Vendors find security is a tough nut to crack

 

Connecting state and local government leaders

Doing business with the government, always difficult and expensive, is getting even more difficult in the security area, some industry executives say.

Doing business with the government, always difficult and expensive, is getting even more difficult in the security area, some industry executives say.Government agencies have been so overwhelmed by proposals for securing critical infrastructures that the new Homeland Security Department is setting up a technology clearinghouse.Just finding out what the government needs is a challenge in itself, said John C. Hermansen, chairman and chief executive officer of Language Analysis Systems Inc. of Herndon, Va.'The government has been very difficult to deal with in the last 18 months,' Hermansen said, although for years his company has produced name-recognition and analysis tools for intelligence and border-control agencies. Government business still accounts for about 75 percent of the company's revenue, he said.'After Sept. 11 we had good friends in the agencies who said, 'I can't talk with you any more,'' he said.'I'm sure that happened,' said Robert E. Suda, assistant commissioner for IT solutions in the General Services Administration's Federal Technology Service. 'People are being a lot more cautious who they talk to and what they talk about.'That's partly because of security concerns, Suda said, and partly because agencies are busy changing the way they do business.'I probably have 15 phone calls a week and five or six industry partners coming in my door to talk about what they are doing,' Suda said. 'You only have so much time.'Sallie McDonald, FTS' assistant commissioner of information assurance and critical infrastructure protection, said vendors had certain expectations after Sept. 11.'There was an expectation that government would be buying all sorts of security systems,' McDonald said. 'Government has not had the money to buy security that vendors thought it would have.'She said that the creation of HSD coupled with security requirements from the Office of Management and Budget will mean some increase in security spending, but that neither agencies nor vendors should expect much.'We have a war that we're planning, and wars cost money,' she said. 'The president is keeping domestic spending flat.'Most spending for IT security will have to be carved out of existing budgets, she said, and 'the wise CIO is looking at shifting money' from other program areas.Navigating the maze of certifications required to sell to government also is daunting, said Eric Uner, co-founder of Bodacion Technologies LLC of Barrington, Ill. Bodacion is piloting its Hydra secure Web server, which it claims is invulnerable to all known hacks and will be commercially available this spring.'The first step is getting to know what the hurdles are,' Uner said. 'The cost is extremely significant. For Common Criteria Level 4 [international security certification], it probably approaches $1 million.'Uner said his company was lucky to be shepherded through certification by interested agencies because 'the claims we are making are so outrageous' that agencies are eager to see validated results.But he also questioned the usefulness of certification programs such as the Common Criteria and Federal Information Processing Standards, 'mainly because the certificates are misunderstood and misinterpreted.'FIPS certification, required for government cryptographic tools, requires use of government-approved algorithms, which meant that Bodacion could not submit its proprietary Biomorphic cryptography, Uner said.'Unfortunately, we had to reduce our security for the government compared to what we can offer commercial customers,' he said.Uner said he prefers the National Security Agency's Security Proof of Concept program, which validates vendor claims rather than certifying to government standards.Finding government customers is even more difficult for small vendors, Suda said, 'because of all of the centralized procurement. At FTS we are trying to get more of them in.'Hermansen argued that the government 'does not know how to work with small businesses. The bureaucracy is not suited for dealing with them. We have been pushed to the brink of going out of business several times in the last 18 years' by inept handling of contracts.'New business is always tough to get,' Suda acknowledged, 'but it is doable. It comes down to a question of relationships,' which he said are easier for small businesses to develop at the field level than at the headquarters level. Partnering with large integrators can be effective in shooting for business at the headquarters level and from centralized procurements, he said.Once a vendor, large or small, gets official attention, the key to doing government business is 'being able to show how you make a difference,' Suda said.

GSA's Robert E. Suda says it's true that government people are being more cautious these days about what they say and to whom.

Despite push to strengthen systems, agencies don't have much to spend'and are even getting stingy with information


























Lost in cyberspace



Pricey processing





















NEXT STORY: BigFix patches automatically

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.