Dozens of companies are vying for contracts to be part of the Department of Homeland Security’s new shopping hub where federal, state, and local agencies can buy services to protect their computer networks, according to a Bloomberg BusinessWeek report.
As many as five companies will be awarded contracts by the General Services Administration, BusinessWeek reported on Tuesday. The $6 billion figure is the maximum value of those contracts, which can be as long as five years. BusinessWeek has confirmed major defense and government contractors Northrop Grumman, Lockheed Martin, SAIC, and Computer Sciences Corp. have also submitted bids.
“We’re not talking about buying pencils; we’re talking about an advanced technology architecture system,” Michael Carpenter, president of U.S. sales for McAfee, told Bloomberg BusinessWeek. McAfee is one of the companies interested in being part of the program.
The program is the result of the executive order from President Barack Obama in February directing Homeland Security to protect unclassified government networks. The order requires DHS to ensure unclassified government networks are scanned constantly for threats, defended from attacks, and regularly audited to be compliant with computer security rules.
The suppliers who win the contracts will be able to provide hardware, software, and consulting services to government agencies. While Homeland Security can’t compel agencies to buy services and technologies through program, it is intended for civilian government agencies, BusinessWeek said.
The government will need various types of services as part of this hub, Robert Hansen, director of product management and technical evangelist at WhiteHat Security, told SecurityWeek. It could include anything from generic secure network design and architecture to specific point solutions that identify anomalous traffic, he said. Services that look at netflow data and analyze how data is moving through the network, log analytics for networks and applications, and even anti-distributed denial of service tools will have room under this program, he said.
“There is a growing interest in how the government will begin buying 0day exploits from vendors as well,” Hansen said.
Some controls will likely be necessary and contracts will be strict, especially in the post-Edward-Snowden era. Snowden was a former Booz Allen Hamilton employee who was contracted to various government agencies such as the Central Intelligence Agency and the National Security Agency. “The government will need to be choosy about whom it decides to share data with,” Hansen said.
It will also be important that all software and hardware be audited to ensure there are no backdoors implanted by dangerous foreign actors or other malicious actors, he added.
“There are a lot of people moving into this space. But the requirements are stiff – Common Criteria labs testing, ISO certification and the complex bidding process,” Hansen said.