Booz-Allen nabs $200M info assurance pact

Booz-Allen & Hamilton Inc. last week won a contract potentially worth $200 million to staff and operate the Defense Department's Information Assurance Technology Analysis Center, the focal point of the department's information assurance initiatives.

IATAC, part of the Defense Technical Information Center (DTIC), will act as the central point of contact for three existing Information Analysis Centers (IACs) that conduct scientific and technical research on information assurance technologies and critical infrastructure vulnerabilities. The products they generate will be used to develop governmentwide defenses against information warfare attacks.

Under the 10-year contract, Booz-Allen will provide a core staff of up to 17 people to field requests for information from the services and other DOD organizations and will manage IATAC's resources and databases, which will be housed at the contractor's facility.

IATAC "is a collaborative process and a virtual institution combining the expertise of three standing IACs," said Don Vincent, Booz-Allen's vice president and senior program officer for IATAC.

In addition to DTIC, other project sponsors include the Office of the Director of Defense Research and Engineering, the Office of the Assistant Secretary of Defense for Command, Control, Communications and Intelligence, the Defense Information Systems Agency and the Joint Staff. IATAC is one of 13 centers operated and funded under DTIC.

"The IACs are chartered in areas of high importance to the Department of Defense," said Paul Ryan, deputy administrator for DTIC. They were established to study and "address information warfare attacks on critical infrastructure and systems."

The scientific and technical information collected by IATAC will be stored in classified and unclassified databases, allowing other government agencies to tap into the information, said a spokesman for the Office of the Secretary of Defense.

"When a hole is discovered, we want everybody in the government to know about it as soon as the guy who discovered it does," according to the spokesman.

Mike McConnal, Booz-Allen's senior technical officer for the program and a former director of the National Security Agency, said the concept of information assurance and establishing an IATAC "is an idea that has matured and one whose time has come."

The first phase of establishing the IATAC will deal with collecting and distributing information assurance data and is expected to cost at least $1.2 million annually, according to the OSD spokesman. Over the past 18 months, $17 million has been spent on information assurance services.

The second phase, known as the task phase, will deal with taking requests from the military services and other civilian agencies concerning methods of conducting information assurance operations and identifying risks and gaps in their network security infrastructure.

IATAC also will issue independent studies and analyses on information assurance experiments for use by government organizations.

Requests from the military services or civilian agencies that require considerable effort, such as laboratory work, field testing or other experimenting, will be handled on a fee-for-service basis, which could cost agencies as much as $100,000, Ryan said.

A technical report is the final deliverable that is required when a service makes a request for information, Ryan said, and the technical report is the primary vehicle by which information regarding security holes and problems is shared throughout the government. But "if somebody has a very basic request, they can pick up the phone and call us," he said.