Federal Friday: Weekly Recap 7.26.13

Blog Post created by jschim Employee on Jul 26, 2013

Ah, summer in New England… From a new record high last week of 99 degrees during our company picnic, to a balmy 58 degrees when I woke up this morning. Drastic change in the weather is almost a daily occurrence for us hearty, chowder eating New Englanders.


Change is also coming to much federal, state, and local agencies look to ramp up or enhance their current security programs by aggregating a lot of the open market tools and streamlining the purchasing process. The Department of Homeland Security (DHS) is in the works, creating a new hub for these government groups to purchase software by utilizing up to 5 contractors. Dozens of these contractors responded to the bid, with the contract being ultimately awarded by the General Services Administration (GSA). The program will be managed by DHS with these contracts maximum value to be around $6 billion.


This program, currently being dubbed the Continuous Diagnostic and Monitoring program, could begin awarding contracts as early as this month, there are still some growing pains to get through. While DHS cannot force agencies to utilize this program, they will be able to provide an easier avenue for agencies to make critical security purchases. Consistent products, price points, and an increase in the speed in which these purchases are made will be ideal for smaller agencies in particular. This will be strategically significant for civilian government agencies but will also provide value for larger organizations such as the DoD and intelligence agencies.


As expected 4 of the largest contracting firms, along with dozens of smaller firms, have placed bids for the program. Lockheed Martin has bid to become a prime (direct) contractor, but Northrop Grumman, SAIC and CSC all have as well. Given the close ties these organizations have with all the federal agencies, this plays into the other aspect of this program, which involves the sharing of information.


Cyber threat intelligence sharing between civilian and government agencies is crucial to keep defenses up to date on the types of attacks that organizations are experiencing and the tools they are using to effectively manage these threats. This is a large part of a controversial bill, H.R.624: Cyber Intelligence Sharing and Protections Act (CISPA), that passed in the House back in April. The goal of this bill is to remove the legal barriers to allow federal agencies to share classified cyber threat information with the private sector. This bill also allows private institutions to share this threat intelligence with one another, as well as with the federal government, on a voluntary basis. You read more on the new DHS program here.


In another big piece of DHS news this week, Einstein 3 went live on Wednesday July, 24th. I’ve touched briefly on the Einstein program before, but in short, this is an effort spear-headed by DHS to help automate security among federal agencies. Version one focused on network flow information of the participating agencies so that potential malicious activity could be identified and tracked. The second iteration focused on threat detection based on the unique signature of known or suspected threats. Einstein 3 focuses its efforts on malware, which is much needed as malware is still a major factor in breaches. In a May 2013 white paper titled the “8 Most Common Causes of Data Breaches,” put out by InformationWeek, malware is listed as the 3rd most common cause. The fact that this is still so high on their list is telling considering the amount of emphasis put into antivirus software for the past decade.


Einstein 3 will not just detect instances of malware, but will go a giant step further by actually stopping malicious traffic before it has time to damage the network. These threats will be identified by indicators that have been developed specifically for ISPs by the DHS Office of Cybersecurity and Communications. Agencies can authorize DHS to utilize “intrusion prevention capabilities,” though the service providers. In order for these ISPs to offer intrusion protection, they must fully segment the .gov traffic within their network for proper analysis. On the outbound traffic side they will be able to prevent .gov traffic from communicating with suspicious domains and filter them to safe servers. With the other instances of Einstein standing their respective ground the hope here is that Einstein 3 will follow suit. To read more on Einstein 3 you can do so here.


Finally this week I want to briefly touch on our upcoming UNITED Security Summit here in Boston August 19th-21st. I know it is a tough budget year, especially for conferences. If you do have any interest, and happen to be a current customer, we do have specific pricing for our federal friends. We have a lot of great speakers this year, including an opening keynote by Hugh Thompson on “The Plateau Effect” and a closing keynote on big data by Nate Silver. This is a tremendous opportunity to interact with a cross-section of the Rapid7 team from your account manager or rep to folks from the product and engineering teams, and of course our executive team. Should you have any interest, please feel free to email your account manager or sales rep. You can go to the UNITED Security Summit site directly to read about the additional speakers and offerings, such as our Wicked Smaht Bah, here.