recommended reading

Bill would require Defense to explore new cybersecurity buys and tools

The Senate version of the fiscal 2011 Defense authorization bill scheduled to be released later this week will include funding for pilot programs that will explore new ways for Defense Department agencies and contractors to gain greater access to cybersecurity tools and services, according to sources from the Armed Services Committee.

Sen. Carl Levin, D-Mich., chairman, announced on May 28 that the committee completed the markup of its version of the Defense bill, which includes funding for projects that require the department to partner with industry to track cyber threats, speed the acquisition of cybersecurity products and services, and integrate information security tools from different software vendors so they function better with one another on agency networks.

The funding would add to the $10 million in the fiscal 2010 supplemental appropriations bill the Senate passed on May 27 for the Defense and Homeland Security departments to conduct cybersecurity pilots, said committee staffers.

"The language in the supplement is fairly broad, giving a lot of discretion for the [Office of the Secretary of Defense] to define what cybersecurity pilots can be done," said one staffer. "We have similar language in the armed services bill, but we also talk about more specific projects."

The first of those projects would be conducted in partnership with DHS, which would lead development of a consortium of major telecommunications companies and Internet service providers that could offer visibility into global networks and give early warnings of potential cyberattacks against federal computer systems.

"If you add up the percentage of the world's traffic that the top 10 [telecommunications companies] see, it's a large percentage," the staffer said. "By combining [that visibility], and figuring out ways to share information in real time with automated tools, you could get a nice picture of what's happening."

A related program would explore ways that Defense could enter into contracts with one or more telecommunications companies to provide managed network security services to its industrial base. A military contractor could outsource security services to a company, which then would monitor the traffic flowing in and out of designated networks.

Two other programs in the bill would seek ways to improve how the department acquires and deploys cybersecurity tools. The first would explore more innovative and less onerous procurement models that Defense could use to quickly acquire the cyber tools and capabilities needed to respond to urgent threats against federal networks. The second would create a framework based on open standards that would integrate security tools from different vendors onto a single platform.

"The idea is to take a building block approach that allows any vendor to come in and integrate their tool into this standards-based framework," said the staffer, who pointed to the Security Content Automation Protocol, which tests computer networks and tools for compliance with a range of security standards, as a model for a framework.

The House version of the authorization bill, which passed on Friday, also charges Defense to explore new ways to address cybersecurity requirements by conducting a pilot program to test how computer security features can be built in to information systems during the development process. The bill would provide $5 million for the program, which would run until October 2015 and require the Defense secretary to submit an annual report on its progress to Congress.

Also in the House bill is a requirement for Defense to assess potential ways that modeling and simulation tools can be used to identify network vulnerabilities and deter malicious activities. The bill requires the Defense secretary to submit to the House and Senate Armed Services committees by Jan. 1, 2012, recommendations on how the tools could be used to strengthen cybersecurity.

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • It’s Time for the Federal Government to Embrace Wireless and Mobility

    The United States has turned a corner on the adoption of mobile phones, tablets and other smart devices, outpacing traditional desktop and laptop sales by a wide margin. This issue brief discusses the state of wireless and mobility in federal government and outlines why now is the time to embrace these technologies in government.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • A New Security Architecture for Federal Networks

    Federal government networks are under constant attack, and the number of those attacks is increasing. This issue brief discusses today's threats and a new model for the future.

  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

  • Software-Defined Networking

    So many demands are being placed on federal information technology networks, which must handle vast amounts of data, accommodate voice and video, and cope with a multitude of highly connected devices while keeping government information secure from cyber threats. This issue brief discusses the state of SDN in the federal government and the path forward.

  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.


When you download a report, your information may be shared with the underwriters of that document.