recommended reading

TSA Blacks Out ‘Mission’ of $56 Million Sole-Source Contract Without Cause

Nut Iamsupasit/

The Transportation Security Administration is awarding a $56 million short-term contract for a major technology project to SAIC, without competition and without naming the purpose of the system.

TSA officials in a July 3 redacted notice do not disclose the mission that the “mission scheduling and notification system,” or MSNS, supports. But the mission, the Federal Air Marshal Service, or FAMS, is easy to see on a government website intended to provide transparency into federal information technology spending. 

"FAMS MSNS is an automated system that," among other things, "determines allocation of Federal Air Marshals to flights, based on risk management strategy," as well as "reserves airline seating and hotels with airlines and hotels,” according to the IT Dashboard site.

Some critics of the agency’s counterterrorism efforts speculate this is an instance of TSA employees over-reaching their authority.  

“Given the lack of controls and rigor on secrecy and transparency -- somebody is essentially acting at random. Doing that it makes it seem like you’re important,” said Jim Harper, director of information policy studies at the Cato Institute, a libertarian think tank.

If operational security was the reason for erasing the Air Marshal references, the rest of the notice could undermine that goal.  The system’s attributes are provided in full. 

"This procurement provides the necessary hardware/software support services to develop operate and maintain the MSNS and Infrastructure System Support which allows the [REDACTED] to efficiently deploy and track [REDACTED] on missions aboard commercial aircraft throughout the world," the contract documents state.

"To effectively carry out its mission," the TSA IT program office "must be positioned to support a global workforce providing real-time electronic access to information while maintaining situational awareness over the civil aviation sector," the documents state. The system "helps support the underlying infrastructure on which operational and administrative support functions rely . . . the support is currently provided at over 26 locations through the US and is comprised of approximately 150 contractor personnel."

Some of the technical language in the two summaries is identical. The edited version reads: "This system capability is required to operate 24x7x365, with high availability (.99999)."  The unredacted website states: "Specific features include: - 24x7x365 support (at 99.9% and better availability) for all aspects of capability." Last week’s notice and the IT Dashboard cite SAIC as the contractor.

Harper said the digital application sounds like “the most expensive secretary ever,” adding that the deletion of the Air Marshal mentions “confounds the public oversight.”

In the notice, TSA officials stated they need SAIC to continue operating the "mission critical" system until a new contract vehicle, called EAGLE II, becomes available, because only that firm has the expertise to sustain the system "without degradation of service." 

The current work period ends July 15.  Once EAGLE II is ready, "the office of acquisition intends to begin the acquisition for the follow-on contract which will be competed through a competitive" process, TSA officials stated. "A source other than the incumbent, SAIC, would cause duplication and unnecessary cost for such a short term requirement that would not be covered through competition."

TSA officials said contracting personnel typically redact the words "Federal Air Marshal Service" any time they appear in a federal business document because of the sensitive nature of the marshals' work.

When officials submit spending information to the IT Dashboard, which can be months later, then the redactions are lifted, they added.

TSA Spokesman David Castelveter said the agency will "work to provide greater clarity in the future one these types of filings."

(Image via Nut Iamsupasit/

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security


When you download a report, your information may be shared with the underwriters of that document.