Now that the results of the 60-day cyber security review led by Melissa Hathaway are in, what’s next? ExecutiveBiz recently brought that question to leading figures in the cyber security discussion — everyone from think tanks to industry — to get their take on what the report may portend for public-private efforts in strengthening cyber security:

1.  “A robust and common sense plan”

Ronald Sugar

“The security of cyberspace constitutes the most critical military and economic imperative of this century.  As I stated in my open letter to the president, clear accountability for this strategic asset should become an immediate national priority. We applaud President Obama for his leadership on this vitally important issue.  And we commend his team for laying out a robust and common sense plan and establishing a Cybersecurity Coordinator to engage this nation’s experts to protect this strategic asset. America’s defense industry stands ready to leverage its investment in advanced technologies to support this national imperative.” — Dr. Ronald D. Sugar, chairman and CEO, Northrop Grumman

2.  “Opens door to new acquisition rules”

Jim Lewis of CSIS

“For now, cybersecurity has high level attention, and I expect OMB and  the CIO Council to work on changing acquisitions rules to reflect this.  Those changes need input from the private sector if they are to work.  The new emphasis probably also means a bigger market for secure services and products, in the government and perhaps in critical infrastructure  - the increase will be gradual but steady as companies change what they buy to reflect cybersecurity. — Jim Lewis, CSIS

3.  “Focused, thorough discussion”

Cisco's John Stewart

“The administration’s report is a culmination of the most focused and thorough discussion about the security of the nation’s online infrastructure. I’m glad that so many experienced and knowledgeable contributors from the public and private sectors have given voice and are being heard. It’s imperative that the public and private sector continue to collaborate. The good news is that more organizations, companies, and nations are working together to determine how to proceed, and provide leading practice guidance for the next generation to work, live, and play safely in the online environment.” — Cisco Vice President and CSO John Stewart, who was a member of the CSIS commission that helped author the 60-day review cyber report

4.  “Useful framework for action”

Peter LaMontagne

“The cyberspace policy review provides a useful framework for both discussion and action. I am particularly impressed with the bold assertion that ‘the status quo is not acceptable’ and level of commitment explicitly called for in the review and action plans in section six. Sections four and five on incident response and innovation respectively are highly relevant, and, in my view, best highlight where the contrtacting community is most likely to be called upon to provide support. The Obama Administration has made clear its commitment to cyber, and while it is too early to assess whether this call to action will be as effective as the one that set off the space race in response to Sputnik, I am certain that all of us who support cyber work seek to provide the type of ‘game changing’ technology or solutions that are recognized as essential to U.S. success in cyberspace.” — Peter LaMontagne, CEO, Paradigm Solutions

5.  “Opportunity to share best practices”

“Strong partnerships and open lines of communication between government and the private sector will be the key to protecting critical networks. As the report explains, the ‘public and private sectors’ interests are intertwined’ when it comes to cybersecurity. Government agencies are in a unique position to help companies identify attackers’ targets and methods of operation, while companies can share expertise and best practices for guarding private networks and protecting the privacy of user data.” — Google Policy Counsel Harry Wingo via his Public Policy Blog

6.  “Rejects ‘heavy-handed’ governmental intervention”

CDT's Greg Nojeim

“The term, “public-private partnership” could mean many things to many people.  It should mean that network operators monitor their own networks to protect them against cyber attack, and if a governmental entity has special expertise or a special solution, it is shared.  But “public-private partnership” should not mean that the private sector is required to permit the government to monitor private civilian networks for intrusion, and should not mean that the government is empowered to seize communications on private networks as part of a cybersecurity program.  That wouldn’t be a partnership.  The 60-day review seems to reject such heavy-handed governmental intervention  in favor of incentives to encourage the private sector to increase security and to share relevant information.  That seems the right approach; now we need to see the right implementation.” — Greg Nojeim, senior counsel at the Center for Democracy & Technology

7.  “Government will look to contractors for best approaches”

“Government contractors will need both specialized technical capabilities to support specific national security missions as well as mastery of new and emergency information technology architecture (e.g., cloud architectures).  Contractors may also be called upon by the government to work with the private sector to secure global supply chains vital to the US economy, particularly from non-state actors. The public and private sectors alike will asked by the government to secure the US and global economy from cybercrime, the consequences of which may already be measurable in terms of US GDP. The government will look to contractors for the best approaches to secure important enterprises, including approaches brought to the public sector based on experience gained supporting commercial clients. Overall, the relationship between the government and contractors will be characterized both from traditional buyer/seller perspectives and from the perspective of a public/private sector partnership – reflecting a traditional US advantage.” — Samuel Sanders Visner, vice president for strategy and business development, enforcement, security, and intelligence, cyber strategy lead, CSC

8.  “Expansion of core configuration policies likely”

John Prisco, Triumfant

“We will likely see some movement toward compliance and expansion of core configuration policies such as FDCC and FISMA. These policies and configurations will require large scale implementations and ongoing compliance enforcement across broad and geographically diverse user populations … Many believe that enforcement will be the lynchpin for success, and with enforcement comes reporting to a central authority (or authorities). So much like other standards, the reporting requirement will likely create work for the govcon community. There is also a historical precedent for agencies to request waivers or exceptions to specific policy planks or requirements, and govcon can be ready to help those agencies build their case. Both activities require that the contractors stay in synch with these policies as they develop and prove subject matter expertise early in the process.”
— John Prisco, president and CEO, Triumfant

