Within the first month of 2022, we have seen a huge push to improve the nation’s cybersecurity. From the updated CMMC 2.0 regulations to the “White House’s Memorandum on Improving the Cybersecurity of National Security, Department of Defense, and Intelligence Community Systems,” we can expect that cybersecurity solutions and zero trust are going to be one of the biggest tech trends and sought-after solutions this year.
This push, of course, makes sense, considering the significant number of cyber disruptions last year that impacted a multitude of supply chain issues. It serves as an attempt for the White House and other federal agencies to start getting ahead of cyber attacks, instead of having to respond reactively. However, there seems to be conflicting opinions on what the best course of action may be to take when figuring out how to address cybersecurity in both a proactive and effective manner.
The rush to get cybersecurity tech and solutions delivered and implemented across multiple federal agencies as quickly as possible disregards the importance that people still play in ensuring cyber safety, something the DoD’s weapon tester stated in its annual report. The automated nature of cybersecurity tools that assist in thwarting cyberattacks is rapid-fire, behaving at machine speed, but the complexity of many attacks still calls for a dual human and AI/machine effort.
If we rely on technology alone, it is likely that many attacks will slip through the cracks. The Pentagon’s Office of the Director, Operational Test and Evaluation’s 2021 report states that, “Cyber assessments and operational tests continue to show that where systems or networks are actively defended by well-trained personnel in environments employing Zero Trust concepts, Red Teams emulating cyber actors have difficulty degrading critical missions.”
While it is important for the government to establish an effective human-to-machine balance to protect the United States in the cyber world, the recently signed National Defense Authorization Act bodes good news for commercial companies developing cybersecurity tools. The legislation emphasizes the need for the federal government to better implement and utilize commercial technology, and effectively breaks down the steps needed to take in order to do so successfully and improve the Department of Defense’s currently outdated acquisition process.
These developing improvements to the process specifically seek to improve the nation’s strength in the cybersecurity and Artificial Intelligence fields, which are both areas that many are concerned we have fallen behind on in comparison to other countries, namely and most concernedly China.
The current process allows for the DoD to implement tech they are already familiar with, such as aircraft carriers and tanks, but traps commercial tech in a lengthy bureaucratic process with a disappointingly high barrier to entry, more commonly known as the valley of death. These new initiatives, from formalizing the Commercial Solutions Opening to acquire innovative tech through prize competitions and peer proposal review and mandating studies and pilot programs to learn how to best go about leveraging new technologies, pave the way for larger acquisition reforms.
The updated acquisition process, push for use of commercial tech, and the highlighting of cybersecurity tools as a solution of major interest for the US means that commercial cybersecurity companies find themselves in good shape to receive federal funding this year from Research and Development programs such as the Small Business Innovation Research (SBIR) and the Small Business Technology Transfer programs.
