Booz Allen Hamilton [BAH] this month received a $39.3 million task order under the first phase of a cyber security program aimed at interior protection for federal civilian agencies.
The award to Booz Allen covers the Departments of Agriculture, Energy, Interior, Transportation, the Veterans Administration, and the Office of Personnel Management, the General Services Administration (GSA) said. GSA is managing the acquisition of the Continuous Diagnostics and Mitigation (CDM) program for the Department of Homeland Security, which is overseeing the implementation of the security effort.
The award is the second under the GSA Continuous Monitoring as a Service Blanket Purchase Agreement Task Order 2 that GSA is managing for the CDM acquisition. The first award under Task Order 2 was made in February to Knowledge Consulting Group (KCG) and covers DHS and its components. That award is for $29.1 million.
With the award to Booz Allen, once the company implements its CDM solutions for the respective departments and agencies, 55 percent of the federal civilian government in terms of personnel will be covered under Phase 1 of the program, Andy Ozment, assistant secretary for the Office of Cybersecurity and Communication at DHS, tells the Senate Appropriations Homeland Security Subcommittee. He says the latest award marked “a major milestone” in the program and stated in his prepared remarks that additional task orders under the CDM program will be made through fiscal years 2015 and 2016, he says.
Implementation of the Phase One continuous monitoring as a service awards will take “some months,” Ozment says.
Phase one of the CDM cover basic security monitoring services. Phase 2 of the program will focus on “identity management” and ensure that specific users on agency networks are authorized to be in certain areas of the network, Ozment says.
In 2013 DHS selected 17 companies to compete for task orders under the CDM program. In Jan. 2014, the first task orders were made to Hewlett Packard [HPQ], KCG, Northrop Grumman [NOC], and Technica. Those task orders, worth a combined $60 million, were for sensors that the federal government could deploy to monitor their networks and respond to malicious traffic.
The CDM program is potentially worth $6 billion although so far only about $130 million in awards have been made.
While the CDM program is focused on interior security, it complements the Einstein intrusion detection and prevention program, which is aimed at detecting and ultimately preventing malicious cyber traffic from entering the information networks of federal civilian agencies. This program is being managed by DHS by contracting with Internet Service Providers that serve the federal government.
So far DHS has contracts with Verizon and CenturyLink for the prevention portion of Einstein, which is Einstein 3. These two providers cover about 50 percent of the traffic serving the federal civilian government, Ozment said, adding that the department is working to get other ISPs under contract.
Ozment says that Einstein is adaptable so that as new security technologies are developed the program can take advantage of them to adapt to changing threats from cyber enemies.