Thanks to the voluminous and highly complex Federal Acquisition Regulations, the US government is moving too slow to purchase and acquire current cyber security defense technologies this increasing unnecessary risk to federal and military information systems (emphasis added):
Cybersecurity is one area in which agencies appear to have failed to take advantage of private sector innovation. The Obama administration in June called on agencies to shore up their network security after the hack of the Office of Personnel Management exposed personal information on as many as 21 million people, including millions of federal employees with security clearances.
At roughly the same time, the Navy renewed its contract to operate its computers using Windows XP, the operating system first released in 2001 which no longer receives tech support from Microsoft. The Navy entered into a $9 million contract with Microsoft to continue to provide security patches for the now-defunct software.
Agencies like the Defense Department use outdated software because procurement rules at the General Services Administration require programs to be on the market for two years to be eligible for government use, says Erica McCann, director of federal procurement for the Information Technology Alliance for the Public Sector tech trade association.
“Products for IT get overlapped by new software within six months, never mind the two-year waiting period,” McCann explains. “These problems are pervasive throughout the government.”
Defense Secretary Ash Carter has said the Pentagon needs more help from Silicon Valley to keep its computerized weapon systems and its office networks at the cutting edge of tech innovation. Carter has recently tried to attract programmers to work with the government to boost its IT staff instead of taking a higher paying job at a private sector firm. These efforts included opening a full-time DoD outreach office in Silicon Valley, called the Defense Innovation Unit Experimental.