9.  “Step forward in preventing ‘economic Pearl Harbor’”

SRA's Stan Sloane

“The report takes an important step toward raising overall awareness of a key business concern: the costly theft of commercial intellectual property.  A “dual hat” role for the White House cyber security policy official and the admission that intellectual property theft was as high as $1 trillion in 2008 reframes the challenge. It’s a potential economic Pearl Harbor. I advocate forceful recognition of the scale and scope of the problem, which is underestimated today.  There must be consequences for nations that conduct these activities, or who fail to prosecute criminals within their borders.  We must counter the threat with a collective government-industry collaboration. While current political rhetoric makes us feel good about increasing the country’s investment in research and technology, it is pointless to do so if it is just going to be pirated by our foreign adversaries. We are simply saving them the time and money of doing it themselves.”
— SRA President and CEO Stan Sloane

As CEO of Paradigm Solutions, Peter LaMontagne brings two key interests to the table: national security and technology. Since coming on board in 2006, LaMontagne has taken Paradigm, an information technology and business solutions provider, from a growing 8(a) business with a general focus on IT support for civilian agencies, to what he calls “a very focused full and open national security company.” Having transitioned out of the 8(a) program, Paradigm is now moving on to the next level of growth as a “tweener” with roughly 200 employees. In this week’s CEO spotlight, LaMontagne offers tips for other “tweeners” to operate more efficiently. Plus, he weighs in on cyber security trends and the no. 1 thing the commercial sector needs to do to stay competitive on the cyber front.

Could you share some highlights of your 17-plus year career in national security and technology?

Peter LaMontagne: Serving as a foreign service officer, particularly my service at the U.S. embassy in Beijing from 1993 to 1996. We saw China embracing technology, like wireless, in potentially transformational ways. Second, my work at ManTech International. It was a terrific environment for three areas: national security, technology solutions, and a strong entrepreneurial spirit.

What got you interested in national security?

Peter LaMontagne: It goes back to my undergraduate career. I studied Latin and Greek, as well as political theory, and had a passion for understanding how the United States had succeeded over the years … I just believed in our national priorities and our mission.

What’s the best career advice you ever got?

Peter LaMontagne: In the Foreign Service one of my supervisors said, “You should never choose your next job, you should always choose your next boss.”

What key leadership lessons do you carry with you today?

Peter LaMontagne: Empower your team and encourage entrepreneurship, lead by example through a strong work ethic, and make integrity a core value in your business.

You came on board Paradigm in May 2006. What are you most proud of?

Peter LaMontagne: I’m proud we’ve successfully transitioned Paradigm from being a growing 8(a) business with a general focus on IT support for civilian agencies into a very focused full and open national security company with core expertise in cyber security, cyber forensics, and disaster recovery.

Any tips on weathering tough economic times?

Peter LaMontagne: We weathered a challenging period within Paradigm as we transitioned out of the 8(a) program.  During that period we learned to tighten our belt and focus on business priorities.  So, we are accustomed to weathering challenges on the economic front.  I think that firms such as ours — “tweeners” that are no longer small businesses — have to operate more efficiently, they have to be more agile. Those are the exact skills you need to weather economic challenges.

What bright spots do you see for the industry?

Peter LaMontagne: Cyber security, everything related to the protection of our information assets, as well as examining how the internet and the cyber world is going to impact national security.

What are your top tips for technology solution providers?

Peter LaMontagne: One, integrate security solutions into every IT project you pursue. Second don’t let security prevent IT from delivering the benefits that it’s designed to deliver: facilitating communications and the rapid delivery of information.  That’s where smart contracting solutions come in to support the federal government in balancing those two competing priorities.

What’s the no. 1 thing federal agencies need to do to better tackle cyber security?

Peter LaMontagne: To recognize that the government is dependent on the commercial world for its IT infrastructure.  Understanding the nexus of commercial infrastructure at the application and IT infrastructure level is critically important to defending that infrastructure as well as operating successfully in an environment where the cyber threats are numerous and increasingly sophisticated.

And the commercial sector?

Peter LaMontagne: As an industry it’s important that we continue to nurture and develop our best IT talent in the direction of cyber security. At Paradigm we are serious about providing our best and brightest IT professionals with a career trajectory and training opportunities that will help them understand how to be prepared for the cyber security challenges of the coming three-, five- and 10-year periods.

Interview conducted by JD Kathuria

Read more interviews here: http://blog.executivebiz.com/category/interviews/

You’ve seen the headlines, and you know firsthand: It’s rough out there. Even though the government contracting community will be less hit than other sectors, competition for existing customers will be extra fierce over the coming year. So, what if you could gather the area’s top CFOs in a room and ask their advice for 2009? ExecutiveBiz went looking for the Top 10 CFOs in Government Contracting — CFOs who’ve gone beyond numbers crunching to deliver the best in business and technical strategy to their companies. Hailing from small to medium to large businesses, each CFO shares a record of driving their company to greater heights. Here they share how they did it and offer their top tips to help you do the same in 2009.

Read the rest of this entry »