What If..... Articles Bridging Security with Society & Industry
Information and Critical Infrastructure Security: Preparing to Do Business with the Federal Government
Imagine it! You build a team to respond to an RFP. You are capable of winning the contract based on your technical capabilities and past performance. The proposal is reviewed, copied, signed and submitted. Finally, your company is awarded the $2.3 million dollar contract over 2 years. You have hired staff and begun performance. At the end of the first year the client notifies you that your company must immediately show proof of a secure computing infrastructure and disaster contingency plans within 10 days or you will lose the contract. The cost to secure the infrastructure is $900,000. What do you do? Pay or Leave the Contract. Let’s revisit the question later.

Since the tragedies of September 11, 2001 our Government has taken serious measures to ensure that our nation’s critical infrastructure is protected. Critical Infrastructure is defined as those resources necessary to maintain a functioning operation or environment. As a supplier of goods and services to the Federal Government small businesses must also take on the mission and responsibility of ensuring the security and continuity of our Nation’s critical infrastructure.

Let’s not limit these serious measures to the Federal Government though. Large prime contractors have a great stake in this as well. We get really excited about teaming with primes and serving the Government sector especially the new Department of Homeland Security, but irrespective of how great your service, past performance and capabilities security in all aspects is beginning to take priority when determining contract awards. Accepting the mission to support our nation requires that you begin to mitigate security risks within your own organization before being entrusted with our nation’s critical infrastructure. Considering that more than half of all businesses NEVER recover after disaster prime contractors and Government agencies are beginning to look more closely at companies who can provide a level of security and continuity of operations in addition to their core competencies. So if you are presented with the above scenario, don’t take it “personally” it’s really “just business.”

Be proactive! Revisiting the previous scenario, which is a reality for many of our clients, a decision has to be made. To remain competitive, you must begin to put security risk mitigation and recovery measures in place. Develop a disaster recovery plan and corporate security policy.

Whether you provide cleaning services or sell electronic engineering components you need to be in a position to continue providing services to the client with minimal delay. Quite frankly, the client won’t care about the tornado that came through your county or that a hacker took down your website. The client cares about the task that you were awarded and your company’s ability to perform. Clients want to be sure that in the event of a disaster the confidentiality, integrity and availability of their information can be entrusted to you. It does not always require that you create a duplicate operations site, but it does require that you maintain regular backups, offsite storage capability and plans to continue operations as soon as practical.

Equally as important is a Security Policy, enforceable at all levels of your organization should include, password security, current antivirus updates, firewall installation and website security initiatives. It sounds like a lot but there are many FREE and cost effective resources available to small businesses. When it comes to losing credibility and clients the return on investment is evident.