How Innovative Buying Could Boost Federal Government Security

Montri Nipitvittaya/Shutterstock.com

Nimble buying is one step.

Allen Badeau is the chief technology officer for NCI, Inc. of Reston, Virginia.

With the threat of cyberattacks increasing daily, government agencies need access to the latest countermeasures and best technology solutions to keep pace. A more commercial approach to procurement and IT management could help agencies better obtain and maintain the latest technology while helping to manage cyber threats.

Accelerate Cloud and Modernization Strategies

Many government agencies have built up and layered multiple legacy systems over years and years. Eventually, they become cumbersome to maintain and require elaborate patching to keep the whole system running. Patching legacy systems usually creates other vulnerabilities, so the sooner government agencies can migrate away from those systems, the better off they will be.

» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.

Agencies could decrease their dependence on legacy systems by introducing a consistent enterprise integration strategy, systematically introducing newer technologies while retiring outdated systems. Cloud options can also offer ready access to current technologies in a secure environment. By accelerating their cloud and modernization strategies, agencies gain productivity while reducing cyber vulnerabilities.

There is also a need to reduce shadow IT. Commonly, agencies are broken up into two general groups. The mission side of the agency, which is out in the field, and the back-office systems such as payroll and human resources. The IT systems policy and funding usually flow from the chief information officer to meet mandates.

Sometimes, when the mission side of an agency does not believe it is getting the support it needs, it takes matters into its own hands. It is not unusual to discover, for example, a cluster server hidden in a closet somewhere that has access to the internet through the agency network. That is shadow IT, and that piecemeal approach can create huge problems such as battling security breaches, investing valuable time and money in the wrong solutions and overpaying for licenses, among others.

Take a Trip to SIAM

The commercial world often brings innovation to procurement, and the European Service Integration and Management model is no exception.

This approach positions the contractor as the systems integrator, with ultimate accountability to the government customer to complete the work on time and on budget. With this model, the contractor can easily bring commercial partners on board and effectively manage vendors so if one party is not performing well, it can be replaced quickly.

Fail-Fast to Save Time and Money

Reducing the size of procurements may help avoid protests and get solutions online faster with a “fail-fast” approach. A fail-fast approach enables agencies to break projects into smaller pieces so they can be completed faster, or even fail faster. That way, it does not take years to know if a particular solution will actually work long term.

Typically, cybersecurity procurements are multihundred-million-dollar jobs. If a large prime loses, they protest. It can take years to make an award. It is difficult to modernize any large cybersecurity program when it is under protest, and that is a huge challenge. One disadvantage of the protest process is that the incumbent continues getting paid during the legal proceedings, so the project is slowed or stopped while money is still flowing.

If agencies could compartmentalize certain needs and execute smaller projects, and if those smaller projects fail along the way, the ramifications will not ripple throughout the entire organization. Whereas if a $500 million cybersecurity contract fails, that news gets to Capitol Hill fast.

Smaller procurements can deliver high-priority, incremental improvements across the organization and enable course corrections to bring in new tools a lot quicker.

There is no silver-bullet solution to cybersecurity threats, and there is no single approach that will modernize and protect today’s government IT systems. However, with more nimble procurement practices and a regimen of purposeful IT systems management, government agencies can be better prepared and equipped to respond to today’s cyber threats.