US Government Security Contracts Trigger Industry Interest

The drive by the American government to improve the security at its civilian, intelligence and military agencies has attracted enormous interest from security vendors.

Almost two dozen teams of companies are competing for a piece of a $6 billion (£3.9bn) budget over the next five years, to deploy systems that will continuously monitor the security status of networks and systems.

Continuous Monitoring

In 2010, the US Congress updated the Federal Information Security Management Act, or FISMA, requiring that federal agencies move away from annual compliance and toward monitoring their security status on a daily, or continuous, basis.

In December, the US Department of Homeland Security issued a request for quote (RFQ) for companies to bid on building a subset of monitoring features, known as the continuous diagnostics and mitigation (CDM) project, that focus on discovering and managing hardware and software assets, patches and vulnerabilities. At stake is about $170 million (£112m) set aside for the project in the federal budget.

“This is a must win for all these companies, because it is the first wave of what could be a $6 billion (£3.9bn) program,” said Niels Jensen, regional vice president for federal services at ForeScout Technologies, a maker of network access control (NAC) systems.

Following regular breaches of federal agency networks and less than impressive grades on the annual FISMA report card, Congress decided to put the Department of Homeland Security on notice for the move to continuous monitoring because civilian agencies were having trouble selecting and deploying appropriate solutions.

Only 22 percent of agencies had met the original FISMA deadline for deploying a continuous monitoring system within their organisation by September 2011, according to a survey released by RedSeal Networks, a network monitoring and management firm. Even with the deadline extended to September 2012, only 45 percent of the federal agencies said they expected to be able to monitor key aspects of their organisation’s IT security, the survey found.

Tightening Security

The problem is that many civilian agencies do not have the budget, resources or skills to deploy the necessary technology to monitor their networks for misconfigurations, vulnerabilities and threats. Still, some agencies do not want to turn over control to another agency, such as the DHS. Yet, the administration appears to be taking a firm stance, according to ForeScout’s Jensen.

“Any time an organisation asks for money for anything that seems related to continuous monitoring, they are pushed toward talking to the DHS,” he said.

The project comes as attacks on agencies have increased dramatically. In 2010, the Department of Homeland Security detected nearly 8,000 incidents, up from approximately 2,100 two years earlier. In addition, a far greater number of those threats were related to malware – 84 percent in 2010 compared with 39 percent in 2008, according to a DHS presentation on the CDM project.

Federal agencies that deploy the technology should reduce their risk by nearly 90 percent, the DHS stated.

Think you know security? Try our quiz!

Originally published on eWeek.

Robert Lemos

Robert Lemos covers cyber security for TechWeekEurope and eWeek

Recent Posts

Amazon Last Minute Extension For Visa Card Payments

UK Amazon users can continue using their Visa cards for online shopping for now, after…

1 hour ago

Uber Competitor Bolt Raises Prices 10 Percent In London

Uber competitor Bolt raises prices 10 percent in London amidst driver shortage and regulatory changes…

1 day ago

US Auto Regulator Discusses ‘Safety Concerns’ With Tesla

US and Canadian regulators looking into possible safety issues with Tesla Model 3 and Model…

1 day ago

Cryptocurrency Funds Show Gains In Spite Of Selloff

Cryptocurrency-centric funds show strong gains for 2021, as assets such as Bitcoin and Ether rise…

1 day ago

Google, Facebook Chiefs Signed Off On Secret Deal, Lawsuit Says

Google's Sundar Pichai and Facebook's Mark Zuckerberg signed off on a deal to carve up…

1 day ago

North Korean Hackers ‘Stole $400m’ In 2021

Study finds North Korea-based hackers stealing more than $200m in cryptocurrency a year, rising to…

1 day ago