$1.5B DOD security deal in the works

The Defense Department this week plans to launch a $1.5 billion procurement for a wide range of information security services, including new efforts to defend critical DOD networks against the kind of attacks that recently locked up Yahoo, Amazon.com and other popular Web sites.

The Information Assurance Capabilities contract, managed through a Defense Information Systems Agency and National Security Agency joint program office, will replace contracts awarded in 1995 to Computer Sciences Corp., Science Applications International Corp. and Merdan Group Inc.

Although the new contract focuses on off-the-shelf security products and services, DOD also aims to use the contract to integrate its major networks and ensure that those networks remain secure and available around-the-clock.

"What we are really concerned about is the protection of the network from denial-of-service attacks," said Peter Paulson, chief of the Networks Division at DISA, speaking at the Federal Telecommunications Conference last week.

Senior DISA officials also have told industry that the contract's task areas, including a classified portion known as Task Area 5, "place a great deal of emphasis on network-based intrusion detection and recovery techniques and processes."

Despite increased interest in denial-of-service attacks, not everyone is convinced that the contract will be used to its full potential. The $2 billion Infosec Technical Services deal, which this contract will replace, fizzled in 1996 after only about $6 million in business.

At the time, officials blamed the contract's poor performance on lack of security funding and agencies' lack of commitment to security.

But that may be changing.

In a March 3 executive memorandum, the Clinton administration directed all agency and department heads to seek assistance from contractors with expertise in denial-of-service attacks. The administration also plans to enforce new governmentwide security policies as early as next year (see related story).