US National Cybersecurity Plan Costs $19b

The US Government is contemplating a one-stop shop for agencies to quickly buy cyber-incident response services as part of a $19 billion national cybersecurity plan.

A new request for information asks security vendors for advice on consolidating preventive, reactive and fix-it help within the government’s biggest pre-approved IT contractor list.  

The proposed "Highly Adaptive Cybersecurity Services" would be available through the list, called General Services Administration IT Schedule 70.

GSA issued the market research survey to receive feedback and learn how contractors currently listed on Schedule 70 have been selling their cyber help.

GSA expects that providing agencies a single menu of options will better reflect the present marketplace and the government's needs, plus minimize costs. The line item also should allow IT contractors already on Schedule 70 "to more easily differentiate cybersecurity services from other IT offerings," the market research questionnaire states.  

The government anticipates "proactive services" would include identifying legitimate IT assets that are on your network, scanning for security vulnerabilities, and testing employees' reflexes to fraudulent "phishing" emails. The preventive measures also consist of web application assessments and hunts to spot undetected adversaries or breaches. 

The proposed "reactive services" essentially are emergency response services, like determining the extent of a breach, kicking the bad guys out of the system, and restoring the network.

The "remediation services" might include technical support for security controls, system updates, or architectural improvements to fix the problems found during proactive or reactionary network evaluations.

The Highly Adaptive Cybersecurity Services proposal traces its origins to high-profile hacks at the Postal Service, White House, State Department and Office of Personnel Management, among other agencies.

In February, Obama released a $19 billion Cybersecurity National Action Plan that, along with other things, called for GSA to create contracting services that would allow agencies to buy a common set of incident response, penetration testing and hacker-hunting services from top commercial companies.

“The truth is that no matter how good that we get, we will never stop 100 percent of all intrusions,” so the initiative includes incident response elements, White House cyber czar Michael Daniel said at the time.

The national cyber agenda subsumed an earlier, fall 2015 Cybersecurity Strategy and Implementation Plan that, similarly, required GSA to research contract options and establish a way for agencies to fast-track incident response deals.

"GSA believes the cybersecurity services market is sufficiently mature for this [new contract category] to attract both industry partners and government buyers," agency officials said in the new request for information.

NextGov

« British Companies Buy Bitcoins As Ransom Money
The Secret History of Cyber War »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Barracuda

Barracuda

Barracuda provides a comprehensive cybersecurity platform to protect organizations from all major attack vectors that are present in today’s complex threats.

Joe Security

Joe Security

Joe Security specializes in the development of automated malware analysis systems for malware detection and forensics.

Snyk

Snyk

Snyk is the leader in developer security. We empower the world’s developers to build secure applications and equip security teams to meet the demands of the digital world.

BankVault

BankVault

BankVault is a new type of cyber technology (called remote isolation) which sidesteps your local machine and any possible malware.

Open Connectivity Foundation (OCF)

Open Connectivity Foundation (OCF)

OCF is dedicated to ensuring secure interoperability ensuring secure interoperability of IoT for consumers, businesses and industries.

Selectron Systems

Selectron Systems

Selectron offers system solutions for automation in rail vehicles and support in dealing with your railway cyber security challenges.

Cybermerc

Cybermerc

Cybermerc's services, training programmes and cyber security solutions are designed to forge collaborations across industry, government and academia, for collective defence of our digital borders.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

NewAE Technology

NewAE Technology

NewAE Technology is revolutionizing the hardware security market by making every engineer and designer aware of side-channel power analysis and glitching as important attack vectors.

Clearnetwork

Clearnetwork

Clearnetwork specializes in managed cybersecurity solutions that enable both public and private organizations improve their security posture affordably.

Zilla Security

Zilla Security

Zilla combines identity governance with cloud security to deliver comprehensive access visibility, reviews, lifecycle management, and policy-based security remediation.

Otto

Otto

Stop Client-Side Attacks. Plug otto into your application security suite and protect your supply chain.

CloudScale365

CloudScale365

CloudScale365 offers state-of-the-art managed IT services and cloud, hosting, security, and business continuity solutions.

Securious

Securious

If you need to improve your cyber security or achieve cyber security accreditations, Securious provide an independent service that will identify and address your issues quickly and efficiently.

Aembit

Aembit

Aembit is the Identity Platform that lets DevOps and Security manage, enforce, and audit access between federated workloads

Darwinium

Darwinium

Darwinium is a Cyberfraud Prevention Platform that provides scalable customer journey protection without complexity.