Cyber Security: No Pain, No Gain

July 15, 2015

By Hans Holmer

Senior Cyber Strategist, Technical Counterintelligence Center

INTELLIGENT DECISIONS

Leaders of companies frequently find themselves at a loss for how to lead in the cyber arena.  Typically, from the C-Suite point of view,  “cyber” appears to be a technology problem rather than a people problem–and the technology moves way too quickly for us ordinary mortals to keep up.  Too often the “people aspect” of cyber security is overlooked and, yet, it is one of the most critical areas, where leaders can do their company and their employees the most good.  In fact, cyber security is like exercise: No pain, no gain.

For example, the traveling executive is likely to be the senior leader who travels the world carrying electronic devices that hold crucial company intellectual property and proprietary data.  He or she is also too busy to deal with painful security requirements that interfere with work and their computer has just the sort of data that are of critical value to the business… and to competitors or even foreign governments.  It doesn’t take a genius to know that a number of countries are gaining access to US intellectual proprietary and patented information by cyber means.  As of mid-2014, Bloomberg estimates that more than $445 billion worth of intellectual capital was lost this way. (http://www.bloomberg.com/news/articles/2014-06-09/cybercrime-remains-growth-industry-with-445-billion-lost )

So how can companies protect their traveling executives and lead their business in cyber security?  By demonstrating that cyber security is business resiliency. That data protection is important enough to put above the pain of “not doing things the way you’ve always done them.”  By proving that you are willing to accept pain to secure their data when traveling. All the data show that changing our behavior is the key to stopping breaches, hacks, and data loss.

  • Take the time to install every security update and patch. Almost all intrusions depend on software vulnerabilities for which patches have been issued but not installed.  Computers that connect inside and outside the corporate network are particularly at risk because users rarely are willing to let the update process detract from work demands.  So if traveling senior executives demonstrate how protecting their computer is critical to the business and demand that their computers maintain the highest levels of security, this alone would be a major step forward in corporate cyber leadership.
  • Use a designated computer for foreign travel. This reduces the amount of intellectual property within the computer and, in turn, reduces the chances that the computer can introduce malware when returned to the corporate network. It also prevents the disclosure of corporate log-in credentials overseas.
  • Keep computer, phones, and other devices in your sight at all times.  Sure, it can be painful.  But not as painful as the loss of intellectual property, competitive advantage, and lost business.

When corporate leadership demonstrates that cyber security is important and that useful countermeasures are worth the pain, it sets the priorities for the rest of the organization.  By taking the lead in secure technology use while traveling abroad, senior leadership can set the tone for the entire corporation and enjoy increased cyber security practices.  In the process of learning to use  technology securely, everybody benefits.  It’s a win for leadership and for cyber security.  Not only does it demonstrate that mitigating risks while traveling is important, but also that protecting company data on the corporate network is important.  The same countermeasures that secure a travel computer will secure a corporate network. Doing one but not the other is nothing more than a waste of time.  Cyber security is very much an all-or-nothing kind of problem; it’s “data ecology.” The entire network as well as all the employees need to actively participate.  And it starts at the top.

 

Hans Holmer works in the Technical Counterintelligence Center of Intelligent Decisions.  He can be reached at hholmer@intelligent.net or 703.599.4735.

Hans is a retired CIA officer with about 20 years in cyber, 26 years in intelligence  and over 40 years in computers and similar technologies.


Cyber: Lightning or potholes?

May 8, 2015

By Hans Holmer

When you read about big breaches of corporate data, the breaches are generally described as the computer equivalent of “lightning,”  something so fearsome and unstoppable that only the government and draconian laws could prevent those breaches.

To the cyber practitioner, the more apt analogy for breaches is potholes.  Like potholes, vulnerabilities in software and hardware are ubiquitous, not that hard to fix, and new ones are discovered all the time.  The sheer scales of devices that need to be patched and the number of patches and updates that need to be deployed is daunting but the actual installation of a patch is not complex.  This is important because almost all breaches depend on unpatched computers to succeed.  The lightning strikes, more properly called 0-days, are extremely rare.

The key to keeping a street pothole-free is first to know what streets you are responsible for and what kinds of road surface they use.  The same is true of computer networks.  You need to know all the devices and software on your network – PCs, printers, servers, routers, scanners, etc.  Any devices and software that are not yours present a threat unless moved to a separate network.  When you know your network you can patch it – all of it.

Once you know the roads you are responsible for, you can determine whether the road surfaces are appropriate for the traffic that uses them.   You’ve noticed that highways have different surfaces than neighborhood roads.  In IT network terms, you need to ensure that users and processes have credentials that are appropriate for the kind of work they do so that no users or processes have more access than they need.  Only a small percentage of users should have administrative privileges, and those privileges should be allocated for particular purposes.

