[ISN] VA awards cybersecurity contract

From: InfoSec News (isnat_private)
Date: Thu Aug 08 2002 - 23:27:24 PDT

  • Next message: InfoSec News: "[ISN] EEYE: Sun(TM) ONE / iPlanet Web Server 4.1 and 6.0 Remote Buffer Overflow"

    By Judi Hasson 
    Aug 8, 2002
    The Department of Veterans Affairs has awarded a $103 million contract 
    to a consortium of five small businesses to develop and manage its 
    response to cyberattacks - an innovative approach to deal with hackers 
    that could become a model for other federal agencies.
    Known as the VA Security Team (VAST), the consortium won the one-year 
    contract with 10 one-year add-ons for the VA's Computer Incident 
    Response Capability (VA-CIRC). The team, which began its work Aug. 1, 
    will be responsible for protecting the VA's entire network, including 
    hospitals, cemeteries, medical records and insurance.
    SecureInfo Corp., a San Antonio-based cybersecurity company that has 
    done similar work for the Defense Department, is leading the joint 
    venture to detect and respond to threats and real-time incidents 
    around the clock. 
    Other VAST members include:
    * Applied Engineering Management Corp., a software development firm.
    * DSD Laboratories Inc., a systems engineering firm.
    * Seidcon Inc., a company that specializes in certification and 
      accreditation of networks.
    * TeamBI Solutions Inc., a security knowledge management company.
    Other business partners include Compaq Computer Corp. - now merged
    with Hewlett-Packard Co. - which is providing hardware; Science
    Applications International Corp., handling long-distance support; and
    Signal Corp., which is providing telecommunications support.
    "We're the second-largest federal government computing enterprise. The
    magnitude of our enterprise alone makes it a target of malicious
    intent," said Bruce Brody, the VA's cybersecurity chief.
    The VA has long been a target of hackers. Since January, VA computer
    systems have blocked more than 2 million virus infection attempts. In
    the past, the agency has been criticized for its failure to deal with
    the problem.
    A private auditing firm that the VA's inspector general hired easily
    broke into computers at the agency "dozens of times," gaining total
    control of data, according to a report submitted to Congress in 2001.
    Security bugs plaguing the system have been known for at least five
    years, a period during which the VA has spent more than $5 billion on
    information technology. In March 2001, Brody was hired as the
    associate deputy assistant secretary for cybersecurity to fix the
    Brody said VAST would handle incident analysis, management and
    response for the VA's nationwide system that will include dealing with
    vulnerabilities and handling computer forensics.
    In addition, the consortium will handle managed security services
    nationwide that will be "mandatory for every hospital."
    "The VA is obviously serious about improving its cybersecurity and
    becoming a world-class system," said John Linton, SecureInfo's chief
    operating officer.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Fri Aug 09 2002 - 02:00:50 PDT