Slashdot Mirror
What Silicon Valley Can Do For Homeland Security
An anonymous reader writes "Small, agile development firms are just what security in the United States needs, argues an article on Ars Technica. The piece compares the processes used in small Silicon Valley firms to those used in security contractors retained by the U.S. Government. Mr. Stokes' conclusion? The U.S. has a lot to learn from small companies." From the article: "Whether it's nuke detection technology at ports, computer automated wiretapping and data traffic snooping, or massive government data mining operations, our present approach to homeland security is embodied for me in those 14-foot pillars: ponderous, expensive technologies designed by government-funded teams of scientists who're working in vain to outmaneuver not just the terrorists, but the surging global market for technological innovation in which those terrorists thrive. By way of contrast, the Sandia group's DIY nuke detector represents an attempt to fight fire with fire by harnessing the same market forces and entrepreneurial spirit that terrorists have learned to use so effectively."
While smaller firms may foster more rapid innovation, sub-contracting some of the nations most sensitive technical development significantly increases the exposure to infiltration.
I hate the term 'Sig'.
I didn't know what to call it, so I just said 'culture.' We could call it defense, we could call it homeland security.
The culture for so long has been so immersed in expensive, bulky solutions, it will change slowly if at all. The government just doesn't feel right unless their dealing with a huge company and huge expenses. For one thing, in a way it justifies politicians existence to the voters. "Hey, look how much we're spending on security!" And truth to tell, there may be other dangers in dealing with smaller, nimbler companies.
On a lighter note, I thought this was amusing:
I know that geeks, /.ers in particular, are lining up to work with the government on wiretapping!
Dark Reflection
I still think the US should simply pull it's military out of the world and make peace and free trade instead of trying to employ everyone with FUD and wars. It's so much cheaper and simpler.
our present approach to homeland security is embodied for me in those 14-foot pillars: ponderous, expensive technologies designed by government-funded teams of scientists who're working in vain to outmaneuver
This quote from the article makes it sound like government scientists are incompetent boobs. The ones I know aren't. This sounds more like a political screed for the privatization of security than anything else.
Although I agree with the basic premise that government can learn a lot from start ups small businesses, here's what life's like around the beltway.
...... but......why might you ask do companies invest at the end of the day....?
Note: I work for a consulting firm based out of the DC area. We have a combination of commercial and Federal / Public sector clients
From the small business side:
You can't imagine the procurement requirements and overhead costs to do business in the Federal sector. Here are some examples:
1) FSO - Security officer to manage the clearances of your employees and company. Can't live with out it
2) Contract Vehicles - GSA Schedules are expensive to maintain or outsource.
3) Contracting Officers - Specialist who deal with government Contracting Officers.
4) Low Rates - Combined with the large overhead requirements above, is a problem. Trying finding competent technical help in DC.
5) Accounts Receivable that can stretch to 180 days without blinking.
6) Can't leverage commerical sales, must hire a dedicated sales force that understands the market.
Again for the big beltway bandits, these are small overhead items, but for a 150 person company, these are significant line items.
From the Government Side:
1) Risk adverse. If you screw up a small project or procurement, you could wind up on the cover of the Washington post. Not a good place to be if you're a GS12 bureaucrat waiting for your GS13.
2) Insane Budget Cycles: If you don't use it you lose it. There's a reason why so much gets done in late August / September around DC.
3) Preference for the "usual suspects" like Lockheed, Booz Allen, Northrop Grumman, Raytheon, Unisys, Titan etc. With items one and two, why try a new small untested company. Many companies around the beltway have gone out of business and screwed the gov. At least you know they are not going any where.
4) Compliance requirements that make SarbOX look like child's play.
That's just a small hint at the problems with doing business with the federal governement. I sure the UK or other Western Countries have the same issues.
There are not too many super enterprises that release contracts on a multi-year basis. Once you get over the moat, you are in.
"It's technical in a psychometric kind a way" -- C. Parish
One of the major problems with our government is that was designed to be slow-moving in order to keep it stable. Unfortunately, that attitude has leaked into the smallest corners of government agencies over time, and it has become a major problem when we deal with issues or situations that require rapid response or immediate change of policy. Of course, that describes most issues and situations in these modern times, and we are all suffering as our country loses its edge.
