The Fort Meade Alliance held its 4th annual Industry Day on March 3rd at the BWI Westin. Government acquisition executives and commercial cybersecurity leaders shared insights on contracting and the changing business environment, as well as the importance of innovation and collaboration to addressing cyber threats.
“Industry Day is a perfect illustration of why we established the Meade Business Connect,” FMA President Steve Tiller said. “The event focused on de-mystifying the government-contracting climate, learning about challenges and opportunities in the commercial sector and helping small and emerging business become successful. “
Industry Day featured a panel discussion with acquisition executives from the National Security Agency (NSA) and Defense Information Systems Agency (DISA) who discussed contract vehicles and business opportunities and provided updates on teaming and subcontracting issues, small business goals and more.
As budgets tighten, the speakers said the industry will see an increased focus on the consolidation and bundling of contracts from both agencies.
“If your predominant business base is the Department of Defense, I encourage you to take a strong look at what you are doing,” said Douglas Packard, Director of the DISA’s Procurement Directorate and Chief of the Defense Information Technology Contracting Organization.
NSA and DISA are working to identify efficiencies and promote innovation in the procurement process. Lise Mangerie, Chief of the Contract Management Oversight Office at NSA, said that strengthening the agency’s focus on contract management has been a major goal of its reorganization.
“We went from about 20 to 25 full-time people doing a handful of contracts to about 130 people managing all the contracts that are valued over $5 million, regardless of the type of contract.” Mangerie said. “So, it’s a big change that we underwent in the acquisition role to put the focus back on good contract management.”
DISA has achieved savings by doing a better job defining requirements and deliverables. Packard said that a simple action like applying more scrutiny to the reports asked for in a contract can lead to savings.
“Just pulling reports can have a million-dollar savings on a contract. It’s not free to do it for the contractor. It takes paper, time and intellectual capital to do it,” he said.
Mangerie said that NSA is also focused on building its industry base and identifying new and innovative small business partners. She encouraged interested small businesses to contact the NSA Office of Small Business Programs.
“As difficult as it might seem to get in the door and work at NSA, it’s not impossible,” she said. “It’s about reaching out to us, reaching out to business partners who already have business with us and forming those alliances. We are looking to refresh that base of industry that we depend upon to get the mission done.”
Industry Day also featured a commercial cybersecurity panel discussion with Kevin Crain, Director of IT Security and Chief Information Security Officer for the University of Maryland Medical System, and Thomas Hofmann, Cyber Threat Intelligence Lead for PNC Financial Services Group.
With the increased frequency of cyber attacks, corporate leaders who may have once viewed IT security as a cost center, must now have a greater understanding of its strategic importance.
“I don’t really think the traditional views hold anymore when it comes to the perception of our cybersecurity organizations,” Hofmann said. “On a weekly basis, we have our C-Suite coming through to get updates as to what we are seeing.”
Protecting customer information must be a crucial goal for all businesses. Crain said that a credit card number is worth 50 cents to a dollar on the black market and has a short shelf life. The personal information contained in an electronic medical record has a street value of $10 and a half-life measured in years.
“Your identity gets stolen, you don’t get a new birthday,” Crain said. “So that threat will persist over the course of years. That’s what keeps me up at night in health care.”
Another area of concern for the health care industry that Crain discussed was medical device security. Many medical devices are network attached, and the devices serve many purposes, from monitoring vital signs to delivering medication. “One area that hospitals are becoming very focused on is finding partners who can give us early intel about vulnerabilities in those devices,” he said.
Hofmann discussed the threat of spoofed websites that are made to look like those of financial institutions. One area that PNC focuses its external intelligence collection efforts on is brand protection. It monitors underground forums and tries to be as proactive as possible to ensure that when someone stands up a spoof page it is detected and action is taken to take it down.
Industry Day is the flagship event of the FMA’s Meade Business Connect. If you are interested in getting involved with the Meade Business Connect planning committee, contact Will Burns at firstname.lastname@example.org.