recommended reading

Commerce to run cybersecurity lab in the cloud

This story has been updated.

The federal government and the state of Maryland plan to jointly operate a new cybersecurity laboratory in the cloud and demonstrate the lab's successful findings through social media and mobile apps, according to the Commerce Department.

The National Cybersecurity Center of Excellence is expected to be physically located in Montgomery County, Md., near the National Institute of Standards and Technology's Gaithersburg headquarters, but it will rely on hardware and software based at remote computer centers in the cloud. The facility will be a place where NIST scientists, industry developers and academic researchers can come together and test security applications for workplace and personal computers, government officials announced in February.

The center, funded at $10 million for 2012, doesn't have a building yet, but Commerce already is looking for a contractor to network the location during a three-year period, according to a March 27 market survey for interested vendors. The goal of the public-private venture is to experiment with various tools and techniques -- use cases -- so department officials want to rent hardware and software as they need it, instead of purchasing products they will use only temporarily.

"Since use-case builds will be nonpermanent, the support contractor shall research and recommend cloud service providers and services" that can support multiple, ongoing demos, the survey stated.

The chosen contractor will provide on-site networking and advise the government on which cloud services to purchase.

Lab participants will use social media to keep U.S. computer and smartphone users apprised of effective products, such as, for example, software and strategies for isolating work data from personal data on iPads. This public outreach will be conducted through a blog, wiki and news feeds, according to draft work requirements. On Friday, NIST spokeswoman Jennifer Huergo said the messages and apps may also deliver the actual cybersecurity products.

Contractors will have to simultaneously copy or "port and mirror" all the interactive tools to an off-site cloud that uses the same underlying technology and security capabilities, the document stated. Huergo said the purpose of maintaining the multimedia internally as well as in the cloud is to back up the data, as well as ensure the content is accessible to multiple audiences and aligns with the Obama administration's cloud adoption strategy.

The information technology backbone for the physical lab will include switches, routers, security and desktops, according to officials. This in-house IT also must support center personnel who are using mobile devices and telework stations. The government will hire about 20 permanent employees for the center, as well as guest engineers.

Commerce was still determining where to situate the lab at the time the work requirements were written. The start date for the project depends on availability of office space, the notice stated.

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security


When you download a report, your information may be shared with the underwriters of that document.