Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Management & Strategy

DHS to Launch Cybersecurity Marketplace

Dozens of companies are vying for contracts to be part of the Department of Homeland Security’s new shopping hub where federal, state, and local agencies can buy services to protect their computer networks, according to a Bloomberg BusinessWeek report.

Dozens of companies are vying for contracts to be part of the Department of Homeland Security’s new shopping hub where federal, state, and local agencies can buy services to protect their computer networks, according to a Bloomberg BusinessWeek report.

As many as five companies will be awarded contracts by the General Services Administration, BusinessWeek reported on Tuesday. The $6 billion figure is the maximum value of those contracts, which can be as long as five years. BusinessWeek has confirmed major defense and government contractors Northrop Grumman, Lockheed Martin, SAIC, and Computer Sciences Corp. have also submitted bids.

“We’re not talking about buying pencils; we’re talking about an advanced technology architecture system,” Michael Carpenter, president of U.S. sales for McAfee, told Bloomberg BusinessWeek. McAfee is one of the companies interested in being part of the program.

MarketplaceThe program is the result of the executive order from President Barack Obama in February directing Homeland Security to protect unclassified government networks. The order requires DHS to ensure unclassified government networks are scanned constantly for threats, defended from attacks, and regularly audited to be compliant with computer security rules.

The suppliers who win the contracts will be able to provide hardware, software, and consulting services to government agencies. While Homeland Security can’t compel agencies to buy services and technologies through program, it is intended for civilian government agencies, BusinessWeek said.

The government will need various types of services as part of this hub, Robert Hansen, director of product management and technical evangelist at WhiteHat Security, told SecurityWeek. It could include anything from generic secure network design and architecture to specific point solutions that identify anomalous traffic, he said. Services that look at netflow data and analyze how data is moving through the network, log analytics for networks and applications, and even anti-distributed denial of service tools will have room under this program, he said.

“There is a growing interest in how the government will begin buying 0day exploits from vendors as well,” Hansen said.

Some controls will likely be necessary and contracts will be strict, especially in the post-Edward-Snowden era. Snowden was a former Booz Allen Hamilton employee who was contracted to various government agencies such as the Central Intelligence Agency and the National Security Agency. “The government will need to be choosy about whom it decides to share data with,” Hansen said.

It will also be important that all software and hardware be audited to ensure there are no backdoors implanted by dangerous foreign actors or other malicious actors, he added.

Advertisement. Scroll to continue reading.

“There are a lot of people moving into this space. But the requirements are stiff – Common Criteria labs testing, ISO certification and the complex bidding process,” Hansen said.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...