Best value is key to securing federal IT
- By James McAleese
- Mar 28, 1999
President Clinton astounded the information technology community last month when he proposed in his fiscal 2000 budget more than $1.4 billion for critical infrastructure protection. This is the first concerted federal effort to protect the vulnerable U.S. infrastructure - including components such as telecommunications, transportation and essential government services - from attack. The effort, however, will place a premium on industry "network integration" skills to protect the architecture against intrusion from external threats as well as from disgruntled employees within.
Cyberthreats place a premium on IT network integration capabilities, coupled with true best-value IT acquisitions, to create the highly secure, three-dimensional virtual government of the future. Unfortunately, acquisition reforms have collectively come to symbolize IT as lowest-price commodity buys. Specifically, vehicles such as the General Services Administration's Federal Supply Schedule or the multiple-award schedule create a strong presumption that most IT is a fungible commodity. Such a generic "ash and trash" perception is supported by fierce interagency rivalry in marketing competing contract vehicles, which repeatedly trumpet lowest price over technical and experienced discriminators, even when the systems are mission-critical.
However, nothing could be further from the truth. Network integration of large-scale, interagency voice, video and data requires premium technical expertise to meticulously manage the never-ending evolution of the system, handle real-time surge capability for mission-unique requirements and ensure redundancy in the event of a physical or cyberattack or other emergencies. This is particularly true in the greater Washington, D.C., area, which is a target-rich environment for cyberterrorists.
And the $1.4 billion cybersecurity budget carrot came without a heavy stick to motivate agencies. Last year Clinton, in Presidential Decision Directive 63 (PDD-63), mandated agencies to increase critical infrastructure protection by 2000 and create a highly reliable, interconnected, secure information network infrastructure by 2003. PDD-63 grew out of recommendations made by the President's Commission on Critical Infrastructure. Clinton formed the commission after realizing that weaker aggressor nations, terrorists and criminals were far more likely to target U.S. telecommunications, transportation assets such as the Federal Aviation Administration, financial centers such as the Treasury Department and the Social Security Administration, and emergency services providers such as the Federal Emergency Management Agency, rather than directly confront superior U.S. troops on the battlefield. This was in addition to "recreational hackers" and disgruntled federal employees, whom the commission also targeted as major threats.
Specifically, PDD-63 assigned accountability for information assurance to each federal agency, which typically means the chief information officer also becomes the chief information assurance officer. Because the CIO is tasked to create the seamless virtual federal government under the administration's National Partnership for Reinventing Government, the CIO is in the hot seat, charged with guarding the evolving network of voice, video and data of the future virtual government from internal and external threats.
However, increasing cyberattacks, coupled with Congress' expectation that some federal services will experience a modest Year 2000 collapse, place senior agency leadership on a collision course with Congress in fiscal 2001. The Government Performance and Results Act of 1993 and the Clinger-Cohen Act voice veiled threats to punish those agencies that are inept, have records of fraud, waste and abuse, or fail to manage IT programs to generate verifiable return on investment to users. Congress will scrutinize those agencies that are caught unaware in a major infrastructure collapse, particularly when Congress is expected to provide several billion dollars in cybersecurity funding annually over the next several years.
The bottom line is that federal agencies in the greater Washington, D.C., area are enormously dependent on integrated IT networks to perform vital global missions in real time. Physical and cyber-based vulnerabilities can only be mitigated by an integrated voice, video and data infrastructure that ensures continuity, operational capabilities, interoperability and redundancy.
That network integration expertise is not simply a commodity; it supports the very lifeblood of the critical nerve center of the United States. Despite the temptation of lowest-price commodity awards, agencies must focus on the strategic value of best-value IT acquisitions. A focus only on short-term cost is a prerogative for which all of us shall pay dearly.
-- McAleese is the principal of McAleese & Associates, a government contracting and high-technology law firm in McLean, Va.