When it comes to detecting potholes, system administrators have an easier time than city managers.  Most modern operating systems benefit from monthly patch-cycles.  If you have computers that no longer receive patches, such as 13-year old Windows XP operating system, it might be time to repave that road.  It is no surprise that breaches are ubiquitous given that 17% of computers still run Windows XP one year after Microsoft stopped issuing patches and it is hard to blame those vulnerabilities on hackers.  By the way, the most common Windows operating system, with 58% of the total market, is Windows 7 which was released in 2009.  It is now on “extended support” until 2020.  There is a strong argument for re-paving the road before it becomes one giant pothole.

You already know that most urban streets have more potholes than are good for your car.  In a nutshell, this is because inadequate resources are devoted to maintaining the streets and nobody wants to block the street while repaving it.  The same is true of computer networks.  The damage done to vehicles is not borne by the city and the cost of a network breach is similarly unpredictable, unlike the cost of securing the network.  In both cases, high known costs outweigh uncertain, but almost certainly orders of magnitude higher, future costs.

If you had to track the pothole repair metrics, you’d track the number of streets that are completely patched.  You can do the same for networks.  If you compile the percentage of PCs that are fully patched plus the percentages of all other devices which are fully patched, that would create an indicator of the security of a network.  Given that the vast majority of breaches exploit these fundamental vulnerabilities, it is an adequate proxy for the security of the network.

Once you have reached a state where your average security is predictably high, it is time to bring in experts who can help you defeat the lightning strikes.  It is well known that 0-days seek your most valuable items, in whatever form it takes, be it intellectual property, customer specifics or money.  By implementing expert countermeasures focused on protecting your critical data and processes, you can reach that rare state of having neither potholes nor lightning in your network.

 

Hans Holmer works in the Technical Counterintelligence Center of Intelligent Decisions.  He can be reached at hholmer@intelligent.net or 703.599.4735.

Hans is a retired CIA officer with about 20 years in cyber, 26 years in intelligence  and over 40 years in computers and similar technologies.


Federal Allies News March 2014

March 17, 2014

Letter from the Executive Director

SBA’s New Emerging Leaders Program: StreetWise Steps™ to Small Business Growth

U.S. Small Business Administration’s Emerging Leaders initiative has asked Federal Allies to publicize the agency’s search for CEOs of established small businesses to enroll in a free evening program to help grow revenues and jobs.  Twice monthly, 13 sessions, 40 classroom hours currently planned for 27 cities.

Requirements include three years in business, two or more employees, annual revenue $400,000 to $10 million, and DBEs or lower income census track.

Module 1: Business and Strategy Assessment. Module 2: Financials. Module 3: Marketing and Sales. Module 4: Resources- People, Accessing Capital and Government Contracting.  Module 5: Putting it all together – Strategic Growth Plan Presentations.

Contact your local district office.  More information is available online at sba.gov/emergingleaders or you may e-mail SBA@FederalAllies.org.

A Brief History of Federal Allies and SBA

Federal Allies Institute was launched during National Small Business Week 2008, the U.S.A.’s top small business recognition program and organized by the U.S. Small Business Administration.

The mutually beneficial relationship between Federal Allies and SBA has quantifiably helped small businesses.  For example one project included SBA’s request for a free biotechnology grant application seminar, organized by Federal Allies that helped enable 26 research firms to each receive one or more grants of $244,000.  In addition to SBA, the grant process included the U.S. Department of the Treasury, U.S. Department of Health and Human Services, and U.S. Food and Drug Administration.

Several top biotechnology associations, including BIO, were recruited to serve on panels of the Federal Allies event.

Welcome New Members

Image

Welcome Distinctive Home & Health Care! The Distinctive Home & Health Care 1st Annual Heart Disease Awareness Networking Event held at Distinctive Home & Health Care’s Corporate Office. (L to R) Deborah Guynn, President, Jim Guynn, Vice President, Regina L. Singletary, Executive Assistant, DHA Acquisition Management & Support, and Chante Davis, Director of Operations. Guests enjoyed delicious appetizers with wine provided by Kathy Gaines. A fundraiser for research, guests received copies of USDA 10 Tips to Be Active Adults  and Affordable Care Act Sign Up Locations for Residents of Montgomery and Prince George’s Counties, in Maryland.

Federal Allies Institute Corporate Ethics Certification Program Underway

The Winter Sessions of Federal Allies Institute’s Corporate Ethics Certification are being held during February and March.  A second program planned for the Spring is currently seeking enrollees.  The fee for members is $1,000 and non-members $1,500.  The Federal Allies Institute Scholarship Program offers a limited number of partial scholarships.  The Federal Allies Institute Board of Overseers for the program seeks to expand.  Recent meetings to publicize the program have been held including with U.S. Senators Mark R. Warner and Tim Kaine, both of Virginia, the home state of the Federal Allies Institute.