Being an European and, therefore, more accostumed to live with terrorism than Americans, I believe that the whole approach is inherently wrong. I find extremely similar to the typical prevent/correct engineering design decision. There has never been a case of success when attempting to control terrorism by developing new methods to fight it. England has failed, Spain has failed, France has failed, Portugal has failed and so on... society is just has too many vulnerabilities for ANY protection plan to work flawlessly. Even if you control every airport, bridge and nuclear weapon, a terrorist will still easily access you water supply (you can control water quality easily on depots... try the same on the piping), use a needle to insert poison randomly into supermarket goods, get an Ebola infection and then walk around a crowded stadium... The ONLY way to avoid terrorism is to prevent it. And the way you do that is you find the reason that moves the terrorists in the first place and find a way to remove internal popular support for that sort of action. The Spanish government gave extended autonomy to Euskadia, England negotiated peace. If you want to END terrorism, stop messing with other nation's internal political activity. America gave Noriega a country, Noriega behaves badly, America takes down Noriega. America gave the taliban a country to face the USSR, the taliban behaves badly, America takes down the taliban. America gave Hussein a country to face the USSR in Iran, Hussein behaves badly, America takes down Hussein. America gave Pahlavi a country to get Iranian oil, Pahlavi behaves badly and Ayatollah get a country, what next?! Get the pattern?
I can't disagree with this. There is much that is useful in the experience, culture and skill sets of small companies.
However, I would caution about overstating what those companies bring to the table, or underestimating the degree to which government is already tapping that resource.
I've worked with government agencies and personnel. They run the gamut of professionalism, dedication and intelligence just like the private sector does. But even the best of them are hampered in doing new, creative things by this simple fact: government is huge. Not only is it huge, it is composed of constitutionally separate and independent layers (federal, state, local).
It's not that nothing new gets done. In fact, if anything, there may be too much creativity, and not enough coherence. For example, the kind of whizzy-bangy stuff TFA talks about is commonly funded by SBIRs: Small Business Innovative Research grants. The SBIR program is a great boon to small businesses, to be sure, but it is like a black box into which money is pourted and from which few useful, although many interesting results come out.
All kinds of great research gets done under these programs, but somehow it never amounts to an effective coordinated response. And since terrorism is by its nature opportunistic, it doesn't matter how exceedingly well you respond to any single technological challenge. You need big picture strategy.
This is a big difference with a tech startup, which only has to solve one technological problem better than the competitors to make its fortune.
The problem that plagues government are the things that everyone agrees need to be done, but whose organizational complexities are impossible to navigate. Do you think that FEMA bureaucrats don't want Katrina victims to get the money which has been allocated to them? The problem is the reorganization that sucked them into DHS, while billed as making response more agile, did the worst possible thing: it buried them inside a much larger agency.
Bureaucracies are, as an organizaional structure, designed to do repetitive execution of routine tasks. All the Kafkaesque aspects of them we hate result from them encountering situations that are outside their assigned tasks, not covered by policy, or all too common made worse by policies. That's what's holding up Katrina relief. Policies are in place that are conceived around a zero tolerance for waste and fraud (as if this was achievable), and values the smallest increment in that direction greater than any level of increment of humanitarian relief.
The critical missing factor is at the political level. Believe it or not there's a lot of talent, passion and dedication in government, but below the political level those people can't change policy. The political level can change policy, as well as create an environment where common sense bending of rules to meet the greater goals is tolerated. If the political level is brain dead, then each organ of government will continue to do its routine homestatic functions, but won't be part of a purposeful response to new challenges.
If government fails to respond to a big challenge, it isn't because it doesn't tap private sector expertise. Nor is it because it lacks people with talent and dedication. It's because the people we elect don't care enough about the problem to make things happen.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
Especially since the most effective anti-terrorist technique is to infiltrate the terrorists, which is cheap and doesn't compromise the rights of the innocent.
But on the other hand, who's easier to infiltrate, a 10,000-person Beltway Bandit or a startup where everybody knows everybody else?
They promise you everything, deliver vapourware and screw up over in the process.
HTH
putting the 'B' in LGBTQ+