Federal Cybersecurity Government Partnering Strategies: Avascent White Paper


Published on

Avascent White Paper on the rapidly evolving Cyber marketplace - from my colleagues Michael McKloskey and Timothy Wickham

Published in: Business, Economy & Finance
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Federal Cybersecurity Government Partnering Strategies: Avascent White Paper

  1. 1. JUNE 2009 B2G Advisory Services MARKET & STRATEGY SUPPORT The Federal Cybersecurity Market ABOUT THE AUTHORS: Partnership for Continuous Innovation as the Path to TIMOTHY WICKHAM PARTNER Prosperity in the Cyber Market Tim is a partner of The Avascent Group where he directs the firm’s C4ISR practice. Prior to joining Cybersecurity is a problem of interdependencies. Because these interdependencies are also Avascent, Tim served as a the strength of the networks and systems on which government and society alike have be- tactical communications come so dependant, it is only through better coordination that cyber capabilities, both de- officer in the U.S. Army Sig- nal Corps and as an analyst fensive and offensive, will be improved. in the Intelligence Commu- The government market for cyber solutions, however, features a critical paradox: For all the nity. value of close coordination among players, the market is characterized by widely disparate MICHAEL MCKLOSKEY approaches to cyber issues and solution development. These differences are driven by a ASSOCIATE multitude of factors, but they combine to make the task of achieving coordinated solutions At Avascent, Mike advises very difficult. Recent controversies over leadership roles in Federal cybersecurity, and the clients on security matters recent publication of the Obama administration’s Cyberspace Policy Review, highlight these confronting the federal gov- problems. ernment. Previously, Mike worked as a supervisor and Companies competing in the Federal cyberspace market must cope with this paradox. They analyst at the National Secu- must grapple with customers of varying interests and needs, and who may face significant rity Agency where he spe- hurdles in engaging with developments in sister agencies. Companies looking to expand cialized in information and cyber security as well as their role in providing responsive and effective cyber technology, services and support must CBRN-terrorism issues. emphasize partnership with their customers. For further information The dynamism and diversity that characterize Federal cyberspace requires industry to build please contact : highly collaborative customer relationships. To be successful in this market, companies twickham@avascent.com need the ability to work with their customers in the face of rapidly evolving challenges to mmckloskey@avascent.com diagnose requirements and prescribe solutions that can draw on best of breed across agency lines. THE AVASCENT GROUP 1225 EYE STREET, NW #400 WASHINGTON, DC 20005 (202) 452-6990
  2. 2. THE FEDERAL CYBER ENVIRONMENT resources to invest, many firms have found that picking win- ning technologies is more akin to a game of roulette than a Public attention to Federal cybersecurity and cyber warfare sound investment strategy. challenges burst to public attention with the 2007 acknowl- Uneven Policy and Customer Needs: The Federal govern- edgment of the Comprehensive National Cybersecurity Ini- ment struggles to define leadership responsibility in the cy- tiative (CNCI). This initiative ber realm. The task of defining boosted Federal spending on cy- ber solutions by more than a Companies looking to expand their role in standards for technology and se- curity practices remains a matter third, to perhaps as much as $13 providing responsive and effective cyber of fierce contention among key billion in 2009. Highly public technology, services and support must em- stakeholders. Some of the changes debates over issues of leadership phasize partnership with their customers being implemented by the Obama and control in cyberspace – be- Administration may eventually tween the Air Force and the rest reap significant dividends in both areas, but it will inevitably of DoD, between the National Security Agency and the De- take time. partment of Homeland Security – have served to cast closer attention on the challenges Federal executives are grappling A consequence of this is that individual agencies will retain a with in the cyber realm. significant measure of independence in addressing their cy- ber requirements as best they can. The first task that cyber For contractors, this is as compelling and complex an envi- competitors face is to understand the unique requirements ronment in the Federal technology market. The complexity and conditions affecting different customer groups. These that both industry and government alike must navigate is conditions may be driven by an array of factors, including: driven by two primary factors: Mission: An agency’s core missions will drive its informa- Fluid Threat and Technology Environment: Information tion architecture, the nature of its cyber vulnerability, and technology evolves at a very rapid pace, particularly by the the types of solutions required. Is the customer charged standards of Federal procurement. At the same time, the with safeguarding “customer” data? Are they in the busi- pace of change in the nature of cyber threats moves like no ness of operating and protecting critical infrastructure? other technology problem the government has addressed. Do they have an offensive mission, and if so, of what The “barriers to entry” to mount cyber attacks are virtually kind? Intelligence gathering? Achieving effects on the bat- nil: A lone, highly trained individual with a few thousand tlespace? dollars of “start-up capital” can cause immense damage. In the hands of larger organizations or hostile states, cyberspace Sophistication: Federal customers are widely divergent in offers a set of asymmetric weapons against which the U.S. their level of sophistication regarding information tech- government is only just beginning to prepare. nology. Where IT and cyber issues are central to an agency’s mission, it will be motivated toward greater in- The combination of a constantly changing threat and con- volvement in the solution definition process. For other tinually evolving technology landscape creates an environ- customers, outsourcing the entirety of the solution makes ment in which the traditional and highly laborious Federal greater