Sincerely,

David T. Boddie

Executive Director, Federal Allies Institute


Federal Allies Institute Interview: Kevin D. Freeman, New York Times Best-Selling Author on Economic Warfare and Cyber

March 17, 2014

Federal Allies  Recently, the Russia invasion of the Crimean peninsula utilized both conventional and cyber attacks.  In your latest book Game Plan, you outline the potential threats against the U.S. economy and how Americans can be prepared to protect their savings and investments.  In other words, what Americans see as the marketplace, our enemies now view as the battle space to include cyber economic attacks for a global economic war.  You have written several books on the subject.  Can you enlighten us on your federal agency meetings and what has been their response to the potential for economic warfare and cyber attacks?

Freeman  It is important to understand that the critical issue is economic warfare and cyber is a powerful way to conduct that war. Without understanding that the war is economic, cyber becomes a catch-up battle with malware, viruses, and hacking—something for which you might install some good defensive software but not create a threat doctrine.

Most of my meetings have been with Defense and Intelligence agencies. Initially, the meetings were based on curiosity as the concept of economic warfare and financial terrorism was viewed as outside the mainstream of discussion. In one case, a group was convened to determine how offensive weapons could be deployed using financial strategies.

In most cases, after the meeting, there was a general acknowledgment of the threat but little willingness to address it. “It’s not in our lane,” was a common response. In other cases, there seemed to be a denial of the entire concept. “No one would be able to do that,” and “why would anyone harm our economy when they would be hurt in the process,” were typical responses. Since 2008, I have met with a dozen or so different Pentagon-related offices, top leadership (past or present) from three different intelligence agencies, various appropriators, Federally-funded research labs, and others.

Over time, with further revelations, however, the idea of economic attacks, especially cyber in nature have gained critical acceptance. I recall a meeting at the FBI, for example, where the whole idea of attacking our financial system was ridiculed. A couple of weeks later, the NASDAQ was hacked and it was acknowledged that the resources behind the breach leaned more to nation state that criminal organization. And, there have been directed threats by Putin against our markets and currency, the flash crashes, and other incidents that support my general thesis that the next war is economic with cyber weaponry. Then, there were the revelations from Juan Zarate in his book, Treasury’s War that acknowledged not only that we had developed economic weaponry to use against terrorists but also that we were vulnerable to a host of financial attacks.

Unfortunately, the problem remains that the broad issue of economic warfare and financial terrorism, despite its serious nature, doesn’t “belong” in any one location and may not reside anywhere. We are looking at cyber, but unless we see it in the context of economic warfare we won’t address it properly. Outgoing head of the NSA, General Keith Alexander acknowledged our vulnerability in a 60 Minutes interview (as excerpted from Forbes December 15, 2013):

“On the CBS program 60 Minutes tonight, National Security Agency (NSA) director Gen. Keith Alexander admitted that ‘a foreign national could impact and destroy a major portion of our financial system’ by placing a virus in our computer systems ‘and literally take down the U.S. economy’ if the virus was spread around … While mentioning known attacks by China, Deborah Plunkett, another NSA official spokesperson, told CBS: ‘Don’t be fooled. There are absolutely nation states who have the capability and the intention to do just that,’ i.e. ‘literally take down the U.S. economy.’”

Federal Allies  How big of an issue is cyber in comparison to all other concerns?

Freeman  Our potential enemies have cyber as the #1 means of future warfare.  That says something. It is likely that all future conflicts will have at least a cyber component. The risk is, with cyber or EMP or other attacks that Pearl Harbor and Hiroshima could be combined into a single event. There are sovereignty ending risks if the electric grid is wiped out, or the financial system completely collapses. Consider this from Wired Magazine in 2010:

“Cyberspace has become the fifth domain of warfare, after land, sea, air and space. Some scenarios imagine the almost instantaneous failure of the systems that keep the modern world turning. As computer networks collapse, factories and chemical plants explode, satellites spin out of control and the financial and power grids fail.”

The Russians used cyber attacks both in Georgia and more recently the Ukraine. China, Iran, and North Korea, and multiple terror groups/international criminal organizations have all developed sophisticated cyber units as a primary means of war fighting. They are testing and probing our systems daily.

Federal Allies  The Defense Department named cyberspace a new domain of warfare in 2011. Today, U.S. Cyber Command, the services, and U.S. partners and allies are working together to make that inherently collaborative, adaptable environment a suitable place for military command and control.  Which federal agencies are leaders on cyber?

Freeman  DoD through Cyber Command and NSA and Homeland Security are key leaders, with significant cyber efforts at FBI and throughout the Intelligence Community. I am concerned, however, that the effort isn’t fully integrated as would be required to develop an economic war footing. It’s a little like pre-9/11 when anti-terrorism was split across a variety of efforts with little coordination or cooperation.

