DHS Rolls Out Cyber Security Program for Federal Agencies
DHS is allocating $6 billion in funding for the initiative, which will provide enhanced cyber security to civilian federal agencies. In August 2013, DHS chose the 17 companies that can compete for the pot of money.
The first phase of the program focuses on hardware and software asset management, configuration settings, known vulnerabilities and malware, according to a 2013 DHS PowerPoint.
During that phase’s second task order, which is currently underway, contractors bid on federal agencies and departments organized into groups A through F. Each group awards a contract to the company with the best solution.
“Over the course of the summer, all of the agencies in the entire federal government will be awarded out in phase one of CDM to one of the 17 respondents,” said Paul Christman, vice president of public sector sales and marketing for Dell. “Of the 17, you’re not going to get 17 responses for every single solicitation,” he added. Some of the contractors are going to bid on agencies they have existing ties with. Others will avoid submitting proposals to agencies they haven’t dealt with in the past.
“A lot of the end user agencies have publicly voiced their distrust,” he said. They don’t want DHS inspecting their systems. “If you read the CDM procurement and you look at the first authorization for that whole process, it goes to great lengths to say that CDM will not audit and inspect the other agencies.”
On the other hand, they will be assuaged by the fact that the funding is coming from DHS, not out their own budgets, he added.
The tools and services delivered by the contractors in the CDM program will enhance and automate existing continuous network monitoring capabilities, correlate and analyze security-related data and enhance risk-based decision making on the agencies’ networks, according to the General Services Administration’s website.
In March, Knowledge Consulting Group became the first contractor to earn an award in the second task order, receiving $29 million to build and operate a continuous monitoring as a service solution for Group A, which includes DHS and its components.
An award announcement for Group B — encompassing the departments of Agriculture, Transportation, Energy and Interior as well as Veterans Affairs, the Executive Office of the President and the Office of Personnel Management — is scheduled for the third quarter of fiscal year 2015. Groups C through E are anticipated to follow before the end of fiscal 2015, reported the Financial Times.
In addition to the 17 prime contractors, there are several companies that will supply technology products and engineering expertise to the bidding companies.
Dell has a relationship with all of the contractors and tailored products for each phase of the process, said Christman. The company will introduce its biggest offering with technology that focuses on perimeter protection and access management — such as a cloud-access manager — in phase two. Most solutions for phase one will be provided by consulting services, he noted.
The most interesting solutions will be created for Group F, which comprises small agencies with zero infrastructure and very little IT expertise, said Christman.
“The integrator that wins that one is going to have to provide all of the capabilities for phase one as a service consumed offsite,” he said. “It’s going to be different from all of the previous phases, which will be delivered on [premise] in the various agencies.”
If the contractors bidding on Group F are able to find a cost-effective, cloud-based solution, companies might consider bidding “as a service” in phase two for groups A through E, said Christman.