Joe Mazzafro, writing over at the MAZZ-INT blog for the AFCEA Intelligence community, explores the difficulty in finding a person who is both qualified and willing to be the new “Cyber Czar” :

To develop and implement an effective cyber security policy, common “DC wisdom” is that the Cyber Coordinator will need direct Presidential cover (i.e. access) and not report via the Deputy National Security Advisor for Terrorism with a dotted line to a counterpart on the Council of Economic Advisers. Of course, anybody qualified to be the nation’s first “Cyber Czar” will know they are only a pretender to the government’s real Cyber Czar – - – the Director of NSA (DIRNSA). NSA stands alone in understanding cyber space better than any organization on the planet and only it has the technical throw weight needed to immediately shore up America’s cyber defenses. When DIRNSA is dual hated as the Commander of US Cyber Command in October the position will gain even more influence and authority related to US interests in cyber space.

Given these circumstances I just don’t see many high profile personalities attracted to being the third or fourth choice for a position that lacks authority, reports to a Deputy National Security Adviser and must operate in the shadow of DIRNSA. What I do see, however, is an opportunity for a solid cyber professional who knows how to plan and get things done in government without being ego driven.

Read it all–and comment–here.

Delays in obtaining security clearances are actually the second biggest problem for companies of any size that want to work with members of the intelligence community. The first is what many firms affectionately call the chicken-and-egg problem. Getting a security clearance for corporate personnel is not possible without having a contract that requires secured personnel; however, companies cannot be awarded a contract that requires security clearances until they have personnel that have received security clearances.

Emily Noreiga, former program manager, Provisional Industrial Security Approval (PISA) Sponsorship Program, NSA, attempted to shed some light on this subject during the final presentation at the AFCEA Small Business Intelligence Forum in Fairfax, Virginia, held earlier today. She did not attempt to brush aside the chicken-and-egg dilemma but rather acknowledged it as a serious issue. However, she explained that companies could make inroads in this area by seeking a facility clearance first. This is not approving a facility as secure; it is a background investigation of a company’s leaders to ensure that the firm is legitimate and no security issues exist.

Intelligence organizations can view these organizations as ones they would like to pursue business with in the future, Noreiga explained. The NSA recommends that facilities clearances be sought for the Top Secret level, she added.

In terms of personnel clearances, the purpose of the PISA program is to expand the NSA’s cleared space. “We want to get companies into the agency,” Noreiga stated. In addition, program increases the number of corporate representatives that the NSA can discuss current requirements with, expanding its exposure to innovative capabilities. “Otherwise, it is a one-way conversation. You tell us what you do, but we can’t tell you what we need,” she said.

Representatives from the DIA, NGA and NSA shared their insights about how to get a foot in the door at intelligence community agencies during the second panel presentation at the AFCEA Small Business Intelligence Forum this morning in Fairfax, Virginia. All agreed that it requires more than the standard marketing approach but emphasized that it is worth the investment in time and talent.

Pam Porter of the National Security Agency’s small business office noted that her organization does not participate in Federal Business Opportunity, or FedBizOpps, one of the standard sources of new contracts announcements. She emphasized that instead, businesses should be sure to register with the Acquisition Resource Center (ARC) and the Central Contractor Registration.

Porter pointed out that the ARC is not a contracting center but rather a market research arm of the NSA. She stressed that it is, however, the first place agency members will turn to when they have identified specific requirements. In addition, ARC registrants are invited to specific conferences.

Approximately twice a month, the NSA holds briefings for companies that seek to do business with the agency. To find out more and register for these events, companies should go to http://www.nsaarc.net/biweekly. At these and other industry events as well as through joining trade associations, small business owners should invest their time networking with both corporate and government officials as a means to establish future business relationships, Porter said. The agency also offers one-on-one counseling to companies, but once again they must be ARC registered. To arrange a meeting, companies can e-mail smallbusiness@nsa.gov.

