Witnesses at a Senate hearing on small businesses’ role in cybersecurity said both the uncertain economic climate and complicated bidding processes present challenges for small businesses trying to serve the government’s cybersecurity needs.
“Most legislation is in place but it has not been well implemented,” said Charles Iheagwara, chief marketing and business development officer at the cyber company Unatek, Inc. “We bid on contracts. It’s difficult to win. The big boys are locked in.”
Sen. Ben Cardin (D-Md.) hosted the hearing in Laurel, Md. The state hosts more than 50 security and intelligence agencies and a dozen military installations, and its lawmakers are making the growth of the cybersecurity industry a top priority. The Obama administration has advocated an economic agenda aimed at creating jobs that solve the nation’s key issues, including cyber threats. But, federal agencies must do more with less money in their budgets to spend on contracts, Cardin said.
“We find that federal agencies’ procurement vehicles are on hold and buying decisions are dragging on for a longer period of time,” said Sarah Djamshidi of the Cheasapeake Innovation Center, which serves as a liason between small security technology companies and their customers. Djamshidi said the delay was creating hardship as companies without large amounts of capital struggle to find the revenue to pay employees.
Federal budget constraints aside, small businesses also face greater risk of data and identity theft than individuals, said National Institute of Standards and Technology (NIST) Director Patrick Gallagher.
NIST is helping the industry develop voluntary codes of conduct. Sen. Barbara Mikulski (D-Md.), who attended the hearing, is pushing for NIST to house a national cybersecurity center of excellence that would facilitate private-public collaboration.
Gallagher said cloud computing, however, was a “great equalizer” that enabled small business with relatively small infrastructure to better compete with more established IT contractors, provided that they make sure their information is secure and their customers’ privacy is guarded.