DHS: up to $6 billion contract for cyber continuous diagnostics and mitigation services
Early August, the Department of Homeland Security has awarded contracts to 17 firms to provide continuous diagnostics and mitigation services, also known as CDM, to the federal government, creating a potential model for private groups to measure and adjust their own cybersecurity efforts.
The new CDM contracts are intended to standardize and improve the federal government’s efforts to protect its own cyber assets, but DHS officials are also eager to develop metrics for measuring how the private sector adopts the voluntary cybersecurity framework under development by the National Institute of Standards and Technology.
The CDM program is designed to defend public sector IT networks from cyber threats by providing continuous monitoring sensors, diagnosis, mitigation tools and CMaaS to strengthen the security posture of government networks. U.S. state and local governments can also take advantage of the sophisticated services available under this contract.
The DHS contracts to apply continuous diagnostics and mitigation across civilian federal agencies could provide a useful case study for private operators of critical infrastructure.
Booz Allen, IBM, General Dynamics-IT, Lockheed Martin, Northrop Grumman, Hewlett Packard, SAIC and CGI Federal Inc. (CGI) were among the 17 contract winners announced on Aug. 12. McAfee will provide the tool suites under many of the contracts. The contract is worth up to $6 billion, according to Federal News Radio, which first reported the contract awards. One observer says this is “the first major strategic cybersecurity procurement made by DHS.”
Under the CDM program, DHS will apply consistent cybersecurity standards across civilian agencies and provide incentives for agencies to improve their security postures and meet the requirements of President Obama’s February executive order on cybersecurity. But the implications could extend into the private sector.