recommended reading

TSP Board Switches Tech Contractors

Maksim Kabakou/

The board that oversees the Thrift Savings Plan has tapped Science Applications International Corporation to manage TSP technology and record keeping over incumbent vendor Serco Inc., with a contract valued at up to $227 million for the next six years.

The award to SAIC came after both it and Serco experienced significant data breaches in 2011, exposing the personal information of military health care beneficiaries and current and retired civilian feds, including social security numbers and addresses.

Serco was among 130 companies to express an interest in the technology and enterprise support services, or TESS, contract, after solicitation documents were posted in January. The company was hit with a cyberattack  in July 2011 that led to “unauthorized access” to accounts of as many as 123,000 TSP participants and other recipients of TSP payments. Serco had partnered with IBM for its failed bid on the new TSP contract.

For months after Social Security numbers and other personal information of TSP participants were compromised through a Serco computer, neither Serco nor the Federal Retirement Thrift Investment Board were aware of the breach until the FBI informed the company in April 2012. Serco then told FRTIB, which publicly released news of the attack in May 2012.

The compromised machine resided on a Serco-owned network dedicated to TSP operation, and as of July 2013, there was no indication the intruders tried to divert funds or commit financial fraud. 

Alan HiIl, Serco’s senior vice president for corporate communications and government relations, portrayed the contractor and TSP as "the victims of a sophisticated and targeted cyberattack." When pressed, he acknowledged they could have taken more security precautions.

FRTIB beefed up its security requirements in the new contract. The board did not say whether the Serco breach was one of the reasons it chose SAIC.

SAIC and the Defense Department both face multiple lawsuits seeking $4.9 billion in damages related to the theft of backup computer tapes containing sensitive health information of 4.9 million TRICARE beneficiaries. The tapes were stolen from an employee's car in September 2011.

Arnold & Porter LLP of Washington and Reed Smith LLP, SAIC’s attorneys in the TRICARE cases, filed a motion to consolidate the eight cases, which were filed in four district courts, and to transfer the proceedings to the District Court for the District of Columbia.

In the last reported action in the TRICARE lawsuit, a May 31 hearing at the Judicial Panel on Multidistrict Litigation in Washington, SAIC lawyers argued for a trial in Washington while Ben Barnow, a Chicago lawyer representing TRICARE plaintiffs, argued for a trial in Texas. The SAIC lawyers said Washington was the logical place to hold the trial as most of the witnesses were in the immediate area. Barnow said 61 percent of the plaintifs were covered by the Texas suit. There has so far been no ruling on the venue.

Meanwhile, on Aug. 1, President Obama nominated Deborah Lee James, president of SAIC’s technology and engineering sector, as secretary of the Air Force.

The FRTIB contract with SAIC is for two base years with three options (two years, one year and one year) for a possible total of six years. The total potential contract value if all options are exercised is $224.5 million plus phase-in costs of $2.5 million. The phase-in period will begin Oct. 1, 2013, and contract performance will begin Feb. 1, 2014

Aliya Sternstein contributed to this story. 

(Image via Maksim Kabakou/

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.


When you download a report, your information may be shared with the underwriters of that document.