VA awards cybersecurity contract

[InfoSec News <isn () c4i org>]

http://www.fcw.com/fcw/articles/2002/0805/web-va-08-08-02.asp

By Judi Hasson 
Aug 8, 2002

The Department of Veterans Affairs has awarded a $103 million contract 
to a consortium of five small businesses to develop and manage its 
response to cyberattacks - an innovative approach to deal with hackers 
that could become a model for other federal agencies.

Known as the VA Security Team (VAST), the consortium won the one-year 
contract with 10 one-year add-ons for the VA's Computer Incident 
Response Capability (VA-CIRC). The team, which began its work Aug. 1, 
will be responsible for protecting the VA's entire network, including 
hospitals, cemeteries, medical records and insurance.

SecureInfo Corp., a San Antonio-based cybersecurity company that has 
done similar work for the Defense Department, is leading the joint 
venture to detect and respond to threats and real-time incidents 
around the clock. 

Other VAST members include:

* Applied Engineering Management Corp., a software development firm.

* DSD Laboratories Inc., a systems engineering firm.

* Seidcon Inc., a company that specializes in certification and 
  accreditation of networks.

* TeamBI Solutions Inc., a security knowledge management company.

Other business partners include Compaq Computer Corp. - now merged
with Hewlett-Packard Co. - which is providing hardware; Science
Applications International Corp., handling long-distance support; and
Signal Corp., which is providing telecommunications support.

"We're the second-largest federal government computing enterprise. The
magnitude of our enterprise alone makes it a target of malicious
intent," said Bruce Brody, the VA's cybersecurity chief.

The VA has long been a target of hackers. Since January, VA computer
systems have blocked more than 2 million virus infection attempts. In
the past, the agency has been criticized for its failure to deal with
the problem.

A private auditing firm that the VA's inspector general hired easily
broke into computers at the agency "dozens of times," gaining total
control of data, according to a report submitted to Congress in 2001.

Security bugs plaguing the system have been known for at least five
years, a period during which the VA has spent more than $5 billion on
information technology. In March 2001, Brody was hired as the
associate deputy assistant secretary for cybersecurity to fix the
problem.

Brody said VAST would handle incident analysis, management and
response for the VA's nationwide system that will include dealing with
vulnerabilities and handling computer forensics.

In addition, the consortium will handle managed security services
nationwide that will be "mandatory for every hospital."

"The VA is obviously serious about improving its cybersecurity and
becoming a world-class system," said John Linton, SecureInfo's chief
operating officer.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.