US National Cybersecurity Plan Costs $19b

The US Government is contemplating a one-stop shop for agencies to quickly buy cyber-incident response services as part of a $19 billion national cybersecurity plan.

A new request for information asks security vendors for advice on consolidating preventive, reactive and fix-it help within the government’s biggest pre-approved IT contractor list.  

The proposed "Highly Adaptive Cybersecurity Services" would be available through the list, called General Services Administration IT Schedule 70.

GSA issued the market research survey to receive feedback and learn how contractors currently listed on Schedule 70 have been selling their cyber help.

GSA expects that providing agencies a single menu of options will better reflect the present marketplace and the government's needs, plus minimize costs. The line item also should allow IT contractors already on Schedule 70 "to more easily differentiate cybersecurity services from other IT offerings," the market research questionnaire states.  

The government anticipates "proactive services" would include identifying legitimate IT assets that are on your network, scanning for security vulnerabilities, and testing employees' reflexes to fraudulent "phishing" emails. The preventive measures also consist of web application assessments and hunts to spot undetected adversaries or breaches. 

The proposed "reactive services" essentially are emergency response services, like determining the extent of a breach, kicking the bad guys out of the system, and restoring the network.

The "remediation services" might include technical support for security controls, system updates, or architectural improvements to fix the problems found during proactive or reactionary network evaluations.

The Highly Adaptive Cybersecurity Services proposal traces its origins to high-profile hacks at the Postal Service, White House, State Department and Office of Personnel Management, among other agencies.

In February, Obama released a $19 billion Cybersecurity National Action Plan that, along with other things, called for GSA to create contracting services that would allow agencies to buy a common set of incident response, penetration testing and hacker-hunting services from top commercial companies.

“The truth is that no matter how good that we get, we will never stop 100 percent of all intrusions,” so the initiative includes incident response elements, White House cyber czar Michael Daniel said at the time.

The national cyber agenda subsumed an earlier, fall 2015 Cybersecurity Strategy and Implementation Plan that, similarly, required GSA to research contract options and establish a way for agencies to fast-track incident response deals.

"GSA believes the cybersecurity services market is sufficiently mature for this [new contract category] to attract both industry partners and government buyers," agency officials said in the new request for information.

NextGov

« British Companies Buy Bitcoins As Ransom Money
The Secret History of Cyber War »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

UCD Centre for Cybersecurity and Cybercrime Investigation

UCD Centre for Cybersecurity and Cybercrime Investigation

UCD Centre for Cybersecurity and Cybercrime Investigation is Europe's leading centre for research & education in cybersecurity, cybercrime and digital forensics.

Fortify Experts

Fortify Experts

Fortify Experts is a search and recruitment firm specializing in Cyber Security.

BSA - The Software Alliance

BSA - The Software Alliance

BSA is the leading advocate for the global software industry before governments and in the international marketplace.

Mitchell Sandham

Mitchell Sandham

Mitchell Sandham is an, independent insurance and financial services brokerage. Business products include Cyber/Privacy Liability insurance.

SecLytics

SecLytics

SecLytics is the leader in Predictive Threat Intelligence. Our SaaS-based Augur platform leverages behavioral profiling and machine learning to hunt down cyber criminals.

Chainalysis

Chainalysis

Chainalysis provides blockchain analysis software to prevent, detect and investigate cryptocurrency money laundering, fraud and compliance violations.

CERT-PH

CERT-PH

CERT-PH is the National Computer Emergency Response Team and the highest body for cybersecurity related activities in the Philippines.

Portuguese Institute for Accreditation (IPAC)

Portuguese Institute for Accreditation (IPAC)

IPAC is the national accreditation body for Portugal. The directory of members provides details of organisations offering certification services for ISO 27001.

DCX Technology

DCX Technology

Recognized as a leader in security services, DXC Technology help clients prevent potential attack pathways, reduce cyber risk and improve threat detection and incident response.

ISARR

ISARR

The ISARR software platform - your bespoke Risk, Resilience & Security Management solution. Simple, cost effective and adaptable, now and into the future.

AnaVation

AnaVation

AnaVation is a trusted partner delivering high-value, cost-effective solutions that solve the most complex technical and analytical problems for our customers.

Syracom

Syracom

syracom is a consultancy firm specialized in development of efficient business processes. With our expertise and IT competence, we develop tailored solutions for customers in various industries.

Ruptura InfoSecurity

Ruptura InfoSecurity

Ruptura InfoSecurity provide CREST Accredited Penetration Testing & Offensive Security Services. We secure your critical assets through targeted and research driven penetration testing.

Oligo Security

Oligo Security

Oligo aims to streamline the usage of open source by making it secure and easy to protect. Through focusing developers on the relevant vulnerabilities we make the fixing process significantly shorter.

OSP Cyber Academy

OSP Cyber Academy

OSP Cyber Academy are a managed service provider of cyber, information security and data protection training.

Loccus AI

Loccus AI

Loccus are developers of AI solutions in the voice safety space. We build identity verification solutions, deepfake detection systems and fraud protection products for companies and end-users.