Federal Allies  Which published government reports do you recommend would bolster our readers?

Freeman  All of my work has been through existing contractors. I recommend my DoD reports, my books, and blogs with info at http://secretweapon.org.

Federal Allies  As you look across the agencies, who is leading the most important initiatives underway?

Freeman  From my limited vantage point, DoD has shown the most interest which is appropriate as this is an economic war with a cyber dimension.

Federal Allies  What would you like to leave our readership thinking about?

Freeman  I believe we are potentially facing a third World War fought primarily through economic means. Most prospective enemies of the United States would prefer not to match our kinetic weapon systems. But, they view our underlying strength coming from our economy and our economy appearing vulnerable. Unfortunately, our nation tends to prepare for the next war based on the weapons from the last war. This is a mistake. It is critical that we develop a complete economic warfare doctrine and build integration for key cyber efforts to that doctrine.

Federal Allies  Thank you.

 

Read Federal Allies News March 2014 edition: Economic Warfare and the Use of Cyber. An in-depth interview of New York Times Best-Selling Author Kevin D. Freeman. www.FederalAllies.org  Interview conducted at CPAC and online.

@FederalAllies Interview with Kevin Freeman (March, 2014 Issue): secretweapon.org/federal-allies… #GamePlan


Federal Allies Institute Interview: Mauricio P. Vera, Part 2

February 20, 2014

Mauricio P. Vera is a career member of the Senior Executive Service and serves as the director of the Office of Small and Disadvantaged Business Utilization (OSDBU). In this role, Vera leads USAID’s efforts to provide maximum opportunities for small, disadvantaged, women-owned, service-disabled veteran-owned and HUBZone small businesses to participate in USAID contract awards through outreach, education and creative procurement initiatives.

By Katia Lind

The following two-part interview published in the January and February 2014 editions of Federal Allies News highlights the work of Mauricio P. Vera, an early supporter for the formation of the Federal Allies Institute.

 

Federal Allies: What trends and changes at USAID should federal contractors anticipate in the future?

Vera: We have done a lot better working with small businesses for our domestic requirements.  In the  six years that I’ve been at USAID, we have almost doubled our percentages, i.e. the percentage of dollars going to small businesses. When I started here, about 8% of our domestic dollars were awarded to small businesses and for the fiscal year we just finished, it was over 15%.  Our goal last fiscal year was 11%, and for FY 2014, our goal is 12.35%.  We are now focusing much more on our overseas requirements, and that’s a much bigger challenge, given the difference in the regulations.  It is much easier to hold our staff accountable domestically than overseas, given the way the regulations are currently written.  So we now have some internal initiatives to encourage our missions to work closely with U.S. small businesses.   We’ve recently set a new metric, an internal target, for international awards to small businesses.  It’s a high level target that is one of our corporate objectives and thus gets the attention of the senior leadership of the agency.  This just started a few months ago and we are trying to promote it to our missions overseas.  And we’ve also started a training program for our acquisition staff overseas, that’s been ongoing for a year and a half now.  Now that we have this internal target, we believe it’s going to really have impact on increasing small business opportunities overseas.

Federal Allies: How are you reaching out to small businesses internationally?

Vera:  We look for countries where our programs are not large, i.e. we have not focused our efforts in countries like Afghanistan, where we have a lot of resources, contracts are large, and where the operating environment is difficult.  Many small businesses do not want to operate in our critical priority countries, where there may be a difficult security situation.  The countries we have targeted for small business opportunities are ones where budgets are not small but are not huge either, e.g. $50 million to $100 million in a particular country.   And if the leader of the mission is supportive of our initiative, then that also helps.  For example, Liberia is an example of a country where we are doing quite well with small businesses, actually on a percentage basis they are doing better than we are doing domestically, because of the commitment of the mission’s leadership. So we try to target those countries.  We also review acquisition plans to ensure that there will be small businesses that are interested in bidding.

 

Federal Allies: For our Veterans, what are you doing to ensure that USAID reaches its 3% SDVOSB goal?

Vera:  All the agencies have statutory rates that are now negotiated for Service Disabled Veterans.  It is 3% and for Women-owned businesses it’s 5%.  Last year was the first time that we met and exceeded our 5% Women-owned small business goal.  And for Veterans we are now at about 2.23%, again a significant improvement from the past for both categories.  We are doing this by focusing specific acquisitions on those groups, doing set-asides in each area and conducting targeted outreach to these groups.  As a matter of fact, we are leading an inter-agency effort organizing the Veterans International Small Business Opportunities conference.  It will take place on February 25 and will include the State Department, Millennium Challenge Corporation, Overseas Private Investment Corporation, and the US Trade and Development Agency.

