recommended reading

DISA awards major Army network maintenance contract to tainted company

Lisa S./

This story has been updated.

The Defense Information Systems Agency last week awarded the Red River Computer Co. a $578.2 million contract to maintain Cisco equipment in the Army’s networks. The contract covers one base year and four option years. The small New Hampshire computer company with approximately 80 employees will be responsible for the upkeep of 400,000 pieces of hardware and software.

In August 2011, the Red River Computer Co. paid a $2.3 million fine to resolve False Claims Act charges that it failed to provide contracted services to a number of federal agencies, including the Defense, Commerce and Interior departments as well as the Environmental Protection Agency and the General Services Administration. The FBI said at the time an investigation identified concerns with dozens of contracts Red River held with the government, including a small 2005 contract with the Army to provide the same kind of maintenance services covered by the DISA contract awarded June 28.

When DISA put out the contract for maintenance of Army Cisco network gear in May, it specified the use of Cisco's SMARTnet service, which includes live round-the-clock technical support, online self-help support and automatic software updates.

But in 2005, when the company previously was required to provide SMARTnet service to the Army, the FBI said Red River “did not complete registration of the service with Cisco and subsequently obtained a partial refund without reimbursing the Army.”

In September 2011, U.S. Attorney John Kacavas said former Red River president Breck Taylor “admitted that he arranged for Red River to enter into a contract in which the Army paid over $48,000 to obtain services for certain Cisco products at Fort Bragg. However, Red River did not register for all of the services and Taylor arranged for Red River to receive a refund. Taylor never told the Army about the refund and did not refund the money to the government.” According to DISA, the Army has spent more than $4.2 billion on Cisco network hardware and software during the past decade and the gear provides roughly 80 percent of the service’s routing and switching capability. The Red River maintenance contract will replace more than 5,000 existing Army Cisco maintenance contracts, DISA said.

The contract covers CISCO gear installed in networks operated by all active duty, reserve and National Guard units and in networks operated by the African, European and Southern Commands. The Army serves as executive agent for these commands and provides them with network services.

The contract documents for the SMARTnet procurement offered extraordinary insight into the relationship between the Army and its core network vendor, including a complete list of the company’s equipment installed in Army networks.

“The Army relies almost exclusively on the fully implemented Cisco software and hardware to provide its network routing and switching capability. To procure and rewrite applications to function with replacement products throughout the Army at this time would result in substantial work interruptions creating unnecessary obstacles, restraints and losses in efficiency,” DISA said.

This extends to the SMARTnet maintenance service, key to automatic, global distribution of software patches to configure equipment, control the flow of information, security protocols and updates to deal with new threats against Army networks, DISA said.

CISCO hardware cannot be legally patched without SMARTnet or the purchase of individual updates. If the Army did not have SMARTnet, it would not be able to apply security patches, creating “significant” security problems, DISA said.

DISA estimated that without SMARTnet it could cost the Army $150 billion to remediate a single network security compromise by requiring it to patch all 400,000 pieces of Cisco hardware on a piecemeal basis.

(Image via Lisa S. /

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.


When you download a report, your information may be shared with the underwriters of that document.