Cybersecurity

TSP Board Switches Tech Contractors

Maksim Kabakou/Shutterstock.com

The board that oversees the Thrift Savings Plan has tapped Science Applications International Corporation to manage TSP technology and record keeping over incumbent vendor Serco Inc., with a contract valued at up to $227 million for the next six years.

The award to SAIC came after both it and Serco experienced significant data breaches in 2011, exposing the personal information of military health care beneficiaries and current and retired civilian feds, including social security numbers and addresses.

Serco was among 130 companies to express an interest in the technology and enterprise support services, or TESS, contract, after solicitation documents were posted in January. The company was hit with a cyberattack  in July 2011 that led to “unauthorized access” to accounts of as many as 123,000 TSP participants and other recipients of TSP payments. Serco had partnered with IBM for its failed bid on the new TSP contract.

For months after Social Security numbers and other personal information of TSP participants were compromised through a Serco computer, neither Serco nor the Federal Retirement Thrift Investment Board were aware of the breach until the FBI informed the company in April 2012. Serco then told FRTIB, which publicly released news of the attack in May 2012.

The compromised machine resided on a Serco-owned network dedicated to TSP operation, and as of July 2013, there was no indication the intruders tried to divert funds or commit financial fraud. 

Alan HiIl, Serco’s senior vice president for corporate communications and government relations, portrayed the contractor and TSP as "the victims of a sophisticated and targeted cyberattack." When pressed, he acknowledged they could have taken more security precautions.

FRTIB beefed up its security requirements in the new contract. The board did not say whether the Serco breach was one of the reasons it chose SAIC.

SAIC and the Defense Department both face multiple lawsuits seeking $4.9 billion in damages related to the theft of backup computer tapes containing sensitive health information of 4.9 million TRICARE beneficiaries. The tapes were stolen from an employee's car in September 2011.

Arnold & Porter LLP of Washington and Reed Smith LLP, SAIC’s attorneys in the TRICARE cases, filed a motion to consolidate the eight cases, which were filed in four district courts, and to transfer the proceedings to the District Court for the District of Columbia.

In the last reported action in the TRICARE lawsuit, a May 31 hearing at the Judicial Panel on Multidistrict Litigation in Washington, SAIC lawyers argued for a trial in Washington while Ben Barnow, a Chicago lawyer representing TRICARE plaintiffs, argued for a trial in Texas. The SAIC lawyers said Washington was the logical place to hold the trial as most of the witnesses were in the immediate area. Barnow said 61 percent of the plaintifs were covered by the Texas suit. There has so far been no ruling on the venue.

Meanwhile, on Aug. 1, President Obama nominated Deborah Lee James, president of SAIC’s technology and engineering sector, as secretary of the Air Force.

The FRTIB contract with SAIC is for two base years with three options (two years, one year and one year) for a possible total of six years. The total potential contract value if all options are exercised is $224.5 million plus phase-in costs of $2.5 million. The phase-in period will begin Oct. 1, 2013, and contract performance will begin Feb. 1, 2014

Aliya Sternstein contributed to this story. 

(Image via Maksim Kabakou/Shutterstock.com)

Threatwatch Alert

Payment device infection

Payment Card Hacking Devices Found On Oregon ATMs

See threatwatch report

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
// September 19
X CLOSE Don't show again

Like us on Facebook