A New Breed of Deals

A NEW BREED OF DEALS

THE ENERGY Department and Oracle Corp.-one of the nation's biggest software makers-have announced a landmark contract that may make waves across the federal technology market.

Valued at about $5 million, the deal is a pittance to a titan like Oracle, whose largest customer is the federal government. But how Energy pried some of the most significant concessions from any vendor in recent memory has computer security and procurement wonks buzzing.

When Oracle delivers its next batch of departmentwide licenses to Energy for its database software, the package will have more than 250 customized security modifications built in. Currently, those tweaks aren't included in the commercial version.

Energy wanted those changes because its scientists and researchers traffic so heavily in classified information, said Karen Evans, Energy's former chief information officer, at a news conference in mid-September. And she said department officials told Oracle that if it wanted Energy's business, the company would have to offer some special service in addition to the security tweaks.

Energy looked at how Oracle manages its software distribution internally, from a central monitoring location, and said, "Do that for us," Evans said. Managing the software from a single point allows Energy to know which of its locations are using a particular version of software, and also better respond to security weaknesses when they appear, Evans said.

The Office of Management and Budget has told agencies to use the government's buying power to put the squeeze on vendors to make deals like this. Evans will now have more power to see that it happens, as she takes over the reins from Mark Forman as OMB's e-government and information technology chief.

Evans, who noted that Oracle software is used widely throughout Energy, said the special features haven't added a cent to the price of the agency's software license. She and other officials present at the September announcement said they expect more federal agencies will follow Energy's lead and compel contractors to give their government clients some extra perks. And with a new OMB mandate, called SmartBUY, to clear all enterprise software purchases through the General Services Administration, it may be easier for agencies to get their contractors to play ball.

'PROCUREMENT GUY' THE CLASSIC INSIDER

A 5-YEAR-OLD Silicon Valley startup is making headway into the federal market, with the help of an ex-government insider who modestly describes himself as "a procurement guy."

Two years ago, Carl Wright retired as a data systems officer in the Marine Corps and went to Securify, a network security company in Mountain View, Calif.

Wright's mission was hardly simple: Build the company's federal presence, which was nonexistent.

Now, Wright has proved that when it comes to winning the government's business, it's not just what you know, but who you know, that matters. One of Securify's biggest contracting scores came on the $7 billion Navy Marine Corps Intranet project, which is run by Electronic Data Systems Corp.

By pitching contacts he had at EDS and in the Corps when he was a technical adviser on the Intranet project, Wright persuaded both sides that Securify's software-designed to find security weaknesses before they're breached-was the one to buy. Securify is now a subcontractor to EDS.

Of his successful deal-making, Wright says, he knew not just "which person to talk to, but which organization to talk to. . . . [That's] half the battle of doing business in the federal government."

SOBIG: A LOOK BACK

ON SEPT. 10, the now-notorious SoBig worm performed a pre-programmed suicide of sorts and ceased its unprecedented barrage of e-mail spamming. Even those computer users who weren't infected by the worm-and not many were-saw the effects of SoBig firsthand from the piles of e-mails it sent out, arriving at in-boxes with such benign subject lines as "your details," "your application," and "wicked screensaver."

True to its word, SoBig did stop replicating itself on Sept. 10, and the e-mail flood subsided. Nevertheless, the worm's mark has federal officials and security experts wondering if SoBig isn't a harbinger of a new kind of online crime-a malicious computer worm that not only takes over infected computers, but uses them as a launching point for massive amounts of junk e-mail.

As security gurus puzzle out SoBig's intentions, here's a look back at some of the killer stats the worm left in its trail.

The Trail

  • Date worm began spreading: Tuesday, Aug. 19.
  • Number of e-mails infected by Sept. 10:
    More than 5 million.
  • Peak infection rate: An estimated one in every 17 e-mail messages on the Internet contained the worm.
  • Previous infection rate record holders:
    Love Bug (one in 20 e-mails infected)
    Klez (one in 25 e-mails infected)
  • How often SoBig sent out a mass mailing from an infected computer: Every 10 minutes.
  • Ratio of consumer infections to corporate infections: About 8-to-1.
  • Number of computers infected: About 100,000.

NEXT STORY: Picking Sides