Federal Allies: Five years ago, Nuclear Regulatory Agency, Smithsonian, and US AID were among 25 agencies and branches of the military that attended the first events of Federal Allies Institute at Fort Myer, Virginia.  Back then Federal Allies achieved its first mention in Congressional testimony by the Architect of the Capitol before a U.S. House Subcommittee on Economic Development, touted as a way to expand their current vendor database of small businesses. FAI has since broadened those relationships with the agencies, scores of congressional offices and travelled to many states to present our unique program and brand before many county, and state economic development program boards, governors’ offices and setting up new chapters.  As FAI grows across the country to promote federal acquisition best practices, do you see value in a privately-funded non-profit association such as Federal Allies making these connections that net federal agencies with more small business competition for federal contracts?

Vera:  We have found these types of organizations and events valuable.  We found a lot of small businesses to work with us around the country.  We do have budget constraints for travel so we try to support these events as much as we can.

Federal Allies: What’s next for you personally?  How will you continue helping the federal government reap the value of small businesses?

Vera:  I always tell people that I consider myself very lucky because I have a job that I love and work for an agency that I love.  Our mission is very special and I’m honored to work with incredibly bright and talented people every day.  Our mission is truly special: to end poverty and improve the lives of people around the world.  I’ve always been very passionate about helping small businesses and I continue to wake up every morning excited about doing this work every day. As I mentioned before, we’ve improved a lot domestically and our challenge now is to do this overseas.  So I plan to do this as long as I can continue to be successful at it.  Maybe in a few years, when I retire, I will try to start my own business.  I thought about doing that many years ago, but decided against it so I could help raise a family.


Federal Allies Institute Interview: Mauricio P. Vera, Part 1

January 1, 2014

Mauricio P Vera USAID Federal Allies Institute 400 px

Mauricio P. Vera is a career member of the Senior Executive Service and serves as the director of the Office of Small and Disadvantaged Business Utilization (OSDBU). In this role, Vera leads USAID’s efforts to provide maximum opportunities for small, disadvantaged, women-owned, service-disabled veteran-owned and HUBZone small businesses to participate in USAID contract awards through outreach, education and creative procurement initiatives.

By Katia Lind

The following two-part interview published in the January and February 2014 editions of Federal Allies News highlights the work of Mauricio P. Vera, an early supporter for the formation of the Federal Allies Institute.

Federal Allies: Tell us about the OSDBU Conference.  We understand the outreach and public relations aspects that help to establish and build relationships and that it is a great annual resource for all agencies especially the smaller agencies.  How do the smaller agencies reach out across America to small businesses that for one reason or another cannot travel or afford fees associated with a major exhibition in Washington, DC?

Vera:  We recognize that small businesses do not have enough resources or time to attend a lot of conferences, what we do in my agency is monthly Vendor Outreach Events.  Many other agencies do the same thing.  Basically, about once a month, we invite small businesses to spend half a day with us to learn the basics of doing business with USAID.  We usually structure these sessions around different themes.  For example, we are doing one next month related to infrastructure projects around the world.  We’ve done them on health, agriculture, and a lot of technical areas that USAID works on.   Sometimes we do them with a different focus – targeted to Women Owned Businesses, Veteran-Owned Businesses, or whatever it might be.   In addition to monthly Vendor Outreach Events held in Washington, DC, we also have an annual Small Business conference, which in the coming year will be our 7th annual conference and that’s on May 22nd, 2014.   This is a one day event; and we do our best to keep the registration fees very low.  We invite our senior leadership as well as the working levels.  We have business match making.  Last year we had a Congressional member as well as our Administrator provide remarks; we also had the Administrator of OMB’s Office of Federal Procurement Policy, and we have panels and workshops to assist the businesses.  You can find details about these events through the internet and our websites.  People should know about www.osdbu.gov that has the links to all the agencies OSDBU offices and this is a good way to find out about many upcoming outreach events.

Federal Allies: For our beginners, many businesses utilize inside-the-beltway federal contracting consultancies.  When are advisors necessary and when are they not?  If someone wanted to become a federal contractor by themself and stay abreast of current trends, procedures and rules, is the information all available for free and how much time do you estimate that it takes to become proficient at federal contracting?

