THE AVASCENT GROUP 1225 EYE STREET, NW #400 WASHINGTON, DC 20005 (202) 452-6990

Cybersecurity is a problem of interdependencies. Because these interdependencies are also

the strength of the networks and systems on which government and society alike have be-

come so dependant, it is only through better coordination that cyber capabilities, both de-

fensive and offensive, will be improved.

The government market for cyber solutions, however, features a critical paradox: For all the

value of close coordination among players, the market is characterized by widely disparate

approaches to cyber issues and solution development. These differences are driven by a

multitude of factors, but they combine to make the task of achieving coordinated solutions

very difficult. Recent controversies over leadership roles in Federal cybersecurity, and the

recent publication of the Obama administration’s Cyberspace Policy Review, highlight these

problems.

Companies competing in the Federal cyberspace market must cope with this paradox. They

must grapple with customers of varying interests and needs, and who may face significant

hurdles in engaging with developments in sister agencies. Companies looking to expand

their role in providing responsive and effective cyber technology, services and support must

emphasize partnership with their customers.

The dynamism and diversity that characterize Federal cyberspace requires industry to build

highly collaborative customer relationships. To be successful in this market, companies

need the ability to work with their customers in the face of rapidly evolving challenges to

diagnose requirements and prescribe solutions that can draw on best of breed across agency

lines.

The Federal Cybersecurity Market Partnership for Continuous Innovation as the Path to Prosperity in the Cyber Market

JUNE 2009

B2G Advisory Services MARKET & STRATEGY SUPPORT

ABOUT THE AUTHORS: TIMOTHY WICKHAM PARTNER Tim is a partner of The

Avascent Group where he

directs the firm’s C4ISR

practice. Prior to joining

Avascent, Tim served as a

tactical communications

officer in the U.S. Army Sig-

nal Corps and as an analyst

in the Intelligence Commu-

nity.

MICHAEL MCKLOSKEY ASSOCIATE At Avascent, Mike advises

clients on security matters

confronting the federal gov-

ernment. Previously, Mike

worked as a supervisor and

analyst at the National Secu-

rity Agency where he spe-

cialized in information and

cyber security as well as

CBRN-terrorism issues.

For further information

please contact :

twickham@avascent.com

mmckloskey@avascent.com

THE AVASCENT GROUP 2

THE FEDERAL CYBER ENVIRONMENT

Public attention to Federal cybersecurity and cyber warfare

challenges burst to public attention with the 2007 acknowl-

edgment of the Comprehensive National Cybersecurity Ini-

tiative (CNCI). This initiative

boosted Federal spending on cy-

ber solutions by more than a

third, to perhaps as much as $13

billion in 2009. Highly public

debates over issues of leadership

and control in cyberspace – be-

tween the Air Force and the rest

of DoD, between the National Security Agency and the De-

partment of Homeland Security – have served to cast closer

attention on the challenges Federal executives are grappling

with in the cyber realm.

For contractors, this is as compelling and complex an envi-

ronment in the Federal technology market. The complexity

that both industry and government alike must navigate is

driven by two primary factors:

Fluid Threat and Technology Environment: Information

technology evolves at a very rapid pace, particularly by the

standards of Federal procurement. At the same time, the

pace of change in the nature of cyber threats moves like no

other technology problem the government has addressed.

The “barriers to entry” to mount cyber attacks are virtually

nil: A lone, highly trained individual with a few thousand

dollars of “start-up capital” can cause immense damage. In

the hands of larger organizations or hostile states, cyberspace

offers a set of asymmetric weapons against which the U.S.

government is only just beginning to prepare.

The combination of a constantly changing threat and con-

tinually evolving technology landscape creates an environ-

ment in which the traditional and highly laborious Federal

processes for defining requirements and fielding solutions

are barriers to success. The pace of the “measure / counter-

measure” cycle in cyber defense and offense requires Federal

customers to innovate their tactics, technique and proce-

dures (TTP) with rapidity that is not normally associated

with the U.S. government.

Traditional requirements generation and acquisition proc-

esses make it difficult for the Federal customers to keep pace

with the dizzying pace required for effective cyber solutions.

The challenge for industry is equally daunting. Given finite

resources to invest, many firms have found that picking win-

ning technologies is more akin to a game of roulette than a

sound investment strategy.

Uneven Policy and Customer Needs: The Federal govern-

ment struggles to define leadership responsibility in the cy-

ber realm. The task of defining

standards for technology and se-

curity practices remains a matter

of fierce contention among key

stakeholders. Some of the changes

being implemented by the Obama

Administration may eventually

reap significant dividends in both areas, but it will inevitably

take time.

A consequence of this is that individual agencies will retain a

significant measure of independence in addressing their cy-

ber requirements as best they can. The first task that cyber

competitors face is to understand the unique requirements

and conditions affecting different customer groups. These

conditions may be driven by an array of factors, including:

Mission: An agency’s core missions will drive its informa-

tion architecture, the nature of its cyber vulnerability, and

the types of solutions required. Is the customer charged

with safeguarding “customer” data? Are they in the busi-

ness of operating and protecting critical infrastructure?

Do they have an offensive mission, and if so, of what

kind? Intelligence gathering? Achieving effects on the bat-

tlespace?

