The emerging Pentagon division that coordinates military cybersecurity and cyberattacks is asking private contractors to help finish standing up the Cyber Command. Among the tasks to be assigned under a request for proposals issued Thursday are support for eavesdropping to detect threats and assistance with repelling hacks equivalent to an armed attack against the nation.
The potentially five-year contract is capped at $475 million and covers nearly 20 task areas, according to the new performance work statement.
This is the second federal effort in a week to outsource cyber work, at a time when civilian and military agencies are hurting for experienced and talented computer whizzes. The FBI plans to contract out professional, management and support services for up to $100 million, according to a request for proposals synopsis posted April 21.
The Pentagon's business move is intended to build out the so-called Cyber National Mission Force, according to Thursday’s solicitation. The contract is designed to "to streamline USCYBERCOM’s acquisition of cyber mission support capabilities and services, information technology services, and cyber professional services" across multiple disciplines "under a centralized structure."
Companies chosen for the project will compete for the following task orders:
- Knowledge management
- Records management
- Cyber operations
- Science and technology/research and development
- Cyber-focused training
- Cyber exercise
- International and domestic engagements
- Integrated technology support
- Cybersecurity (previously called "information assurance")
- Project analysis
- Program Management
- All-source intelligence
- Business process re-engineering
- Strategy and policy and doctrine development
- Administrative support
The cyber operations category, a controversial and highly secretive Cyber Command duty, involves synchronizing "offensive cyber operations," or hacks against adversary networks. The "contractor shall assist in providing maneuver, fires and effects through the application of capabilities in and through the cyber domain,” the solicitation states. Professionals tasked to this area also will help defend and run military networks.
The Cyber National Mission Force comprises three types of teams, focused on defending military networks, aiding troops worldwide with offensive maneuvers and deflecting hacks against U.S. organizations.
The Defense Department last week updated a 2011 cybersecurity strategy, in part, to formalize the goals and operations of the three types of teams. The new Pentagon cyber strategy envisions 133 teams, including support teams, in place by 2018.
Cyber Command is not expected to be fully operational until then and currently is roughly half-staffed.
Proposals from companies interested in working on the contract are due May 30.
One portion of the multiyear job will concentrate on creating new tools to defend and fight in cyberspace. The contractor will "test innovative technology" for "cyberspace offensive and defensive capabilities," including, among other things, evaluating sensor systems and investigating "physical science phenomena,” the solicitation states.
Defense Secretary Ash Carter unveiled the new cyber strategy last Thursday before an audience of students and Silicon Valley entrepreneurs at Stanford University. Invention is key to the cybersecurity, an area where attackers constantly outsmart the defenders.
"We're going to be increasing our fundamental research and development," with established companies and startups, Carter said. "So that together, we can create cyber capabilities that not only help DOD, but can also spin off into the wider U.S. marketplace."
Separately, contractors will facilitate training by, among other things, helping develop curricula, certification standards, and tests.
"Our cyber strategy starts with our people -- its first strategic goal is building and training our Cyber Mission Forces,” Carter said last week.
Cyber exercise contractors will help lead three capture the flag events a year with up to 400 players; five cyber guard competitions consisting of up to 300 participants; and 25 smaller table top exercises. In addition, there will be three cyber wargames, each bringing together about 150 individuals.
Project analysts and program management contractors will ensure long-term efforts do not go over budget and do not fall behind schedule.
In addition, there are assignments for industry cyberspies.
These contractors will conduct "targeting, imagery analysis, signals intelligence analysis, joint intelligence preparation of the battle space and crisis planning to standing and deployed cyberspace forces engaged in operations,” the solicitation states.
The goal here is to weed out cyber threat indicators and disseminate warnings and predictions to partners. The contractor will be "maintaining all source databases," as well as "using multiple source intelligence tools to perform all source threat force analysis,” according to the work order.
Hired hands also will help write Defensewide and governmentwide cyber policies -- maybe even the next big cyber strategy. These doctrines will guide the military services, CYBERCOM and civilian agencies. The contractors will sit on "boards, committees and working groups with DOD and interagency partners on matters related to cyberspace strategy, policy and doctrine."