Vera: Most of the information out there is free.  I would recommend businesses not immediately hire the consultants, you can do a lot of research on the internet, go to the agency websites, there are a lot of organizations like U.S. Small Business Administration (SBA) as well as Procurement Technical Assistance Centers (PTACs), which we all recommend particularly for startup firms – it is a very inexpensive way to learn the ins and outs of the federal contracting world.  What I always tell businesses when they come to me is that I think they should target a specific agency.  Do not target everybody, depending on what type of services they provide they should target a small number of agencies and then really try to learn what the needs are of that agency by looking at the business forecast, by attending those agencies Outreach Events, getting to know some people, networking, all of which are critical.  You cannot just wait for the opportunities to be posted on http://www.fbo.gov and then just respond, you really have to learn what the agencies are looking for and meet some of the current contractors, because small businesses that are successful usually start out as subcontractors.  The best way to get on the teams is by getting to know some current players who have been already successful marketing to the agency.  And lastly, joining a trade association can sometimes be helpful.  For example, at USAID, many of our contracts are for technical assistance in the technical areas that we work in.  So to help us identify those niche firms that work in international development, we work closely with the Small Business Association of International Contractors (SBAIC).  This is a group of about 100 small businesses that mostly specialize in international development work.  For other agencies there may be other specialized types of associations that they work closely with.

Federal Allies: Your career includes work at Smithsonian, Nuclear Regulatory Commission and for the past six years at USAID.    Care to weigh the differences of working at one agency versus the others?

Vera:  There are a lot of differences. Obviously the requirements are very different.  At the Smithsonian, most of the contracts were for exhibit design and construction, and we awarded many engineering and constructions projects, because the buildings were constantly being renovated.  At the Nuclear Regulatory Commission, there were a lot of engineering and IT type projects, so we looked for those kinds of firms.  Both of these were much smaller agencies; each had procurement budgets of about $150 million to $200 million a year.  USAID has a much bigger procurement/acquisition budget and of course the biggest differentiator is that USAID is a world-wide agency.  USAID currently has missions in over 80 countries around the world.   For contracts that are awarded overseas, the regulations are very different, particularly when it comes to the use of small businesses.   The requirements are also very different, most of our dollars go out as technical assistance projects related to the areas that we work in– health, agriculture, democracy and governance, economic growth, there are about eight to nine different particular areas that we work in.  As far as our domestic awards, most of those are to support our administrative functions here in US, where we have our headquarters.  Our overseas requirements are usually about the implementation of our work.

Federal Allies: What security levels are required for your acquisitions, if any?

Vera: Most of our contracts are sensitive in nature and require personnel security clearances and facilities clearances consistent with clearance and access requirements of the contract. The security level required really depends on the requirement.  On occasion we encourage our prime contractors to sponsor subcontractors for their clearance, especially with the small businesses, because when the small businesses outgrow their size status we encourage them to mentor smaller firms, and one thing they can do is to sponsor them for the security clearance.

To be continued in the February 2014 edition of Federal Allies News.

2009 061709 Washington's DC Metro Expo Fort Myer Daisy Matthews 700 px

FROM THE ARCHIVES: Daisy Matthews consults one-on-one with Small Business Owner at a Federal Allies national conference “Washington’s DC Metro Expo” held at Fort Myer, Virginia in 2009.  Ms. Matthews serves USAID as Small Business Specialist, Bureau for Democracy, Conflict and Humanitarian Assistance POC, Bureau for Global Health [except Supply Chain Management) POC, Bureau for Europe & Eurasia, Bureau for Legislative and Public Affairs POC, Office of Civil Rights and Diversity POC, Office of Human Resources POC, and Woman Owned Small Business POC.

2009 061709 Washington's DC Metro Expo Fort Myer Kent Menser 700 px

FROM THE ARCHIVES: Col. Kent Menser USA (Ret.) of the Fort Meade Regional Growth Management Committee discusses federal contracting in Howard County, Maryland at the 2009 Federal Allies national conference, Fort Myer, Virginia. advises Small Business Entrepreneurs on how to do business with Howard County, Maryland.  Col. Menser recently announced his return to the private sector March 31, 2014.


The Federal Allies Institute Interview: Lockheed Martin

June 2, 2013

David T. Boddie interviews Robyn H. Snyder, Lockheed Martin MST Undersea Systems Supplier Diversity Program Manager.

Federal Allies: First, I would like to compliment Lockheed Martin for doing such an excellent job this year at Washington Days Conference and for sending you Robyn because you not only keynoted Lockheed Martin’s Diversity and Mentor Protégé programs, you stayed for the entire afternoon and participated from the audience during the small business Q & A with Mentor Protégé panelists Tony Eiland of GSA and Kevin Boshears of DHS.

As it turns out, at many of our events, we frequently have as much expertise in the audience as on stage.  This year audience member Gary Shumaker of C2 Solutions Group was identified by at least one panelist as his mentor.   So these were great conversations all around.

We thank Lockheed Martin, Suzanne Raheb in Orlando, Florida, Orysia Buchan in Syracuse, New York, and your office in Manassas, Virginia, and headquarters in Bethesda, Maryland.

And now for our national audience of small businesses that were not able to attend Washington Days, we appreciate you sitting down for this interview.

What are your day-to-day priorities to manage Lockheed Martin Diversity?

