Security Industry Vies for Federal Network Monitoring Contracts
The push to improve security at federal agencies could mean as much as $6 billion for security firms that win the coveted contracts.The U.S. government's push to improve the security of its civilian, intelligence and military agencies has attracted enormous interest from the security industry, with almost two dozen teams of companies competing for a piece of a $6 billion budget over the next five years for deploying systems that will continuously monitor the security status of networks and systems. In 2010, the U.S. Congress updated the Federal Information Security Management Act, or FISMA, requiring that federal agencies move away from annual compliance and toward monitoring their security status on a daily, or continuous, basis. In December, the U.S. Department of Homeland Security issued a request for quote (RFQ) for companies to bid on building a subset of monitoring features, known as the continuous diagnostics and mitigation (CDM) project, that focus on discovering and managing hardware and software assets, patches and vulnerabilities. At stake is about $170 million set aside for the project in the federal budget. "This is a must win for all these companies, because it is the first wave of what could be a $6 billion program," said Niels Jensen, regional vice president for federal services at ForeScout Technologies, a maker of network access control (NAC) systems.
Following regular breaches of federal agency networks and less than impressive grades on the annual FISMA report card, Congress decided to put the Department of Homeland Security on notice for the move to continuous monitoring because civilian agencies were having trouble selecting and deploying appropriate solutions.