Sophos Cloud Optix
A fund of up to $6 billion has been set aside by the US Department of Homeland Security (DHS) to build a central repository of security tools and expertise for government use.
The unclassified program is mainly aimed at civilian government, including federal, state and local level departments and agencies, but will be open to defense and intelligence agencies.
Bids to become major providers are likely to come from existing defense contracting giants, according to Bloomberg.
The plan is to put together a single pool of hardware, software and consultancy services from which agencies can pick what they need. The centralization should give economies of scale, and simplify the acquisition process for hard-pressed smaller agencies.
The program will cover a range of cyber security requirements in unclassified government networks, including hardening systems against breaches, internal scanning for potential malware infections and auditing systems and policies for compliance with regulations.
The cash will be split between up to five contractor firms, with big names already thought to have bid for work including Lockheed Martin and Northrop Grumman. Major US cyber security firms have also expressed interest in taking part.
As the scheme only covers unclassified networks, it seems unlikely that it will be used by Department of Defense or intelligence agencies, who will have to make their own arrangements.
For many, this has become a priority in the wake of the PRISM debacle, with the NSA already having announced a shake-up in how they dole out access rights to their massive data pools.
Similar improvements are clearly much needed in the civil sphere too though, as amply demonstrated by last month’s revelations of farcical goings-on at the Economic Development Agency.
The body tasked “to lead the federal economic development agenda by promoting innovation and competitiveness” responded to a reported malware infection by trashing $170,000 worth of IT equipment, including blameless peripherals, only stopping when cash for secure disposal ran out.
A later investigation by the Office of Inspector General (OIG) found the malware warning received by the body was sparked by an infection at another agency in the same building, which had quietly mopped up the problem several weeks before the EDA frenzy kicked off.
There are more red faces in the State Department, with another recent report from the OIG castigating the department’s Bureau of Information Resource Management, Office of Information Assurance (IRM/IA).
The body, set up in 2002 to “address the information security requirements” at the State Department, is criticised on just about every possible level, including wasting funds and staff on unnecessary efforts, duplicating work done by other teams, mishandling certification processes, failing to properly manage or monitor spending, and failing to have a mission statement or to engage in strategic planning.
With problems like this emerging on a regular basis, it’s clear government needs all the help it can get when it comes to IT security.
Hopefully the shopping centre at the DHS will prove a useful tool to help smaller departments to address their needs efficiently and effectively.
Image of security button and wasted money courtesy of Shutterstock.
Centralization of anything under the Feds simply means that whatever incompetence typically afflicts their own operations will be spread out over a larger sphere of influence.
I'm sure the idea behind this is to make it easier for "civilian government, including federal, state and local level departments and agencies" to tighten security. But somehow, the idea of using a centralized pool of services recommended by a sibling agency of the NSA strikes me as being…er, inadvisable.
The desirability of a central pool of “security tools and expertise for government use” under the control of the DHS is one issue. Probably more pertinent is the widespread ignorance of IT security within government departments (in any country). First and foremost, awareness is required. If you can’t conceive of there being a problem, you’re not going to try and fix it … until it’s bitten you.
"With problems like this emerging on a regular basis, it's clear government needs all the help it can get when it comes to IT security."
The government needs to NOT have these wasteful departments. Then their IT security situation would be moot.
I hope this is not a private enterprise as this will lead to a lot of errors and people will get accused of all sorts of crimes not committed by the individual.
This entire spying situation has become ridiculous and Government needs to re-evaluate its position on spying on innocent people across the globe
"I hope this is not a private enterprise as this will lead to a lot of errors…"
…umm, the implication being what…that state bureaucracies are somehow less prone to errors and incompetence than private enterprise?
Wow. You might want to rethink that.
People are people; anyone can make mistakes. The difference between a proprietary administration of property and services (private enterprise) and a non-proprietary one (the state) is risk and responsibility. If a private company screws up, you can fire them and hire one of their competitors.
That makes them LESS prone to errors and incompetence. Their survival depends on not having you go elsewhere. You vote with your wallet. That's a pretty potent form of democracy.
The state gives you no such choice. It is a monopoly. On purpose. They "legally" eliminate all competition for the "services" they provide. You can't fire the IRS or the NSA when they screw up. They've got a lock on your life, your property, and your wallet whether you want them or not.
THAT's the problem, not private enterprise.
Sean I am sure you are right, at least with the IRS and the NSA your files do not become public unless you commit a crime but with private enterprise files can be lost to the public and yes errors can be made by both Public and Private which would you prefer, considering leaks happen from both sides.
I would rather see no one spy on anyone unless a crime is committed.
That unfortunately is not likely to happen as we all know.
Haven't Northrop and Lockheed have had their fighter jet plans stolen by the Chinese?
What qualifies them to be in charge of security? With the cuts in defense contracts, this is just another means to funnel billions of taxpayer money to the corporations that have their tentacles in the US government.