Defense Department officials are renewing some efforts in sharing cyber threat intelligence, including the recompete of a $26 million contract to support a defense industrial base cybersecurity information exchange.
The contract reissue comes after the Government Accountability Office determined that the Defense Information Systems Agency failed to adequately evaluate all proposals.
DISA originally issued the request for proposals last April and later awarded the contract to Fairfax, Va.-based Data Systems Analysts, Inc. Arlington, Va.-based Solers, Inc. protested the contract award under the premise that DISA contracting officials were not reasonable in their evaluation of DSA’s proposed pricing and costs, including unrealistic staffing levels. Solers also argued that DISA “unreasonably failed to assign its proposal strengths” in areas where Solers exceeded requirements in the RFP’s performance work statement.
DISA officials plan to amend the original solicitation and re-issue the RFP, according to a Nextgov report.
Under the contract, the selected company will provide services for DIBNet, “a web-based tool that enables program participants to exchange classified and unclassified cyber threat information on a daily basis,” according to the GAO report, which is dated Jan. 27 but was released March 7.
In September 2012 DISA awarded a $10 million contract to Booz Allen Hamilton to help develop DIBNet systems; in January DISA also issued Booz Allen a $4.7 million, sole-source award to extend their contract for up to six months.
DOD currently partners with a number of defense industrial base companies to voluntarily share cyber threat information on a regular basis. Officials in the past have touted the program as a model for public-private partnership in cyber defense, and other agencies are taking cues from the program to share cybersecurity-related data, including known threat signatures.
Last year’s executive order on cybersecurity expanded the Homeland Security Department’s Enhanced Cyber Services program, which aims to share cyber threat intelligence between the government and owners and operators of critical infrastructure. Information-sharing also is a key component of the National Institute of Standards and Technology’s cyber framework released last month.
In a March 7 appearance at Georgetown University in Washington, Gen. Keith Alexander, director of the National Security Agency and commander of U.S. Cyber Command, once again called for expanded threat-intelligence sharing.
“We have a lot of capabilities in our government that we ought to share, analogous to the way we share capabilities to defend our nation in physical space,” Alexander said, according to a DOD release. “If a bank is attacked by another nation-state [in cyberspace], our country shouldn’t say, ‘good luck with that.’ Because if the bank were attacked in physical space with missiles, we wouldn’t say, ‘you have to have your own missile defense system.’ In this space we have to figure out how that government-industry partnership will work.”
Echoing previous appeals for Congress to pass laws to catch up with technology, Alexander said that effective cyber information-sharing hinges on legislation.
“This is a team sport – not just NSA and Cyber Command. It’s DHS, FBI and many others,” he said. “The government has to work with industry. We have to have the [policies] and we’re working our way through, but the key thing we need is legislation.”