The National Geospatial-Intelligence Agency (NGA) works with small businesses in two primary ways, Sandra Broadnax, small business executive, NGA, explained. First, it features an Industry Interaction Panel, which reviews white papers, briefings and unsolicited proposals from industry. The panel meets monthly to review all the material received during the previous 30 days. Those who submit items will receive an acceptance or rejection notification from the panel. When the panel accepts a concept or capability, it is forwarded to the NGA’s technical staff for further investigation.

The second way the NGA works with small businesses is through its small business vendor list. This approach is followed for every item or service the NGA acquires, Broadnax noted. For information about being placed on the list, vendors should send an e-mail to smallbusiness@nga.mil. Broadnax emphasized that the list is purged annually, so companies must be sure to re-register each year.

Sherry Baldwin, small business executive with the Defense Intelligence Agency (DIA), admitted that working with the DIA means that corporate personnel must have security clearances. Acknowledging that this is a chicken-and-egg problem—a company cannot get a contract without cleared personnel but personnel cannot be cleared without a contract to work on—Baldwin recommended that small companies start by working on classified contracts with larger firms.

The DIA also uses the ARC list to locate vendors with which to work. In addition, the agency also seeks sources through FedBizOpps, proving that the rumor that by the time a business opportunity appears there, it is already too late to submit a proposal, Baldwin stated. At times, the DIA does not need a formal proposal but rather a simple two- to three-page capabilities statement explaining in detail the company’s strengths and experience, she added.

An impressive panel featuring participants from the some of the most well-known “three-lettered” intelligence organizations got down to the nuts and bolts of intelligence agencies’ requirements. The discussion, which took place this morning at the AFCEA Small Business Intelligence Forum in Fairfax, Virginia, also centered on where the organizations plan to go in the near future in the information technology realm.

Presenting information about the CIA was Jill Singer, deputy chief information officer (CIO). As one of the independent agencies within the intelligence community, Singer explained that the CIA is not subject to the same small business guidelines and side-asides as the other agencies. This drew some discontent within the audience of more than 100 attendees, but Singer quickly explained that this does not mean that the agency is not dedicated to working with small companies. In fact, she pointed out, nearly half of the CIA’s business is awarded to small companies.

From now until 2015, the CIA will be focused on a number of priorities that offer industry several opportunities. Among them are transforming the collection and analysis intelligence, communications and access to mission-support information. A process is in place for companies to work with the CIA and can begin by e-mailing the agency at bidders@ucia.gov.

Panelist Kelly Miller, deputy CIO, NSA, also spoke of transformation, and in the NSA’s case it will be in the form of a move from information system stovepipes to a service-oriented architecture. In addition, the agency is working toward a federated enterprise so that information can be shared across NSA sectors, with other intelligence agencies and even with foreign partners. “We are not focused on information technology as much as on information management across the enterprise,” Miller said.

He shared four ideas about how small companies can work with the NSA. First, the NSA operates with many niche markets, so it is looking for specific expertise. Second, several large contracts currently are in force, and small business owners should investigate how to become part of those contracts. Third, when small companies do not want to be part of a large contractor team, they should present themselves to the agency as an independent company interested in direct work. Fourth, companies should present solutions to the NSA that can be used across the entire intelligence community because that is the direction in which the intelligence agencies are moving.

Miller also recommended that small company owners keep track what types of capabilities the intelligence community is purchasing and should stay away from offering proprietary products. He stated that it is not impossible to work with the NSA even if a company does not have security clearances. “NSA is very serious about working with small businesses. We cannot do our job without the contractor community,” he said.

The DIA’s representative at the forum was Vivian Turnbull, vice deputy director for information management and CIO. Turnbull shared that her organization has signed a Letter of Strategic Intent with the National Geospatial-Intelligence Organization and that, to some degree, will eliminate the duplication of effort of the two agencies.

In terms of working with the DIA, Turnbull said that agility is key. The agency has a variety of skill sets but does not conduct research and development itself. Instead, it relies on other intelligence community organizations and industry to bring new capabilities into its Innovation Department.