Lockheed Martin: Lockheed Martin has an extensive Diversity Program which is tied to our culture and values: Do What’s Right, Respect Others, and Perform with Excellence.  Lockheed Martin is proud to support a culture which is inclusive of all diverse categories and in which all employees are respected and empowered to do the right thing, every day in every situation.  Our diverse supply chain mirrors our culture and all of our suppliers are expected to adhere to our ethical commitment of doing what’s right and respecting colleagues, customers and partners to produce a positive and productive business relationship.

Federal Allies: What are recent trends that you would like to emphasize from Lockheed Martin’s interactions with the federal agencies and SMEs?

Lockheed Martin: Lockheed Martin, and the defense industry as a whole, continues to be faced with an uncertain economic environment.  The constant trend is change in social, economic and global environments that affect the way we do business.  The Defense budget is getting tighter and continued reductions are forecasted.  Customer demands continue to change with a focus on increased productivity and savings to enhance performance, while reducing costs and delivering optimum value.  Therefore, Lockheed Martin needs strategic suppliers to partner with in order to keep up with changing customer demands.  Lockheed Martin has had great success with suppliers offering efficient, cost-cutting solutions, (such as bundling of products,) and innovative technical solutions to drive down-time and manufacturing costs.

Federal Allies: As far as subcontracting opportunities are concerned, which strategic niches does Lockheed Martin depend on from small business to complement your capabilities?

Lockheed Martin: Supplier partnerships are critical to Lockheed Martin’s mission success.  However, the new reality is that the business environment is more competitive than ever and suppliers must have the total package.  They must demonstrate a commitment to continuous improvement, quality, affordability and on-time delivery.  They need to be able to define their specific capability and relate it back to how they will add value to our programs.  They shouldn’t ask what Lockheed Martin can do for them; they should tell Lockheed Martin what they can do for us by offering value-added solutions.  A firm’s best option is to visit the Lockheedmartin.com website and become familiar with our programs, products and services.  We also have an immediate needs bulletin board where we post various requirements.  Services we purchase tend to be niche expertise so be sure to define your services around your strongest capabilities, rather than a broad range.

Federal Allies: What core values does Lockheed Martin strive to incorporate that you require of small business subcontractors?

Lockheed Martin: Lockheed Martin incorporates the following core values: Do What’s Right, Respect Others and Perform with Excellence.  These are included in our terms and conditions and we expect all of our suppliers to comply with our Ethics Standards.

Federal Allies: The Federal Allies Institute recently launched a Corporate Ethics Certification program for small businesses and we have made it affordable.  Corporate Ethics is growing in importance as a differentiator by federal agencies.  Is there a specific program within Lockheed Martin that addresses this issue on behalf of small business Ethics certification?

Lockheed Martin: Lockheed Martin has an entire internal Ethics organization which handles all ethical violations.  This group has provided training seminars for small minority businesses in order to help them create a good ethical base at the level that will serve their employee base with the least costs.  Ethics is not a program-by-program entity; it is an overall principal that Lockheed Martin’s culture embraces.  We expect the same from any company that works with us.

Federal Allies: How does one build a relationship with Lockheed Martin and one or more of its five business areas?

Lockheed Martin: The first step is visiting the Lockheed Martin Website and reading all information pertaining to What We Do and Supplier information.  What We Do covers lines of business and programs handled, guiding the potential supplier to the appropriate line of business.

Lockheed Martin has approximately 40 small business officers who serve as advocates and help the company identify, develop and nurture an essential array of diverse suppliers in delivering top value and innovative customer solutions that provide global security benefits. These representatives also actively participate in their communities by serving on local and national boards and councils.  Collectively, we attend more than 80 supplier diversity-related conferences and events on an annual basis.

In addition, we recently debuted a new web solution called Supplier Wire on Lockheed Martin.com. Supplier Wire (http://www.lockheedmartin.com/supplierwire) is our new online gateway dedicated for diverse enterprises looking to do business with Lockheed Martin and the defense industry in general.  Supplier Wire offers a wide range of educational resources, including free webinars, video tips, live chat sessions where firms can interact with subject matter experts from all Business Areas, and supplier testimonials designed to help small businesses learn how to do business as well as sustain and expand.

Federal Allies: Are most of your subcontractors referrals?

Lockheed Martin: There are some, but I would say the majority of our suppliers have formed relationships with the Lockheed Martin Supplier Diversity Liaison Officer or another Lockheed Martin specialist.  The relationship building can start at a conference, memberships in organizations, both local and national, or other events.  We encourage networking, not only with primes, but with other small businesses for strategic partnerships or referrals to fill requirements.

Federal Allies: What are examples of where Lockheed Martin seeks to be a subcontractor?

Lockheed Martin: Lockheed Martin participates with small business on the Small Business Innovative Research Program where it can subcontract with small business to assist in its research and development.  Lockheed Martin also partners with small business on a competitive RFP.  Depending on the size and scope of the effort, Lockheed Martin welcomes all invitations for subcontracting to small business.

