A fund of up to $6 billion has been set aside by the US Department of Homeland Security (DHS) to build a central repository of security tools and expertise for government use.
The unclassified program is mainly aimed at civilian government, including federal, state and local level departments and agencies, but will be open to defense and intelligence agencies.
Bids to become major providers are likely to come from existing defense contracting giants, according to Bloomberg.
The plan is to put together a single pool of hardware, software and consultancy services from which agencies can pick what they need. The centralization should give economies of scale, and simplify the acquisition process for hard-pressed smaller agencies.
The program will cover a range of cyber security requirements in unclassified government networks, including hardening systems against breaches, internal scanning for potential malware infections and auditing systems and policies for compliance with regulations.
The cash will be split between up to five contractor firms, with big names already thought to have bid for work including Lockheed Martin and Northrop Grumman. Major US cyber security firms have also expressed interest in taking part.
As the scheme only covers unclassified networks, it seems unlikely that it will be used by Department of Defense or intelligence agencies, who will have to make their own arrangements.
Similar improvements are clearly much needed in the civil sphere too though, as amply demonstrated by last month’s revelations of farcical goings-on at the Economic Development Agency.
The body tasked “to lead the federal economic development agenda by promoting innovation and competitiveness” responded to a reported malware infection by trashing $170,000 worth of IT equipment, including blameless peripherals, only stopping when cash for secure disposal ran out.
A later investigation by the Office of Inspector General (OIG) found the malware warning received by the body was sparked by an infection at another agency in the same building, which had quietly mopped up the problem several weeks before the EDA frenzy kicked off.
There are more red faces in the State Department, with another recent report from the OIG castigating the department’s Bureau of Information Resource Management, Office of Information Assurance (IRM/IA).
The body, set up in 2002 to “address the information security requirements” at the State Department, is criticised on just about every possible level, including wasting funds and staff on unnecessary efforts, duplicating work done by other teams, mishandling certification processes, failing to properly manage or monitor spending, and failing to have a mission statement or to engage in strategic planning.
With problems like this emerging on a regular basis, it’s clear government needs all the help it can get when it comes to IT security.
Hopefully the shopping centre at the DHS will prove a useful tool to help smaller departments to address their needs efficiently and effectively.Follow @NakedSecurity