recommended reading

Time to Get Going

The IT Security Entrepreneurs' Forum brings together startup companies that have developed cutting-edge cybersecurity technology with established corporate and government leaders to discuss if and how the new tools can be used. The event, which will be held March 16-17 at Stanford University, is hosted by Security Innovation Network, a group founded to encourage collaboration between government and industry to speed the development of security innovations.

Nextgov spoke with SINet founder Robert Rodriguez about a week before the forum about the state of collaboration between government and business. Rodriguez retired from federal government in 2004 after serving in the Secret Service for more than two decades and heading the San Francisco Electronic Crimes Task Force, which established working relationships among government, public, private and international stakeholders to establish strategies for better protecting computer infrastructures.

Nextgov: What inspired you to form SINet?

Rodriguez: : When I was in San Francisco, I fell in love with the entrepreneurial spirit in Silicon Valley and became passionate about bringing disparate groups together focused on cyber. Success in this area starts with awareness, education, training and relationship building.

Nextgov: Why is public-private collaboration such a hard thing to do?

Rodriguez: : You have acquisition language that suffocates innovation, [because] it was built at time when the Internet was not as dynamic. There needs to be a better way for communicating the needs and requirements for system integration. How can you build a solution when you don't understand what you need to build to? Then, on the other side, there's a lack of understanding of government processes [in the private sector]. This creates a cultural divide.

Nextgov: Do the federal government and industry view cybersecurity differently?

Rodriguez: : Government, the Defense Department in particular, is very risk averse, and for good reason. But the adversaries are innovating faster than we are and chipping away at [legacy systems] a bit at a time.

There are technologies that can help stop the bleeding. They might not be the silver bullet, but [government] can't wait for things to be perfect. It's a balance that starts with awareness of the innovation happening across America. Instead of trying to reinvent or build new products, why not partner with the small company and hold its hand to advance security that way?

There are lessons to be learned for both industry, which moves at warp speed, and government, which focuses on mitigating risk. We need to find a balance. The adversaries attacking our system don't face the same challenges. They don't have corporate governance, privacy, budget, bureaucracy and policy issues to consider, nor do they have the moral and ethical questions to consider. That makes their job far easier.

Nextgov: You mentioned procurement. This seems to be a major sticking point to true collaboration. How much regulation is appropriate?

Rodriguez: : If you don't adhere to government procurement requirements, guidelines and rules, you put [systems] at great risk. However, we can't wait two years to identify and integrate products. We've got real problems and we can't wait for perfect. Someone needs to take action. I'm not saying boil the ocean, but if the average time, cradle to grave, to get a solution [developed and deployed in a federal agency] is 24 months, how about we set a goal of 20 months? And then from there, maybe we set a goal of 16 to 18 months.

Nextgov: Another concern of industry seems to be liability. If companies sharing critical information about cybersecurity with government, will they be held responsible when breeches or attacks occur? What can government do anything?

Rodriguez: : That's a hard question, but policy is a critical component to addressing these problems. We're in the beginning of the Internet [revolution]. We need to get on the front end of the threats and that requires a combination of technology innovation and leadership, good management, well thought-out system architectures, and policy that is the result of industry practitioners and legislators working together.

Public-private partnership is a beautiful model to believe in and it works, but we need to take an asymmetrical approach that encourages mutually beneficial relationships. It needs to be a national approach that is community-based. It's hard for the Homeland Security Department to truly enable public-private partnership across the nation, because there isn't that element of trust. We've got to move from a "me" to "we" mentality, with the proper leadership in place. With Howard Schmidt as the White House's new cybersecurity coordinator, we know we have a leader with a huge relationship base. That's a big help.

Threatwatch Alert

Stolen laptop

Wireless Heart Monitor Maker to Pay $2.5M Settlement to HHS After Laptop Stolen

See threatwatch report


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.


When you download a report, your information may be shared with the underwriters of that document.