MeriTalk - Where America Talks Government
Steve O'Keeffe

Delicious Digg StumbleUpon
View All Entries
Popular Tags
Posted: 8/26/2009 - 0 comment(s) [ Comment ] - 0 trackback(s) [ Trackback ]

You see, my stepfather was a bookie "turf accountant" as they're known in the old world – so, I know a little bit about the ponies.  If you had a horse with excellent breeding, build, and upbringing, we'd call that a CERT as in certain to win.  If that CERT can't manage to win, or for that matter show or place, the first thing the trainer does is change its routine.  If that fails, they change the jockey.  And if that fails, the owner changes the trainer. 

 Well, if Federal cyber security were a horse – CERT – I think we'd all consider it an important mount.  So let's study the form back to 1990.  We've seen a lot of this colt in the paddock and the owners have pumped out a lot of paper underlining their commitment and race strategy – see Clinton's PDD 63, Bush 43's NSSC, and now Obama's 60-day Cyber Review.  In the last five years, CERT has had four jockeys – Yoran, Purdy, Garcia, and Kwon.  And now we have a new rider – Randy Vickers, promoted from within DHS NCSD.  Since 2003, we've seen trainers come and go – Clarke, Beckstrom, and now Hathaway.  In the same timeframe, the Feds have lost their FISMA religion; TIC is at best confused; and every Tom, Demetri, and Hao is galloping through our cyber defenses.  Oh, and the cloud push is significantly increasing the complexity of the problem – or perhaps affording an opportunity for a new, innovative, and more elegant solution?  It's not like hackers and uniformed cyber warfare officers from competing nation states are pipping CERT at the line.  At most meets we can't even get our pony into the starting gate.  It's no wonder that a series of candidates have passed on the opportunity to fill Hathaway's shoes.  Considering performance, to put it politely, you'd have to be crazy to take a flutter on this gee-gee. 
So, is CERT headed for the glue factory, and if so, why?  And, what, you may ask, do I know about Fed cyber security, U.S.-CERT, NCSD, and the public-private debate on securing our nation's cyber space?
Well, I spent the longest year of my life working onsite at DHS NCSD at the GSA building at 7th and D, SW.  Kiss and tell really seems to be the done thing these days – even the former vice president's firm upper lip is flapping.  Without going into details, I can say that the organization was the most dysfunctional I have ever encountered in 20 years in the government IT community.  Vicious infighting among the appointees, career/contractor wrestling matches, non-profit calculated ambivalence, government affairs operatives that leak like sieves to The Washington Post, directionless public-private partnership meetings, the list goes on.  I sincerely hope that things have changed significantly since my time at DHS – a time when I watched the hard work and initiative of talented government professionals rewarded with distrust and derision.  I believe that this dysfunctionality is the fundamental source of the national cyber security problem. 
If you take exception with my title – you absolutely should.  However, the undeniable truth is that our failure to act appropriately is ceding control of our nation's cyber infrastructure to our adversaries.  The definition of insanity is to assume the same behavior and expect a different outcome.  We have ample documentation of the problems.  We have no shortage of initiative, innovation, and integrity in both the public and private sectors.  Why not define a budget and challenge our best and brightest to propose a series of competing holistic solutions – and evaluate those proposals based on their merits?  And then move swiftly to operationalize.  It’s time to completely change the race – not merely change the silks and ride on.  Considering the economic gravity of America's Internet infrastructure, it's time to learn from the past – not gamble with our future.
Posted: 8/3/2009 - 0 comment(s) [ Comment ] - 0 trackback(s) [ Trackback ]

A smaller, more expensive government. Contractors hire govies and bill them back to Uncle Sam at marked-up rates. That's been the story of the last 20 years. Well, rumors out of DHS indicate that the tide is turning. Agencies are offering contractors raises to jump the fence to government. Same job. Same office. Just change badges -- and everybody wins...except the contractor.

If this turns into a trend across government -- and the momentum is certainly in that direction -- contractors are in a difficult spot. Isn't it difficult to cry foul if Uncle Sam follows your precedent?
So, what does it mean for our community? We should listen for perspective from the Stan Soloway and the Professional Services Council to be sure. Cyber security experts seem logical first targets for insourcing. Will we see contractors try to introduce measures to deter on-site staff from "going native"?  How will unions react if alluring packages upset the balance in Fed pay scales?
If the Obama administration is going to stay true to its change mantra, it needs to change a few things -- and seems to be doing so. The question, is our appetite for change healthy or are we biting off more than we can chew?