Feds turn to private sector for security technology

Washington, D.C. (6/21/2011) -- If there was one prevalent theme permeating the annual Security Industry Association (SIA) Government Summit at the Phoenix Park Hotel in Washington, D.C., it was that the federal government is now embracing new public-private partnerships in security technology sectors like never before.

In presentations ranging from new Department of Homeland Security technology directives to new memorandums on HSPD-12 reforms to a National Institute of Standards and Technology (NIST) cyber-security program, the buzzword was all about cooperation with the private sector. Billed as the leading public policy conference in the security industry, security vendors, systems integrators and government agency officials networked to get a better understanding on where the federal government is headed with policy and funding.

The tenor of the proceedings were laid in the opening keynote Tuesday morning presented by Thomas Cellucci, Ph.D., the acting director of DHS's research and development group. He also serves as the chief commercialization officer for DHS as well. Dr. Cellucci's prime quest is to seek out bona fide private sector technology partners to help develop tomorrow's cutting edge security solutions. "There is a new mindset here in Washington that asks, 'Why does the federal government have to spent so much money developing products when the private sector would be glad to do it, and they could do it better, cheaper and faster?'," he said.

Dr. Cellucci has spearheaded the SECURE (System Efficacy through Commercialization, Utilization, Relevance and Evaluation) program under DHS. The scope of the program enables DHS's science and technology directorate to efficiently and cost-effectively leverage the resources, skills, experience and productivity of the private sector to develop technologies and products in alignment with specific requirements obtained from DHS components, the first responder community and other end-users involved in homeland security applications.

"We need to provide products and services to our various agencies and also provide the best solutions possible to our first responders. And we are looking for the private sector partnerships to get us there," said Dr. Cellucci, who has laid out a roadmap for security vendors and service providers to receive information from DHS on where there are security deficiencies across the spectrum and how those companies can present their solutions for consideration and eventual federal contracts if selected.

Companies like Videology are among five security vendors who have gone through the DHS Science and Technology Directorate SECURE process and received certification to provide solutions in the mass transportation sector.

"There was a need and these companies filled it, and did it quickly," Cellucci said. "When is the last time you saw the federal government develop solutions that came in under budget and came to market in under three months?"

Jeremy Grant is the administrator of NIST's National Strategy for Trusted Identities in Cyberspace (NSTIC) program, and like Cellucci, he is a proponent of working shoulder-to-shoulder with private industry. In helping the Obama administration develop a national strategy for cyber-security, Grant admits that current events involving the hacking incident of Sony PlayStation systems and others simply highlight the growing cyber threats.

"We live in a password-friendly environment that is becoming more and more absurd. When I arrived at NIST four months ago, they handed me a four-page instruction sheet on setting my new passwords. There has to be a better way to protect identities and privacy for both private citizens and small businesses," said Grant, who added that the Department of Defense recently eliminated it password protocols in lieu of using its CAC cards. Since this transition from password to a single sign-on card solution, he said Defense Department computer intrusion incidents were down more than 46 percent in 2010.

"Adapting technologies that enhance both privacy and security is the goal. But how do we get there?" Grant asked the SIA Government Summit attendees. "We do it by developing a private sector governance model. Our aim is to establish private technology partnerships with NIST and other agencies to develop these solutions. We are also looking at the private sector to help develop standards and policies, along with pilot programs.

"This is the time to come up with better solutions for protecting privacy and enhancing security," continued Grant. "The government's role is to bring all the shareholders to the table and work with the private sector to solve the issues at hand."