Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

DHS Awards $6 Billion Cybersecurity Contract to 17 Firms

DHS Selects 17 Companies to Participate in $6 Billion ‘Continuous Diagnostics and Mitigation’ Contract

On Tuesday, 17 technology and defense contractors were awarded participation in a cybersecurity contract with the U.S. government that could be valued at as much as $6 billion over five years.

DHS Selects 17 Companies to Participate in $6 Billion ‘Continuous Diagnostics and Mitigation’ Contract

On Tuesday, 17 technology and defense contractors were awarded participation in a cybersecurity contract with the U.S. government that could be valued at as much as $6 billion over five years.

The General Services Administration (GSA) this week announced a contract award that will allow government agencies to partner with the Department of Homeland Security (DHS) to deploy Continuous Diagnostics and Mitigation (CDM) technology that will enhance the security and resilience of their networks.

According to the DHS, the Continuous Diagnostics and Mitigation program was designed to defend Federal IT networks from cyber threats by providing continuous monitoring sensors (tools), diagnosis, mitigation tools, dashboards, and Continuous Monitoring as a Service (CMaaS) to strengthen the security posture of Government networks.

“The CDM Program brings an enterprise approach to continuous diagnostics, and allows consistent application of best practices,” the DHS explained.

As reported by SecurityWeek when rumors of the initiative surfaced, the new program essentially creates a shopping hub where federal, state, and local agencies can buy services to protect their computer networks.

The program is the result of the executive order from President Barack Obama which requires the DHS to ensure unclassified government networks are scanned constantly for threats, defended from attacks, and regularly audited to be compliant with computer security rules.

According to Mike Lloyd, CTO at RedSeal Networks, the announcement of the award for the Continuous Diagnostics and Mitigation program is good news for citizens and taxpayers.

Advertisement. Scroll to continue reading.

“The DHS CDM program is a direct and significant step in the right direction, with the potential to offer senior leaders at DHS a level of situational awareness and risk management that has not been possible in the past,” Lloyd told SecurityWeek.

“Across the government sector – civilian, intelligence, and military – there is a concerted effort to adopt a defensive strategy known as Continuous Monitoring, described in detail in NIST publications that define a Risk Management Framework,” Lloyd explained. “This is a necessary and urgently needed response, focused on automation of the assessment of defensive state and attack readiness.”

The overarching contract has an estimated ceiling of $6 billion over its five-year duration, which is comprised of a one-year contract with four additional one-year options.

The vendors listed in the contract award include:

• Booz Allen Hamilton

• CGI Federal, Inc.

• Computer Sciences Corporation

• Digital Management, Inc.

• Dynamics Research Corporation

• General Dynamics Information Technology

• Hewlett Packard Enterprise Services

• IBM 

• Knowledge Consulting Group

• Kratos Technology and Training Solutions

• Lockheed Martin

• ManTech International 

• Northrop Grumman

• SAIC

• SRA International

• Technica Corporation

IBM said that as part of the rogram, agencies can leverage its consulting services as well security intelligence software including IBM Security Endpoint Manager, IBM Security Appscan and IBM Security QRadar.

“Under the CDM program, participating departments and agencies will be able to enhance their cybersecurity assessments by implementing automated network sensor capacity and prioritizing risk alerts,” the DHS explained. “Results will feed into agency-level dashboards that produce customized reports that alert information technology managers to the most critical cyber risks, enabling them to readily identify which network security issues to address first.”

The DHS also mentioned the importance it its network intrusion detection and prevention technology known as “Einstein” which went live with its latest iteration last month. 

Additionally, the DHS said that summary information from participating agencies would be fed into a central Federal-level dashboard, managed by DHS’ National Cybersecurity Communication and Integration Center, to inform and prioritize cyber risk assessments across Federal agencies.

One security expert warned that controls will be important and contracts should be strict, especially in the post-Edward-Snowden era.

“The government will need to be choosy about whom it decides to share data with,” Robert Hansen, director of product management and technical evangelist at WhiteHat Security, told SecurityWeek in a previous statement. Hansen also noted the importance of software and hardware being audited to ensure there are no backdoors implanted by dangerous foreign actors or other malicious actors. 

“Attackers have figured out how to twist doorknobs on an industrial scale – they can hit every angle across a complex and growing IT infrastructure, looking for any weak spots,” Red Seal’s Lloyd added. “Defenders need the same capability – the ability to find, understand, and prioritize all these weaknesses in full context of the mission of the organization. This takes vision, dedication, and large amounts of computing power to crunch all the attack scenarios – think of it as ‘Internet Wargaming’.”

More information on the DHS’ CDM Program is available online.

Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet