Cybersecurity needs tech, social and policy solutions

Selling cyber solutions to the government requires understanding technology, social and policy implications

If you sell cybersecurity products to the government it’s important to understand that agencies aren’t just trying to protect against hacking, and that the technology is about more than just ones and zeroes.

Rather, cybersecurity encompasses a much larger set of related topics which influence how the government makes investments. Technology, workplace issues, and regulatory and policy concerns are all part of a comprehensive 360-degree view of cybersecurity.

This comprehensive approach to understanding cybersecurity was the topic of a recent panel discussion titled “Cyberattacks: A 360 Degree View,” featuring experts from academia, as well as federal and local government. Panelists included:

  • Gary Barlet, chief information officer, U.S. Postal Service
  • Douglas Maughan, Ph.D., cyber security division director, DHS Science and Technology Directorate
  • Ernest McDuffie, Ph.D., lead research scientist, Cyber Security Policy and Research Institute, The George Washington University
  • Michael Dent, chief information security officer, Fairfax County, Va., government
INFO-SHARING LEGISLATION IS COMING

One aspect of cybersecurity discussed was information sharing – a very timely topic, indeed. After years of false starts, it looks as though this year will finally see legislation passed on cyber information sharing. There are several bills on the Hill and related administration initiatives all pushing for more rigorous threat information sharing initiatives.

Barlet said he believes information sharing will eventually become mandatory, and agencies will stop doing business with noncompliant organizations. Industry could profit through targeted government investments resulting from this tangible response to cyber threats and focus on information sharing.

CYBER THREATS AND RESPONSES

Speaking of cyber threats, McDuffie repeated the common refrain that when it comes to cyber threats “we have to be right all the time, while the bad guys have to be right only once.” Recent attacks demonstrate the government’s challenge in tackling the enormity of the cyber threat. This underscores the need for proper cyber hygiene especially since vulnerabilities are often traced to government buying practices.

Maughan complained about the poor quality of software being bought by agencies, coupled with the volume of software development. The takeaway for vendors here is, if you are selling a non-security-related product, demonstrate how security is baked into your product and the role it might play in protecting or making the environment more secure.

The government is trying to get smarter and more strategic around cybersecurity investments by looking into predictive analytics and human-out-of-the-loop technologies. Panelists all said they believed the government has done very little in this area – which is a salient take home point; because, understanding how agencies operate is of utmost importance. While your customers may be vocally receptive to automation and machine learning, bureaucratic stove-pipes can still get in the way. Navigating such hurdles is often just as important as the capabilities you are trying to sell. 

In terms of cyber responses, namely taking the offensive, McDuffie said that it’s not as cut-and-dried as confronting a person in your house with a ski mask. This highlights the challenge government agencies face when it comes to attribution, an area where industry can help, particularly in the areas of real-time threat detection and identification. 

CYBER WORKFORCE, PRIVACY, POLICY, AND SPENDING

The development of a cyber-workforce is a top priority for CIOs at all levels of government. The panelists maintained that federal and state governments remain a few years away from fielding a well-trained cyber workforce.

On the human development front, a good percentage of breaches begin by unwitting employees with inadequate security controls. Often, lack of education and careless mistakes are the sources of government security breaches, not solely insider threats.

Despite this, on a global scale the U.S. is still a cybersecurity leader. Our R&D is helping other countries stand up operational programs and other forms of assistance. International partnerships are not often talked about or well understood, but they are critical.

Looking ahead, the panelists agreed that it’s important, but challenging to strike a balance between a need to protect sensitive cyber information while also protecting civil rights and privacy. The last few years have seen executive orders and policies out of NIST aimed at standardizing the federal government’s approach to cybersecurity.

While these were generally agreed to be steps in the right direction, Michael Dent bemoaned the challenges facing IT shops as they attempt to upgrade the security of their footprint. Often, legacy systems can’t be upgraded due to budgetary concerns or fears it would interrupt essential services.

Cyber spending is increasing, but government agencies and industry alike are treading water at best in the face of cyber-attacks and breaches.

CYBERSECURITY DEMANDS A 360 DEGREE VIEW  

Fortunately, there is buy-in from senior agency executives who recognize investments in new tools and innovative solutions are critical to keeping pace with the threats that are out there. A steady dialogue between industry and government is critical.

Ultimately, the best approach to cybersecurity is a multi-faceted one that looks at the issue from a 360-degree perspective, encompassing technological, social, and policy driven solutions. Selling cybersecurity products to the federal government requires understanding these all-encompassing concerns. The degree of your success in selling security product X or Y depends in large part on understanding government pain points in the areas of workforce gaps, legacy systems, baseline requirements, undereducated end-users, and stove-pipes.

About the Author

Lloyd McCoy Jr. is a Market Intelligence Consultant with immixGroup, which helps technology companies do business with the government. Lloyd focuses on Defense Department agencies, as well as public sector cybersecurity. He can be reached at Lloyd_McCoy@immixgroup.com or connect with him on LinkedIn at www.linkedin.com/in/lloydmccoy

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

What is your e-mail address?

My e-mail address is:

Do you have a password?

Forgot your password? Click here
close

Trending

  • Dive into our Contract Award database

    In an exclusive for WT Insider members, we are collecting all of the contract awards we cover into a database that you can sort by contractor, agency, value and other parameters. You can also download it into a spreadsheet. Our databases track awards back to 2013. Read More

  • Navigating the trends and issues of 2016 Nick Wakeman

    In our latest WT Insider Report, we pull together our best advice, insights and reporting on the trends and issues that will shape the market in 2016 and beyond. Read More

contracts DB

Washington Technology Daily

Sign up for our newsletter.

I agree to this site's Privacy Policy.