US National Cybersecurity Plan Costs $19b

Uploaded on 2016-06-27 in NEWS-Cybersecurity News, GOVERNMENT-National, FREE TO VIEW

The US Government is contemplating a one-stop shop for agencies to quickly buy cyber-incident response services as part of a $19 billion national cybersecurity plan.

A new request for information asks security vendors for advice on consolidating preventive, reactive and fix-it help within the government’s biggest pre-approved IT contractor list.  

The proposed "Highly Adaptive Cybersecurity Services" would be available through the list, called General Services Administration IT Schedule 70.

GSA issued the market research survey to receive feedback and learn how contractors currently listed on Schedule 70 have been selling their cyber help.

GSA expects that providing agencies a single menu of options will better reflect the present marketplace and the government's needs, plus minimize costs. The line item also should allow IT contractors already on Schedule 70 "to more easily differentiate cybersecurity services from other IT offerings," the market research questionnaire states.  

The government anticipates "proactive services" would include identifying legitimate IT assets that are on your network, scanning for security vulnerabilities, and testing employees' reflexes to fraudulent "phishing" emails. The preventive measures also consist of web application assessments and hunts to spot undetected adversaries or breaches. 

The proposed "reactive services" essentially are emergency response services, like determining the extent of a breach, kicking the bad guys out of the system, and restoring the network.

The "remediation services" might include technical support for security controls, system updates, or architectural improvements to fix the problems found during proactive or reactionary network evaluations.

The Highly Adaptive Cybersecurity Services proposal traces its origins to high-profile hacks at the Postal Service, White House, State Department and Office of Personnel Management, among other agencies.

In February, Obama released a $19 billion Cybersecurity National Action Plan that, along with other things, called for GSA to create contracting services that would allow agencies to buy a common set of incident response, penetration testing and hacker-hunting services from top commercial companies.

“The truth is that no matter how good that we get, we will never stop 100 percent of all intrusions,” so the initiative includes incident response elements, White House cyber czar Michael Daniel said at the time.

The national cyber agenda subsumed an earlier, fall 2015 Cybersecurity Strategy and Implementation Plan that, similarly, required GSA to research contract options and establish a way for agencies to fast-track incident response deals.

"GSA believes the cybersecurity services market is sufficiently mature for this [new contract category] to attract both industry partners and government buyers," agency officials said in the new request for information.

NextGov

« British Companies Buy Bitcoins As Ransom Money
The Secret History of Cyber War »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Phoenix TS

Phoenix TS

Phoenix TS offers world-class management, computer, and IT security certification training courses.

CloudDNA

CloudDNA

CloudDNA deliver solutions that enable users and devices to connect over high performance, secure, efficient, scalable cloud networks.

Tinfoil Security

Tinfoil Security

Tinfoil is a simple, developer friendly service that lets you scan your website for vulnerabilities and fix them quickly and easily.

Gurucul

Gurucul

Gurucul predictive security analytics protects against insider threats, account compromise and data exfiltration on-premises and in the cloud.

Sigma Payment Solutions

Sigma Payment Solutions

Sigma Payment Solutions offers a comprehensive suite of automated payment processing services, solutions, and technology to businesses in the USA.

ABB

ABB

ABB is a pioneering technology leader in industrial digitalization. Services include cyber security for industrial control systems IoT.

Telelogos

Telelogos

Telelogos is a European provider of Enterprise Mobility Management software, Digital Signage software and Data Transfer and Synchronization software.

North European Cybersecurity Cluster (NECC)

North European Cybersecurity Cluster (NECC)

NECC promotes information security and cybersecurity-related cooperation and collaboration in the Northern European region in order to enhance integration into the European Digital Single Market.

Barbara IoT

Barbara IoT

Barbara is an industrial device platform specifically designed for IoT deployments.

Quintillion Consulting

Quintillion Consulting

Quintillion Consulting is a strategic risk based consulting firm. We help companies safeguard the core business and IT capabilities that deliver competitive advantage.

ANSEC IA

ANSEC IA

ANSEC is a consultancy practice providing independent Information Assurance and IT Security focussed services to customers throughout the UK, Ireland and internationally.

Nagios

Nagios

Nagios is a powerful tool that provides you with instant awareness of your organization’s mission-critical IT infrastructure.

Kiteworks

Kiteworks

Kiteworks (formerly Accellion) creates a dedicated Private Content Network that ensures zero-trust private content protection and compliance.

Sotero

Sotero

Sotero is the first cloud-native, zero trust data security platform that consolidates your entire security stack into one easy-to-manage environment.

SolidityScan

SolidityScan

SolidityScan is an advanced smart contract scanning tool designed to uncover vulnerabilities and proactively address risks within your code.

AuthenticID

AuthenticID

Our mission at AuthenticID is to combat fraud worldwide and help businesses protect their enterprise and valuable data assets.