Raytheon [RTN] says the Department of Homeland Security (DHS) has re-awarded the company a potential $1 billion contract to support a cyber security system that the department uses to help protect federal civilian networks.

Raytheon originally won the Development, Operations and Maintenance (DOMino) contract in Sept. 2015 but a protest by Northrop Grumman [NOC], one of the losing bidders, held up work on the contract until DHS took corrective actions and then reaffirmed the original award in June of 2016, only to have Northrop protest again. DHS then cancelled the award, a department spokesman tells HSR.

The award was cancelled last August after the department decided again to take corrective action, according to a Feb. 7, 2017, decision brief by the Government Accountability Office, which dismissed Northrop Grumman’s request that it be reimbursed for costs associated with pursuing the protests of the DOMino award.

Raytheon made the announcement on June 19, saying the contract was re-awarded on June 9.

DOMino is classified. The program supports the National Cybersecurity Protection System [NCPS], better known as EINSTEIN, which is a platform that DHS uses to monitor, detect, and prevent malicious Internet traffic as it tries to cross into network systems operated by federal civilian agencies.

The original contract to support EINSTEIN was performed by General Dynamics [GD] although DOMino was a new competition for a repackaged scope of work.

The indefinite delivery, indefinite quantity contract is for five years.

Raytheon says it will help develop the next-generation of the NCPS and deliver new and upgraded capabilities that include intrusion detection and prevention, automation, analytics, and information sharing.

“Raytheon stands ready to help protect the networks of more than 100 federal government departments and agencies,” David Wajsgras, president of the company’s Intelligence, Information and Services sector, said in a statement. “Our cutting-edge vulnerability testing, proactive threat hunting and remediation technologies will enable critical systems to be resilient in the face of ever increasing cyber attacks.”

In the decision brief rejecting Northrop Grumman’s request to be reimbursed for its legal fees, GAO says that in its protests, the company “argued that two former DHS officials has competitively used nonpublic information, obtained additional information after leaving the agency, and used this information to participate in the preparation of the Raytheon proposal.” The decision brief adds that “Northrop also argued that one of the former DHS officials used the competitively useful nonpublic information in the preparation of the proposal of another offeror.”

DHS, in its own arguments to the GAO, said the former DHS officials in question left the department in Feb. 2012, two years before the DOMino solicitation was issued, and that the information they had access to prior to their departures wasn’t “competitively useful, and that “neither official had obtained competitively useful information” after leaving the agency.

DHS is requesting $397 million in FY ’18 for continued deployment and improvements to EINSTEIN. In FY ’18, DHS plans to integrate non-signature based threat detection capabilities into the system, and provide analytics capabilities to “improve the ability to prioritize cyber risks, automatically triage incidents, enrich indicators automatically, and automate response actions to protect D/As and other stakeholders,” according to budget documents. D/As refers to departments and agencies.

The documents also say that the planned investments in FY ’18 will be for developing Blocks 2.2 and 3.0. Block 2.2 is aimed at providing sharing of cyber security information in a secure environment at all classification levels across federal, state, local, tribal, private and international partners.

For Block 3.0, the goal is “to provide an active intrusion prevention capability that conducts threat-based decision making on network traffic entering or leaving the Federal Executive Branch civilian networks and disables attempted intrusions before harm is done,” the documents say.