The DIA’s focus today is on decreasing the time it takes to get a product into the hands of warfighters and reducing costs. Small businesses must demonstrate how their solutions contribute to increasing the return on investment as well as support scalability. The agency is particularly interested in innovations for dealing with cyberspace challenges.

Dean Hall, associate executive assistant director and deputy CIO, FBI, pointed out that his organization is so multidimensional that it presents many opportunities for small businesses to provide solutions. He recommended that companies go to either the U.S. Department of Justice or FBI small business offices to find out about many projects that do not require security-cleared personnel.

Hall listed several of the bureau’s priority needs, which includes next-generation biometrics capabilities. “Secure mobile communications also is a high priority for the FBI. We also are embarking on a technology refresh as we’re about five years past the Trilogy program, and we are now moving to the next-generation workspace.” Like many of the other agencies, the FBI plans to change to enterprise architecture rather than purchase or build individual systems.

Dr. William Nolte, research professor and director of the Center for Intelligence Research and Education, University of Maryland, laid the problems on the line regarding industry and intelligence community organizations during the AFCEA Small Business Intelligence Forum, which took place today in Fairfax, Virginia. Ranging from determining who is in charge to the acquisition process, Nolte forthrightly shared that the many of the systems that facilitate government-industry partnerships are broken.

One underlying issue that has yet to be resolved is who is in charge of the intelligence community as a whole. While the Office of the Director of National Intelligence was formed to create a centralized control authority, there are exceptions to the rule, including the CIA and the cyberspace realm. This is leading to serious problems. “We’re in a bad way in terms of the oversight process,” Nolte said.

The acquisition system as it stands today is broken, he added. This is a condition that small businesses in particular cannot handle. They rely heavily on being paid for their goods or services in a timely manner; however, this often is not the case when working with the federal government in general. “This problem has gotten better since I retired, but there won’t be any shift in [the way that] acquisition is done in the near future,” he stated. Nolte retired from the government in February 2006 after serving as the Assistant Deputy Director of National Intelligence for Education and Training and the Chancellor of the National Intelligence University System.

Many issues could be resolved if Congress had a better handle on the issues that surround the acquisition, he proposed. “Is there a global war on contractors?” he quipped. “Probably not, but there will be a change from the [immediate] post-9/11 pattern. We need to get Congress to understand that there’s a difference between crooks and a broken system. But [in response to a problem] Congress does two things: nothing or overreact.” The procurement power base still resides in the agencies, Nolte noted.

Despite hurdles, both the intelligence community and industry must work hard to work together. “The business community—including small businesses—must be a partner in American national security efforts,” Nolte asserted. This includes bringing industry in to solve cybersecurity issues, he added.

AFCEA Intelligence and the Naval Intelligence Professionals/Naval Intelligence Foundation (NIP/NIF) have joined forces to sponsor two annual writing contests.

The contests provide intelligence professionals with opportunities to express themselves on topics of importance to the Intelligence Community and national security.

In the AFCEA 2009 Essay Contest, on “Safety, Security, and Privacy, respondents are asked to address the following problem statement:

As the internal threat from terrorism has increased, the U.S. government has employed new and different methods to collect intelligence to forestall future attacks on U.S. soil. Discuss the implications of these actions on Constitutional guarantees of privacy for U.S. citizens versus the government’s imperative to provide safety and security. Include recommendations as to how this balance can be better maintained.

Top prize is $2,000 and a two-year AFCEA membership. More information on the contest, including deadline and eligibility, is available here.

The Naval Intelligence 2009 Essay Contest is sponsored by the Naval Intelligence Foundation, Naval Intelligence Professionals, and AFCEA, and underwritten in part by the Inman Foundation. Entrants can write about any subject pertaining to Naval Intelligence or intelligence support to naval forces.

Top prize includes $1,000, a five year membership in the Naval Intelligence and a two-year membership in AFCEA. More information on the contest, including deadline and eligibility, is available here.