New DISA Contracts To Focus On Cell Phone Protection

The traditional cybersecurity structure of in-depth network protections is quickly crumbling into irrelevance as the network perimeter pushes out to wherever (the cloud) and whatever (laptops, tablets or mobile phones) users want to use to connect to the network. That makes the log-in screen on each individual device (or endpoint) the new perimeter against attackers, with both the military and commercial sectors working to secure that entry point. 

It’s a topic Acting DoD Chief Information Officer Dana Deasy has mentioned repeatedly in speeches and in testimony before House and Senate Armed Services Committees. 

“DOD requires robust end point solutions that are commercially-based, threat informed, and capable of: identifying what is on the network; ensuring the endpoints are secure and in compliance with enterprise standards; supporting real-time monitoring and near real-time response and remediation to threats; providing situational awareness to our network defenders; and, protecting the integrity and confidentiality of the data and information assets, enabling mission owner confidence in the information they are using,” Deasy said earlier this year.

Leading DoD’s efforts to improve that protection is the Defense Information Systems Agency (DISA), which  used its annual Forecast to Industry day to describe the contracts it will let in the 2020 timeframe to address endpoint and perimeter security. 

“In FY20, we’ll be focusing on machine learning capability, sharing threat intelligence information, and moving more to cloud-based technology and automation,” said Diane Phan, chief of DISA’s Endpoint Security Division, who described endpoint security as moving protections closer to the data that needs to be defended. 

The following section examines the RFPs and contracts that DISA expects to award next year (plus a couple expected in the following year) under the subject of endpoint security. 

Endpoint Security Integration: A single-award contract to address the integration of third-party endpoint security tools. The RFP is expected to be released by the second quarter of fiscal 2020, with a single award by the end of the fiscal year. Said Phan: “I need an integration service support contractor that can help integrate all these various capabilities. We’ll mainly focus on maintaining a baseline, interoperability testing, and (risk management framework) packages.”

Endpoint Detection and Response: This will provide a new endpoint security capability so cyber defenders can detect and investigate security incidents, automatically detect malicious system activities and behaviors, and support mitigation/remediation actions. The RFP is expected to be released the second quarter of fiscal 2020, with a single award several months later. 

Application Containment: Here DISA is looking for new endpoint security capabilities that can restrict execution of high-risk applications and computer processing activities to an isolated environment on the system. The RFP is expected to be released the second quarter of fiscal 2020, with a single award in the third quarter. Said Phan: “This is a capability identified as a capability gap in 2017 (along with endpoint detection and response). We operationalized a pilot of this capability in the FY18 timeframe and I’m ready to move forward (with) an acquisition at the enterprise level.” 

Comply to Connect: This will be a framework of tools and technologies organized to: restrict unauthorized device access; reduce known vulnerabilities; take action to detect, identify, characterize, report, and deter behaviors associated with malware or the unauthorized activities of users; and to maintain the networks security and its information resources. This is to be a multiple award contract that will incorporate various industry solutions, with awards in the third or fourth quarter of fiscal 2020. 

Secure Configuration Management (SCM) Development and Operations: This will address continued support, sustainment, and enhancement of existing SCM capabilities, and rapid implementation of new features, updates, and improvements, including redesign of some SCM capabilities. This will be a single award with RFP schedule for the third quarter of fiscal 2021 and an award in the beginning of fiscal 2022.

Enterprise Mission Assurance Support Service: This is designed to provide DoD users with a tool that identifies and reports risk related to endpoint devices. This is to be a single award with RFP in the fourth quarter 2021 and an award the first quarter of the next year.

Moving on from endpoints to perimeters, DISA’s Perimeter Defense Division serves as a primary layer of protection between Internet access points and the NIPRNet. It evaluates and assesses the security posture of the DoD Information Network to ensure that sufficient protection resides at the boundary, according to Malachi Outen, information systems security manager for the division.

It’s working hard on moving the SHARKSEER program from the National Security Agency to DISA. SHARKSEER detects and mitigates web-based Zero Day attacks (malware that infects systems before developers are able to patch the vulnerability) and advanced persistent threats using commercial off-the-shelf technology. Two vendors presently provide the government with COTS systems for Zero Day detection: FireEye and McAfee. 

An RFP for a single-award, full and open competition, is expected to be released in second quarter 2020 with an award in in the next quarter.

The Perimeter Defense Division’s other main program for next year is for web content filtering. 

Web Content Filtering (WCF): This program provides signature-based detection of malware, meaning that it flags infection based on code previously identified as being malware, and blocks malicious inbound and outbound traffic at the NIPRNet/Internet access points. This will be a single award under DISA Encore III contract (a  10-year, $17.5 billion contract that is the agency’s main vehicle for IT services). The RFP is scheduled for first quarter 2020 with award in the third quarter.