors to provide the solutions and services that are needed for a more flexible, rapid and effective acquisition and procurement process.
Additionally, vendors can work with the various stakeholders within different customer segments — including information assurance, operations, finance and acquisitions — to educate them on the new solutions and services, as well as the acquisition, delivery and finance models that can be used to obtain them.
Those solutions include software-defined networking (SDN) and network functions virtualization (NFV) tools that can help agencies achieve their security objectives while overcoming acquisition barriers.
These cloud-based, Software as a Service solutions are easier and more cost-effective to deploy than traditional software. They streamline the security process by helping to set up smaller, highly intelligent teams.
Fast, easy upgrades and tech refreshes are built in, allowing agencies to stay on top of changing threats. Finally, automation — a key benefit of SDN and NFV — can help agencies save enormous amounts of time and money while enhancing security protocols.
Procuring the software and hardware is only half the battle, however. True success will come when agencies move away from low cost, technically acceptable acquisition processes to total cost of ownership or service consumption models that favor long-term value over upfront savings.
This will not be just a technical shift, but a cultural one as well, and will require procurement officials to adopt a mindset that emphasize long-term value over upfront savings.
The trustworthiness of the software itself is also important. Software should have built-in security components and be compliant with government standards, such as the General Service Administration’s Federal Risk and Authorization Management Program. Solutions from trusted vendors tend to fit these criteria better than technologies procured through unofficial sources. Software procured from this “gray market” may be more prone to vulnerabilities and lack appropriate compliance standards.
Regardless of the source, software should be easily deployable, upgradeable and based on open standards. These features ensure interoperability, adaptability and agility, and are integral to agencies’ efforts to remain in front of potential threats without the need for costly hardware refreshes or upgrades.
Changes to the federal IT procurement process will not happen overnight. That’s all the more reason for agencies to start making those changes right now, so they are better equipped to keep up with looming cyberthreats.
It starts with vendors and agencies working together to enhance the procurement process and deliver innovative technologies that are easy to implement, yet offer powerful threat protection. And it ends with the acquisition of modern network solutions, such as SDN and NFV, which can help agencies get where they need to be from a security standpoint — all while supporting a more streamlined procurement process.