Bidding is open for the contracts to implement the program, which could be awarded to as many as five companies by the General Services Administration, according to a request for bids reported by BusinessWeek. So far, the list of bidders includes a range of security companies, like McAfee, along with usual-suspects defense contractors like Lockheed Martin, Northrop Grumman and SAIC Inc.
The suppliers will provide a centralized way for government agencies to procure hardware, software and consulting services for continuous monitoring and real-time threat detection. The hope is to standardize approaches and tools for cybersecurity across the government infrastructure, including for smaller entities that don’t have the big budgets some of their counterparts do to adequately secure their networks. In fact, an internal review found that 62%, or 15 out of 24 major civilian agencies, do not have acceptable surveillance programs. Those include the Agriculture Department, Environmental Protection Agency and Social Security Administration.
The program will also help to implement access controls and monitoring reports across agencies that can prevent incidents like defense contractor Edward Snowden’s leak of Operation PRISM, or the US Economic Development Administration’s $3 million fight against non-existent malware.
The DHS will act as the central management authority for the program's implementation, dubbed the Continuous Diagnostics and Mitigation program.
“We’re not talking about buying pencils; we’re talking about an advanced technology architecture system,” Michael Carpenter, president of US sales for McAfee told Bloomberg. “This is the first time I’ve seen in civilian government where they’ve come together for an entire joint acquisition.”
The program, first announced in January, has become part of the ongoing effort to fulfill the requirements of a February executive order from President Obama, which, among other things, directed the DHS to step up efforts to implement continuous monitoring across government agencies.