Federal Allies: Is there any further advice that you would like to share?

Lockheed Martin: Lockheed Martin has the greatest success with small businesses that offer the following:

  • Superior product and services.  We expect top quality goods and service, always on-time, at a competitive price.  We work in a highly competitive environment with a strong base of subcontractors.
  • Cost-cutting and time-saving solutions. Lockheed Martin has had great success with suppliers offering efficient, cost-cutting solutions, (such as bundling of products,) and innovative technical solutions to drive downtime and manufacturing costs.
  • Global Mindset. With the market shifting to new customers overseas, it is imperative for small businesses to position themselves to be able to compete in the global marketplace. Small businesses should understand ITAR regulations and international policies.  We also encourage small businesses that are just breaking into the defense market to seek strategic partnership opportunities with other large and small businesses in the industry. This is a great way for a small business to make themselves marketable by partnering with a business with a solid track record of doing business with a prime contractor.
  • Quality certifications: Requirements for quality certifications vary with the type of work being done.  We frequently will use a supplier only if the company is ISO 9000 certified, though for most work we require AS 9100 or AS 9120 certification.  For IT services, CMMI level 3 or 5 certification is a frequent requirement.  Distributors of parts are required to be franchised or authorized by the manufacturer.

Federal Allies: Many small business subscribers of Federal Allies News are in your database and meet regularly with Lockheed Martin at trade shows.  If 10 firms focus on the same technologies, for example, what is the determining factor – what differentiates prospective subcontractors from one another?  And what makes one company the best?

Lockheed Martin: Suppliers are selected on the basis of a firm’s ability to satisfy Lockheed Martin requirements, which include quality, price, delivery and continuity of supply, capacity and reliability.  These are enhanced by certifications, past performance, awards and other discriminating factors. Suppliers must be aware that Lockheed Martin has a strong base of known suppliers and competition is intense.

Federal Allies: Recently FEMA looked to a high school student in Maryland to purchase a technology solution to aid their work during the aftermath of Superstorm Sandy.  In our research we learned that across America there are 42,000 high schools and that only 2,250 teach STEM.  This Maryland high school was one of them.  As a result, Federal Allies Institute expanded our scholarship program to include students.  Many universities and The Washington Post are helping us to reach out.   And this year recipients included two students from Howard University.  Could you give our readers an idea of the scope and nature of Lockheed Martin’s scholarship and internship programs, how you communicate these programs, and how many lives are touched each year?

Lockheed Martin:  At Lockheed Martin, we support a diverse group of organizations focused on education, specifically science, technology, engineering, and mathematics (STEM) education.  These organizations offer a variety of scholarships to children across the country.  In addition, we also offer the children of our employees the opportunity to compete for a National Merit Lockheed Martin Academic Scholarship, which is available to 100 children per year, and we promote this opportunity through our internal and external websites and in employee newsletters.

Lockheed Martin’s Intern/Co-op Program will touch close to 800 students this year.  Intern/Co-op hiring is part of the corporation’s workforce planning and allows for the corporation to build a pipeline of entry level talent early on in the recruitment process.  This positions the corporation to recruit and retain best-fit talent in majors of interest to Lockheed Martin. The corporation places strong emphasis on providing students with meaningful work assignments related to their specific field of study. This gives students an opportunity to apply principles learned in the classroom to the real-world environment, building engineering and business problem-solving skills.

Federal Allies: On behalf of our members and entire readership, we appreciate the opportunity to help Lockheed Martin celebrate ‘100 years of accelerating tomorrow’ and look forward to talking with you again in the future.  Thank you.

Presentation of the Federal Allies Coffee Mug

Presentation of the Federal Allies Coffee Mug

Frank Clay, Jr., Chairman, Federal Allies Institute and Robyn H. Snyder of Lockheed Martin

About Robyn H. Snyder and Lockheed Martin

David T. Boddie is Founder and Executive Director of the Federal Allies Institute, former Chairman of U.S. Small Business Administration’s Washington Metropolitan Area District Advisory Roundtable and Director of State and Local Affairs for SBA’s Office of Advocacy.  A former executive at trade organizations in Oklahoma, Arkansas, and Maryland he worked as strategic planning executive for a Virginia small business start-up of 40-employees and worked for an international technology federal contractor headquartered in Pennsylvania.  He has served Presidential administrations, federal agencies and nonprofits as a volunteer since 1982 including Judge for National Small Business Week, Class Advisor for the U.S. Chamber’s Institutes for Organization Management, State Delegations Facilitator for Presidents’ Summit for America’s Future directed by General Colin L. Powell; and Desert Storm Homecoming Foundation.

https://www.facebook.com/FederalAlliesInstitute