How does the government buy its cybersecurity?


The federal government is emphasizing cybersecurity regulation, education, and defense strategy this year.

People now understand the importance of network security, but most people do not understand how the US government positions and selects companies that will protect its infrastructure.

In 2020, ransomware attacks increase and affect various industries. Although healthcare and education institutions are the most frequently attacked sectors, cybercriminals still target and exploit vulnerable organizations in other sectors. This trend has stayed in sync this year, and analysts predict that it will worsen over time.

However, due to the dramatic increase in ransomware attacks and the recent SolarWinds attack, law enforcement agencies, government officials, and policy makers have focused their attention on two areas:

  1. This year emphasizes cybersecurity supervision, education and national defense strategy.
  2. Pay more attention to network security expenditures.

As a result, many network security companies flock to government departments.

The prevalence of U.S. cyber attacks
In 2020, the United States suffered 120 major cyber attacks. In the first three months of 2021, the country suffered 30 major cyber attacks. Most of the parties involved are federal agencies, defense companies, and high-tech companies. The average cost of a cyber attack is $1.1 million, and downtime is another painful cost of being hacked.

Unfortunately, the world is now in a new form of war, in which the enemy has infiltrated many countries, and the degree of close cooperation of the enemy is hardly understood.

How the U.S. government responded
The US government has just confirmed its ongoing struggle with powerful authoritarian opponents (China, Russia, etc.). Once it understands the nuances of the targets the attackers cause harm to the United States, it is possible to engage in active defense.

The US government implemented a defensive action plan this year to respond to increasing cyber threats. The 2021 National Defense Authorization Act (NDAA) was signed into law on January 1, 2021. The bill contains 77 cyber security regulations and $740 billion in military funding.

In addition, some provisions aim to enhance offensive and defensive cybersecurity capabilities by strengthening the national cybersecurity system. The defense plan is not enough to defeat a well-funded, powerful, skilled and hostile adversary.

The more decisive approach (with mandatory elements) is the moral dilemma of the US government, which has made mistakes in caution. If you adopt a tough attitude that may involve intimidation, it is still possible that opponents such as China or Russia will participate in the discussion.

Fight cyber warfare with the army of cyber contractors
Network services help fight network warfare. There are many network contractors who can help ensure the safety of businesses and entities by focusing on security.

The government knows this and likes to use these companies anonymously. Therefore, it sometimes hires them to monitor sensitive items.

Category management: first-class network service
The General Services Administration (GSA) provides a wide range of cyber security products and services to help customers increase resilience and protect sensitive data.

Overall expenditure statistics
By 2020, the government is expected to spend US$1.1 billion on cybersecurity contracts. For example, the Department of Defense spent $551 million in 2020, and other federal agencies spent a total of $502 million. So, yes, the US government’s spending exceeded expectations.

GSA multiple reward plan: HACS SIN 54151HACS
The Highly Adaptive Cyber ​​Security Service (HACS) Special Project Number (SIN) was created for the Multiple Incentive Program (MAS) Information Technology Program. It provides federal agencies with seamless access to IT processes, solutions, and facilities. Therefore, public sector organizations must address possible weaknesses before affecting the system.

SIN 54151HAC provides various network security services in various disciplines. Such services include information assurance, secure web hosting and backup, virus detection, tactical awareness, disaster recovery, system monitoring, identity verification services, and security operations center (SOC) services.

There are a total of 359 GSA contractors in the HACS SIN category. A total of 18.9% are large companies and 81.1% are small companies. In addition, 86.4% are located in the Washington ring road area. The following is the total annual GSA sales related to the network:

  • 2020 fiscal year: $39,445,937
  • Fiscal year 2021: USD 24,438,092

GSA Network Contractor Selection Process
GSA HACS SIN has a large number of contractors, but how can they be considered qualified and trustworthy to enter this category? This is the process:

  1. The contractor decides which subcategories to add.
  • High value asset (HVA) assessment
  • Risk and vulnerability assessment
  • Penetration test
  • Incident response
  • Cyber ​​hunting
  • The contractor must participate in an oral technical evaluation conducted by the Technical Evaluation Board (TEB). The contractor must identify up to five key personnel by name and contact with the offeror, who will ask questions during the oral technical assessment. The contractor will evaluate based on its knowledge of the proposed service. The oral technical assessment will require the offeror to answer specific scenarios and general questions in order to assess the offeror’s expertise.
  • The network expert team then decides whether the contractor is acceptable or unacceptable.
  • If “acceptable”, the contractor can submit a modification to the GSA contract to add the labor category under Cyber​​​​​​​​​​​​​​​
  • More details about the process can be found here.

    in conclusion
    As the US government embraces modernization, its security becomes vulnerable to cyber attacks. This has become apparent in recent years. Where IT infrastructure has increased, cyber attacks have increased at almost the same rate.

    Through cyber security measures, it has become easier to respond to changes. The government is taking an offensive approach through diplomacy and a defensive approach through cyber security contractors. As a result, the procurement process quickly adapted, such as the GSA Schedule plan and the Department of Defense plan.

    Josh Ladick is the President of GSA Focus, Inc. and has more than 13 years of experience in GSA contracts and government contracts.I use simple terms that anyone can understand to explain the complex GSA and FAR terms, and let government contractors understand… View full bio

    Recommended reading:

    More insights

    Related Articles

    Back to top button