US National Cybersecurity Plan Costs $19b

Uploaded on 2016-06-27 in NEWS-Cybersecurity News, GOVERNMENT-National, FREE TO VIEW

The US Government is contemplating a one-stop shop for agencies to quickly buy cyber-incident response services as part of a $19 billion national cybersecurity plan.

A new request for information asks security vendors for advice on consolidating preventive, reactive and fix-it help within the government’s biggest pre-approved IT contractor list.  

The proposed "Highly Adaptive Cybersecurity Services" would be available through the list, called General Services Administration IT Schedule 70.

GSA issued the market research survey to receive feedback and learn how contractors currently listed on Schedule 70 have been selling their cyber help.

GSA expects that providing agencies a single menu of options will better reflect the present marketplace and the government's needs, plus minimize costs. The line item also should allow IT contractors already on Schedule 70 "to more easily differentiate cybersecurity services from other IT offerings," the market research questionnaire states.  

The government anticipates "proactive services" would include identifying legitimate IT assets that are on your network, scanning for security vulnerabilities, and testing employees' reflexes to fraudulent "phishing" emails. The preventive measures also consist of web application assessments and hunts to spot undetected adversaries or breaches. 

The proposed "reactive services" essentially are emergency response services, like determining the extent of a breach, kicking the bad guys out of the system, and restoring the network.

The "remediation services" might include technical support for security controls, system updates, or architectural improvements to fix the problems found during proactive or reactionary network evaluations.

The Highly Adaptive Cybersecurity Services proposal traces its origins to high-profile hacks at the Postal Service, White House, State Department and Office of Personnel Management, among other agencies.

In February, Obama released a $19 billion Cybersecurity National Action Plan that, along with other things, called for GSA to create contracting services that would allow agencies to buy a common set of incident response, penetration testing and hacker-hunting services from top commercial companies.

“The truth is that no matter how good that we get, we will never stop 100 percent of all intrusions,” so the initiative includes incident response elements, White House cyber czar Michael Daniel said at the time.

The national cyber agenda subsumed an earlier, fall 2015 Cybersecurity Strategy and Implementation Plan that, similarly, required GSA to research contract options and establish a way for agencies to fast-track incident response deals.

"GSA believes the cybersecurity services market is sufficiently mature for this [new contract category] to attract both industry partners and government buyers," agency officials said in the new request for information.

NextGov

« British Companies Buy Bitcoins As Ransom Money
The Secret History of Cyber War »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

RSA Conference

RSA Conference

RSA Conference conducts information security events around the globe that connect you to industry leaders and highly relevant information.

KnowBe4

KnowBe4

KnowBe4 is an integrated platform for security awareness training combined with simulated phishing attacks.

Aeriandi

Aeriandi

Aeriandi is a leading provider of hosted PCI security compliance solutions for call centres, trusted by high street banks and major Telcos.

Thermo Systems

Thermo Systems

Thermo Systems is a design-build control systems engineering and construction firm. Capabilties include industrial control system cybersecurity.

ACI Solutions

ACI Solutions

ACI Solutions is a managed IT services and network security provider working with diverse global commercial, government and public sector clients.

Pindrop Security

Pindrop Security

Pindrop solutions are leading the way to the future of voice by establishing the standard for security, identity, and trust for every voice interaction.

Digital Innovation Hub Slovenia (DIH)

Digital Innovation Hub Slovenia (DIH)

DIH Slovenia is a central hub providing services to grow digital competencies in areas including robotics, IoT, cyberphysical systems and cybersecurity.

Forum of Incident Response & Security Teams (FIRST)

Forum of Incident Response & Security Teams (FIRST)

FIRST is the global Forum of Incident Response and Security Teams.

Infosec Partners

Infosec Partners

Whether you’re looking for complete managed security or an on-call expert advisor, we offer a range of managed security services to complement your internal team or primary outsource partner.

Acceptto

Acceptto

Acceptto offers the first unified and continuous authentication identity access platform with No-Password.

Secured Communications

Secured Communications

Secured Communications has developed the only unified secure communications platform trusted by public safety and counter terrorism professionals around the world.

Path Forward IT

Path Forward IT

Path Forward IT has been troubleshooting, architecting, migrating, protecting, and securing IT environments for businesses across the USA since 2002.

N-able

N-able

N-Able deliver simple and sophisticated monitoring, security, and business solutions that empower you to solve your toughest IT challenges.

Feroot Security

Feroot Security

Feroot Security secures client-side web applications so that businesses can deliver a flawless user experience to their customers. Our products help organizations protect their client-side surface.

Kriptos

Kriptos

Kriptos helps businesses improve their cybersecurity, risk, and compliance strategies by locating critical information through a technology that automatically classifies and labels documents using AI.

Lansweeper

Lansweeper

Lansweeper is an IT Asset Management platform provider helping businesses better understand, manage and protect their IT devices and network.