recommended reading

Bill would require Defense to explore new cybersecurity buys and tools

The Senate version of the fiscal 2011 Defense authorization bill scheduled to be released later this week will include funding for pilot programs that will explore new ways for Defense Department agencies and contractors to gain greater access to cybersecurity tools and services, according to sources from the Armed Services Committee.

Sen. Carl Levin, D-Mich., chairman, announced on May 28 that the committee completed the markup of its version of the Defense bill, which includes funding for projects that require the department to partner with industry to track cyber threats, speed the acquisition of cybersecurity products and services, and integrate information security tools from different software vendors so they function better with one another on agency networks.

The funding would add to the $10 million in the fiscal 2010 supplemental appropriations bill the Senate passed on May 27 for the Defense and Homeland Security departments to conduct cybersecurity pilots, said committee staffers.

"The language in the supplement is fairly broad, giving a lot of discretion for the [Office of the Secretary of Defense] to define what cybersecurity pilots can be done," said one staffer. "We have similar language in the armed services bill, but we also talk about more specific projects."

The first of those projects would be conducted in partnership with DHS, which would lead development of a consortium of major telecommunications companies and Internet service providers that could offer visibility into global networks and give early warnings of potential cyberattacks against federal computer systems.

"If you add up the percentage of the world's traffic that the top 10 [telecommunications companies] see, it's a large percentage," the staffer said. "By combining [that visibility], and figuring out ways to share information in real time with automated tools, you could get a nice picture of what's happening."

A related program would explore ways that Defense could enter into contracts with one or more telecommunications companies to provide managed network security services to its industrial base. A military contractor could outsource security services to a company, which then would monitor the traffic flowing in and out of designated networks.

Two other programs in the bill would seek ways to improve how the department acquires and deploys cybersecurity tools. The first would explore more innovative and less onerous procurement models that Defense could use to quickly acquire the cyber tools and capabilities needed to respond to urgent threats against federal networks. The second would create a framework based on open standards that would integrate security tools from different vendors onto a single platform.

"The idea is to take a building block approach that allows any vendor to come in and integrate their tool into this standards-based framework," said the staffer, who pointed to the Security Content Automation Protocol, which tests computer networks and tools for compliance with a range of security standards, as a model for a framework.

The House version of the authorization bill, which passed on Friday, also charges Defense to explore new ways to address cybersecurity requirements by conducting a pilot program to test how computer security features can be built in to information systems during the development process. The bill would provide $5 million for the program, which would run until October 2015 and require the Defense secretary to submit an annual report on its progress to Congress.

Also in the House bill is a requirement for Defense to assess potential ways that modeling and simulation tools can be used to identify network vulnerabilities and deter malicious activities. The bill requires the Defense secretary to submit to the House and Senate Armed Services committees by Jan. 1, 2012, recommendations on how the tools could be used to strengthen cybersecurity.

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

    Download
  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

    Download
  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

    Download
  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

    Download
  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.

    Download

When you download a report, your information may be shared with the underwriters of that document.