sense. Those agencies at the higher end of the so- processes for defining requirements and fielding solutions phistication scale will tend to have deeper pockets, and are barriers to success. The pace of the “measure / counter- will demand a much more collaborative working ap- measure” cycle in cyber defense and offense requires Federal proach to solution definition and implementation. customers to innovate their tactics, technique and proce- dures (TTP) with rapidity that is not normally associated Autonomy: Some customers will be inclined to lead the with the U.S. government. process of identifying requirements and solutions. Some, indeed, like NSA and DISA, have this explicit charge. But Traditional requirements generation and acquisition proc- many others will take their cue from either adjacent or- esses make it difficult for the Federal customers to keep pace ganizations or follow the lead of more advanced agencies. with the dizzying pace required for effective cyber solutions. Similarly, many customer agencies, particularly in the The challenge for industry is equally daunting. Given finite THE AVASCENT GROUP 2
  3. 3. Department of Defense, may “own” only a piece of the technology into government networks with limited disrup- responsibility along the chain from requirements defini- tion. tion to budgeting to source selection to implementation Cooperative Research: While perhaps applicable only to and operation. some customers with the appetite to sponsor non-recurring IMPLICATIONS FOR INDUSTRY engineering (e.g. DoD, the Intelligence Community, DHS, and DoE), working through Cooperative Research and De- The cyber mission is here to stay. Specific solutions will velopment Agreements (CRADAs) to solve specific problems change and programs will evolve, but investment in cyber will further build partnerships. Developing technology or solutions is rising to a place of importance alongside other IT processes in cooperation with the customer offers a surer investments, “kinetic” warfighting capabilities, and other avenue to formal adoption, particularly with careful parallel core mission systems. Further, contractors and government marketing among user communities. The “build it and they stakeholders alike should realize the turbulence they are ex- will come” model is anathema among most defense firms. periencing is not likely to go away and those agencies and Working with a government customer on cyber CRADA ef- firms that learn to deal with this uncertainty will accomplish forts will provide both parties insight into how each works, their mission most successfully. and can be a key building block for partnership necessary for To capitalize on this rising oppor- long-term market success be- tunity, companies shape their ap- yond the specific goals of the Contractors and government stakeholders proach to the realities of customer area of research cooperation. behavior and constraints, as well alike should realize the turbulence they are experiencing is not likely to go away Leverage IT ID/IQ Contract as technology change. Excellence Vehicles: An underappreciated in cyber capabilities requires a opportunity to develop effective constantly responsive process of innovating in the face of partnerships is offered by IT-focused indefinite demand/ evolving technology conditions. Providers must be cognizant indefinite quantity contracts. While much cyber technology not just of the state of the art, but of the state of play among will be acquired through targeted procurements, much of the adjacent but disconnected customer groups. These condi- capability acquired will also come through traditional multi- tions imply the need among contractors for flexibility and ple-award contract vehicles, like the Army’s ITES-2S/H, capacity for partnership that are unlike many other markets DISA’s ENCORE, DHS’ EAGLE, and others. Companies in which they have come to excel. with existing positions on these vehicles already understand To best support Federal customers and their effort to secure the value of these arrangements as windows through which and exploit cyberspace, contractors should consider develop- to understand requirements, offer solutions, and maintain ing a wide range of government partnership strategies. For ongoing connectivity with their use and evolution. For firms example: not positioned on viable contracts, it is important to under- stand how the ongoing dialogue between government and Help Government Customers Keep Pace with Technology: industry that these vehicles permit can be a powerful means Critical to the mission will be the ability to leverage cutting of anticipating and serving demand. As new multiple-award edge technologies, whether they emanate from the vital com- IT contracts are set to be formed in the coming year (e.g. mercial sector or Federal investments. Firms’ ability to rap- DIA’s SITE, Air Forces’ NETCENTS II) companies consider- idly test, simulate the effect, and understand the benefits of ing improving their position in the cybersecurity market emerging technologies can be of huge use to their govern- should consider how best to approach and capture a position ment partners. Similar to some of the goals of DARPA’s Na- on these key partnership enabling vehicles. tional Cyber Range effort, such a process would offer multi- ple benefits to both industry and government. It would build To improve competitiveness and find ways to build these greater intimacy and appreciation among stakeholders. It critical partnerships, firms should take stock not only of ex- would make government stakeholders better informed and isting technical capabilities and gaps, but of their other ad- more efficient consumers of necessary technology. And it vantages and limitations, including customer relationship, would allow for the more rapid application and refresh of sales channels, etc. THE AVASCENT GROUP 3
  4. 4. THE AVASCENT ADVANTAGE The Avascent Group is the leading management consulting firm specializing in serving senior executives in the defense, aerospace, homeland security, logistics, technical services and infrastructure sectors. Avascent provides a full range of man- agement consulting services, from strategic planning to market analysis to organizational and operational improvement. Our consultants combine our deep market knowledge with proven rigorous market validation and strategic planning meth- odologies to provide invaluable decision support to our clients. THE AVASCENT GROUP 4