$6B DHS cybersecurity contract sets off race to supply real-time monitoring to feds
- 23 August, 2013 20:03
The Department of Homeland Security's $6 billion cybersecurity award last week to a slew of contractors and vendors sets in motion a contest among them to sell federal agencies on new network monitoring, vulnerability assessment and mitigation technologies. The underlying goal of this massive "Continuous Diagnostics and Mitigation" (CDM) contract is to spur federal civilian agencies to move away from static approaches to network-security compliance reporting in favor of real-time monitoring.
"What they're trying to accomplish here is moving from FISMA [Federal Information Security Management Act] reporting quarterly to see what's going on a daily basis," says Peter Allor, federal cybersecurity strategist for IBM Security Systems, alluding to the government's IT compliance-reporting obligations spelled out under FISMA. FISMA, passed in 2002, is now widely seen as too much of a check-the-box approach, given how many security monitoring technologies support a real-time approach. IBM is just one vendor among the crowd of 17 systems integrators that won a spot on the DHS CDM contract awarded last week.
John Streufert, director of the National Cybersecurity Division at DHS, had a hand in the CDM last November before the RFP was issued. At the time, he expressed hope CDM might one day become a "cyberscope" for the federal agencies to know what's happening in real-time on their networks and a way to mitigate vulnerability problems. He says federal agencies need to get away from inefficient and untimely paper-based vulnerability reporting.
Along with IBM, the systems integrators winning a spot on CDM include Booz Allen Hamilton, CSC, Knowledge Consulting Group, Lockheed Martin, Northrop Grumman, SAIC and ManTech. The contract also brings in dozens of vendors of monitoring, scanning, log management and security-information and event management tools. These include McAfee, Symantec, ForeScout, Splunk, Veracode, Rapid7, Core Impact, Microsoft, RedSeal, nCircle and several more. ForeScout, for example, said its CounterACT monitoring product has been included in product suites put forward by 11 out of the 17 systems integrators winning the contract.
The products and services under the CDM contract award will be available through the General Services Administration. However, DHS is expected to oversee the contract, which is established as a 1-year baseline for "indefinite quantity, indefinite delivery" purchases by agencies for a maximum total of five years and $6 billion if all options are exercised.
IBM, which will be selling its Security Endpoint Manager, Security AppScan and QRadar SIEM, notes the contract is set up in a way to engender competition while making it easier for civilian federal agencies to buy monitoring and mitigation products. The contract is also expected to be available to state and local agencies.
The CDM contract was also put forward with the idea that there could be Continuous Monitoring as-a-Service (CMaaS), meaning some larger agencies could take on the role of providing services to smaller agencies.
Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security. Twitter: MessmerE. E-mail: firstname.lastname@example.org
Read more about wide area network in Network World's Wide Area Network section.
Join the Computerworld Australia group on Linkedin. The group is open to IT Directors, IT Managers, Infrastructure Managers, Network Managers, Security Managers, Communications Managers.
- Credit Union Australia signs Good Technology to secure 400 devices
- Taxi startup ingogo hails $3.4 million in latest funding round
- Updated: Federal Court dismisses Aust Post trade mark appeal
- Ruyton Girls’ School to swap paper books for tablets
- Training critical to Australia tapping broadband potential: CSIRO
Training critical to Australia tapping broadband potential: CSIRO
US faces major Internet image problem, former gov't official says
Why CIOs stick with cloud computing despite NSA snooping scandal
Telstra hits 300 Mbps in LTE-A trial
TPG buys AAPT