Cybersecurity Executive Order – Open Letter to President Trump
February 8, 2017
President Donald Trump
The White House
1600 Pennsylvania Avenue NW
Washington DC 20500
Re: Small Business Response to President’s Cybersecurity Executive Order
Dear Mr. President,
Thank you so much for your initiative with our nation’s Cybersecurity.
As a California Certified Small Business owner who offers a multi-factor authentication (MFA) product on the GSA Schedule, I have an important concern: Currently, there are no NAICS, SIC or SIN procurement codes for cybersecurity products on the GSA Schedule. This makes it difficult for government agencies and departments to find, let alone implement, the products you are mandating.
A year ago, I sent a similar letter to President Obama. NOTHING has changed. I trust that you are the man to fix this ridiculous problem. By simply adding cybersecurity procurement codes on the GSA Schedule as part of your Executive Order implementation, cybersecurity solutions will be implemented much faster.
Without cybersecurity procurement codes, government agencies and departments are unable to find, let alone implement, targeted products and services to help keep our Nation’s electronic data secure. Their current procedure is to do keyword searches on the GSA Schedule and hope they find something. If they don’t put in the appropriate keywords or vendors have not listed those keywords, the agency finds no match. Their only recourse is to generate expensive and time consuming RFIs, RFP’s and RFQ’s. Cybersecurity NAICS, SIN and SIC codes would streamline the entire process, save money, and ensure fast implementations.
Without updated procurement codes, small businesses like mine (and many others) are at a great disadvantage. We don’t have the ability to lobby all the agencies about our state-of-the-art solutions, so contracts are always awarded to the major primes. Sadly, they often are not up to speed fighting the latest hacking technology or methodology. When we contact the primes to tell them what we offer with hopes to be a supplier, they too don’t know how to classify our products to easily drop into their government bids (no codes to match against). Cybersecurity procurement codes will help to even the playing field for small businesses.
One federal agency’s Cyber Labs, has evaluated, purchased and successfully implemented our multi-factor authentication password manager to protect hundreds of their many high value servers. Our product, Power LogOn, saved this agency both money and implementation time because it works with their existing PIV ID badge, creating both high level MFA cybersecurity and convenience. They put Power LogOn through a rigorous evaluation process during which it acquired a FIPS 140-2 verification from an independent NIST laboratory (InfoGard) and a NIST FIPS 201 waiver.
My problem is that this agency cannot tell any other agency about our product because they will be seen as promoting a vendor. It’s a daunting task for an SMB to have to start from scratch with every agency and department when the proper placement of our services on a dedicated NAICS code for Multi-Factor Authentication Cybersecurity would allow agencies and departments to easily find and implement the products and services they need. This would help all companies to be easily identified for cybersecurity products and services on the GSA Schedule, not just mine.
Cybersecurity is one of this nation’s biggest security concerns. With the recent data breaches at the IRS, OPM, DoD, DNC, and even Congress, government agencies should be keen on finding solutions today that can help safeguard their networks.
The reason the GSA Schedule is so important to your Cybersecurity Executive Order is that agencies will be able to find and simply purchase what they need. They will not be burdened by the time and cost of a large and cumbersome procurement bidding process. Because Power LogOn is already on the GSA Schedule, agencies can implement multi-factor authentication quickly and easily, immediately plugging any holes in their current infrastructure.
Our product takes only hours to implement because it leverages existing technologies. It works with the existing PIV, PIV-I, CIV and CAC cards so re-badging. The FIPS 140-2 verification means government approved security. The FIPS 201 waiver means no expensive re-certification of government issued cards. Now agencies can add secure computer, network and application logon immediately, while saving taxpayer’s a significant amount of money.
I have been in this industry for over 25 years. I am the author of Making Passwords Secure, Fixing the Weakest Link in Cybersecurity which outlines how to implement cybersecurity authentication solutions.
My only other question is:
How can I and my business contribute to your vision for our nation’s cybersecurity?
Thank you for your time and consideration.
With warmest regards,
Founder & CEO
Access Smart, LLC