Zangardi: SOC optimizations on track at DHS

The solicitation for a single department-wide contract for SOC operations is coming soon, according to agency CIO.

TSA's Transportation Security Operations Center
 

TSA's Transportation Security Operations Center

The Department of Homeland Security's journey to simplify its complex network of Security Operations Centers (SOCs) around the country is picking up momentum, according to the agency's CIO.

"We spent a lot of time over the last two years looking at our SOCs," John Zangardi said in panel remarks at the Sept. 5 Billington Cybersecurity Summit in Washington, D.C.

SOCs are the nerve centers from where DHS assesses and defends its websites, apps, databases, data centers, networks and desktop computers from cyber intrusion and attacks. Most of the centers operate independently from each other.

"We have 17 SOCs," Zangardi said. "We started a long road here in a 'crawl, walk, run' strategy. We're beginning to get into our 'walk' phase."

The SOC operations consolidation, he added, is part of a wider DHS effort to simplify and amplify cybersecurity.  That effort involves contracting, operations and tools, such as Continuous Diagnostics and Mitigation (CDM).

Zangardi said the Secret Service has been developing the single multiple award contract that will provide a central pool of services from which all DHS SOCs can pick and choose. That vehicle will be out for bid in the coming weeks, he said: "Knock on wood, we'll have an RFP out this fall."

The August RFI for cybersecurity support said the coming solicitation would leverage DHS' EAGLE Next Generation IT contract for almost two dozen sets of services, from network and email monitoring to cyber incident response and staffing.

The agency, Zangardi said, has also been honing its SOC operations using the Defense Departments' Cyber Security Service Program to address DHS-specific needs.

DHS finished its first analysis using that process in June, at its SOC in Chandler, Ariz., he said. The center that supports the Transportation Security Administration will probably be done in December or January, he said.

That process will rope in as many CDM tools as possible, but not have a one-size-fits-all approach, Zangardi said. "The idea is not to have the same tools throughout all of DHS, because some of us have started on different paths. The real question is how do we integrate things and roll it up to the [CDM] dashboard to give us the insight into what's happening."