Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?


Management & Strategy

DHS to Launch Cybersecurity Marketplace

Dozens of companies are vying for contracts to be part of the Department of Homeland Security’s new shopping hub where federal, state, and local agencies can buy services to protect their computer networks, according to a Bloomberg BusinessWeek report.

Dozens of companies are vying for contracts to be part of the Department of Homeland Security’s new shopping hub where federal, state, and local agencies can buy services to protect their computer networks, according to a Bloomberg BusinessWeek report.

As many as five companies will be awarded contracts by the General Services Administration, BusinessWeek reported on Tuesday. The $6 billion figure is the maximum value of those contracts, which can be as long as five years. BusinessWeek has confirmed major defense and government contractors Northrop Grumman, Lockheed Martin, SAIC, and Computer Sciences Corp. have also submitted bids.

“We’re not talking about buying pencils; we’re talking about an advanced technology architecture system,” Michael Carpenter, president of U.S. sales for McAfee, told Bloomberg BusinessWeek. McAfee is one of the companies interested in being part of the program.

MarketplaceThe program is the result of the executive order from President Barack Obama in February directing Homeland Security to protect unclassified government networks. The order requires DHS to ensure unclassified government networks are scanned constantly for threats, defended from attacks, and regularly audited to be compliant with computer security rules.

The suppliers who win the contracts will be able to provide hardware, software, and consulting services to government agencies. While Homeland Security can’t compel agencies to buy services and technologies through program, it is intended for civilian government agencies, BusinessWeek said.

The government will need various types of services as part of this hub, Robert Hansen, director of product management and technical evangelist at WhiteHat Security, told SecurityWeek. It could include anything from generic secure network design and architecture to specific point solutions that identify anomalous traffic, he said. Services that look at netflow data and analyze how data is moving through the network, log analytics for networks and applications, and even anti-distributed denial of service tools will have room under this program, he said.

“There is a growing interest in how the government will begin buying 0day exploits from vendors as well,” Hansen said.

Some controls will likely be necessary and contracts will be strict, especially in the post-Edward-Snowden era. Snowden was a former Booz Allen Hamilton employee who was contracted to various government agencies such as the Central Intelligence Agency and the National Security Agency. “The government will need to be choosy about whom it decides to share data with,” Hansen said.

Advertisement. Scroll to continue reading.

It will also be important that all software and hardware be audited to ensure there are no backdoors implanted by dangerous foreign actors or other malicious actors, he added.

“There are a lot of people moving into this space. But the requirements are stiff – Common Criteria labs testing, ISO certification and the complex bidding process,” Hansen said.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...