Sophistication: Federal customers are widely divergent in

their level of sophistication regarding information tech-

nology. Where IT and cyber issues are central to an

agency’s mission, it will be motivated toward greater in-

volvement in the solution definition process. For other

customers, outsourcing the entirety of the solution makes

greater sense. Those agencies at the higher end of the so-

phistication scale will tend to have deeper pockets, and

will demand a much more collaborative working ap-

proach to solution definition and implementation.

Autonomy: Some customers will be inclined to lead the

process of identifying requirements and solutions. Some,

indeed, like NSA and DISA, have this explicit charge. But

many others will take their cue from either adjacent or-

ganizations or follow the lead of more advanced agencies.

Similarly, many customer agencies, particularly in the

Companies looking to expand their role in

providing responsive and effective cyber

technology, services and support must em-

phasize partnership with their customers

THE AVASCENT GROUP 3

Department of Defense, may “own” only a piece of the

responsibility along the chain from requirements defini-

tion to budgeting to source selection to implementation

and operation.

IMPLICATIONS FOR INDUSTRY

The cyber mission is here to stay. Specific solutions will

change and programs will evolve, but investment in cyber

solutions is rising to a place of importance alongside other IT

investments, “kinetic” warfighting capabilities, and other

core mission systems. Further, contractors and government

stakeholders alike should realize the turbulence they are ex-

periencing is not likely to go away and those agencies and

firms that learn to deal with this uncertainty will accomplish

their mission most successfully.

To capitalize on this rising oppor-

tunity, companies shape their ap-

proach to the realities of customer

behavior and constraints, as well

as technology change. Excellence

in cyber capabilities requires a

constantly responsive process of innovating in the face of

evolving technology conditions. Providers must be cognizant

not just of the state of the art, but of the state of play among

adjacent but disconnected customer groups. These condi-

tions imply the need among contractors for flexibility and

capacity for partnership that are unlike many other markets

in which they have come to excel.

To best support Federal customers and their effort to secure

and exploit cyberspace, contractors should consider develop-

ing a wide range of government partnership strategies. For

example:

Help Government Customers Keep Pace with Technology:

Critical to the mission will be the ability to leverage cutting

edge technologies, whether they emanate from the vital com-

mercial sector or Federal investments. Firms’ ability to rap-

idly test, simulate the effect, and understand the benefits of

emerging technologies can be of huge use to their govern-

ment partners. Similar to some of the goals of DARPA’s Na-

tional Cyber Range effort, such a process would offer multi-

ple benefits to both industry and government. It would build

greater intimacy and appreciation among stakeholders. It

would make government stakeholders better informed and

more efficient consumers of necessary technology. And it

would allow for the more rapid application and refresh of

technology into government networks with limited disrup-

tion.

Cooperative Research: While perhaps applicable only to

some customers with the appetite to sponsor non-recurring

engineering (e.g. DoD, the Intelligence Community, DHS,

and DoE), working through Cooperative Research and De-

velopment Agreements (CRADAs) to solve specific problems

will further build partnerships. Developing technology or

processes in cooperation with the customer offers a surer

avenue to formal adoption, particularly with careful parallel

marketing among user communities. The “build it and they

will come” model is anathema among most defense firms.

Working with a government customer on cyber CRADA ef-

forts will provide both parties insight into how each works,

and can be a key building block for partnership necessary for

long-term market success be-

yond the specific goals of the

area of research cooperation.

Leverage IT ID/IQ Contract

Vehicles: An underappreciated

opportunity to develop effective

partnerships is offered by IT-focused indefinite demand/

indefinite quantity contracts. While much cyber technology

will be acquired through targeted procurements, much of the

capability acquired will also come through traditional multi-

ple-award contract vehicles, like the Army’s ITES-2S/H,

DISA’s ENCORE, DHS’ EAGLE, and others. Companies

with existing positions on these vehicles already understand

the value of these arrangements as windows through which

to understand requirements, offer solutions, and maintain

ongoing connectivity with their use and evolution. For firms

not positioned on viable contracts, it is important to under-

stand how the ongoing dialogue between government and

industry that these vehicles permit can be a powerful means

of anticipating and serving demand. As new multiple-award

IT contracts are set to be formed in the coming year (e.g.

DIA’s SITE, Air Forces’ NETCENTS II) companies consider-

ing improving their position in the cybersecurity market

should consider how best to approach and capture a position

on these key partnership enabling vehicles.

To improve competitiveness and find ways to build these

critical partnerships, firms should take stock not only of ex-

isting technical capabilities and gaps, but of their other ad-

vantages and limitations, including customer relationship,

sales channels, etc.

Contractors and government stakeholders

alike should realize the turbulence they are

experiencing is not likely to go away

THE AVASCENT GROUP 4

THE AVASCENT ADVANTAGE

The Avascent Group is the leading management consulting firm specializing in serving senior executives in the defense,

aerospace, homeland security, logistics, technical services and infrastructure sectors. Avascent provides a full range of man-

agement consulting services, from strategic planning to market analysis to organizational and operational improvement.

Our consultants combine our deep market knowledge with proven rigorous market validation and strategic planning meth-

odologies to provide invaluable decision support to our clients.