GSA revises proposal for cyberalert system

Federal Computer Incident Response Capability

The General Services Administration has taken the first step toward putting

in place a contract to enhance the government's ability to detect and share

information about computer system intrusions.

The GSA Federal Technology Service's Office of Information Security

this month released a draft request for proposals for the Enhanced Intrusion

Detection Capability (EIDC). It is based on the relatively new commercial

offering of managed security services, where a vendor performs the daily

monitoring of agencies' intrusion-detection systems.

The EIDC will become a basic part of the services offered by GSA's Federal

Computer Incident Response Capability, the civilian government's cybersecurity

warning and response center, said a GSA official. It will collect and analyze

information from each agency that signs up under the contract and then pull

that information together at FedCIRC to produce a governmentwide picture

of intrusions.

"The intended EIDC solution(s) will improve federal computer security

across U.S. government agencies and in the process will provide the federal

civilian government its first integrated line of defense against computer

intrusions," the draft states.

The draft relies more on commercial products than new government capabilities

such as the Federal Intrusion Detection Network, which EIDC is intended

to replace, vendors said.

"It just seems to focus much more clearly on managed security services

rather than a hybrid as before," said Richard Smith, vice president of federal

operations at Internet Security Systems Inc., an intrusion-detection solutions

company.

GSA sent the draft only to vendors on the Safeguard security contract,

not to the entire vendor community. GSA awarded Safeguard to provide security

packages for agencies trying to comply with Presidential Decision Directive

63, which requires agencies to secure systems critical to national security.