Cybersecurity

Filling in the blanks on GSA's cyber-response campus

Placeholder Image for Article Template

The General Services Administration's idea of combining some public-facing cyber incident response operations under a single multi-agency roof appeals to security experts, but success could hinge on how GSA fills in the blanks in its broad outline.

In early March, GSA Administrator Dan Tangherlini requested $35 million to begin planning the design of a civilian cyber campus that would co-locate cyber incident response teams from multiple civilian agencies, including the departments of Homeland Security and Justice.

In a March 4 conference call with reporters on the administration's fiscal 2015 budget, Tangherlini said the request aims to move those teams out of more than 600,000 square feet of leased office space in the Washington, D.C., area and consolidate them in a yet-to-be-identified federally owned building in the region.

The plan "is in the early stages," Tangherlini said, but money now being spent to support multiple cyber-incident response activities at separate agency offices could be reduced substantially if those operations housed together at a central campus. The plan would not be part of DHS's ongoing headquarters consolidation at the St. Elizabeth's campus in southeastern Washington, he added.

Tangherlini explained the $35 million allocation in the agency's Federal Buildings Fund construction and acquisition program was aimed at getting a sense of what consolidated cyber-incident response activities would look like and what kind of facilities consolidated teams would need, with an eye to where those operations might be housed.

He did not specify exactly which response operations within DHS and DoJ might be involved, however.

Both DHS and GSA both declined further comment on the idea, but GSA's budget proposal sheds a bit more light on the initial parameters of the plan. It names cyber-incident response operations within DHS's National Protection and Programs Directorate (NPPD) and the FBI as principal leads on the initiative. Other DHS components that might be involved, according to the budget documents, include the Office of Intelligence and Analysis and the Secret Service. The proposal also leaves room to allow civilian cyber protection efforts to co-locate at the facility.

Cybersecurity experts said such a consolidation could provide more cohesion and synergy to the current patchwork of public-facing cyber-incident response efforts.

Currently, companies large and small, as well as individuals, can contact a number of agencies to report cyberattacks, including the FBI's Internet Crime Complaint Center. The Secret Service has said it is often the first agency to learn of large breaches at banks and companies, sharing that information through its National Cybersecurity and Communications Integration Center, Information Sharing and Analysis Centers, Electronic Crime Task Forces and other means.

"The GSA's plan to physically bring together federal agencies' and private industry's cybersecurity incident response teams creates the necessary synergy to increase collaboration and efficiency for federal IT security," Brent Conran, McAffee's chief security officer, said in a statement to FCW.

Why co-locate?

According to GSA, the proposed cyber-response campus has the following overall goals:

  • Create a centralized, visible, civilian-led organization that presents a globally fused cyber capability.
  • Ensure scalability to accommodate future needs.
  • Promote secure collaboration while leveraging shared capabilities and infrastructure.
  • Enhance public-private cooperation with increased opportunities for collaboration.
  • Optimize federal capital, human and physical resources.
  • Develop a working environment to support the recruitment, development, and retention of best-in-class cyber professionals.

"I have experienced first-hand the positive benefits that this level of teamwork, coupled with accessing a variety of organizations for expertise, can realize," he said, noting that his company's operational risk management activities operate in a similar fashion. "McAfee employees work physically, and virtually, side-by-side with government agencies, law enforcement organizations and other stakeholders to ensure the collective security of their assets."

"Since this is in a GSA budget request, we naturally focus on what's proposed to be built," said Gus Coldabella, a former DHS deputy general counsel, now a litigation partner at Goodwin Procter, where he focuses on complex civil litigation and advises on national and homeland security law and policy. "But let's look at the big picture. ...This is not just about a campus. It's about promoting coordination, customer service and government responsiveness to cyberattacks."

"Having a cross-agency team under one roof can give victims a one-stop shop for working with the government. It can ensure we put the best team on the problem, whatever agencies they're from," he said. "And including the private sector allows quicker info sharing about what the bad guys are doing."

Tony Sager, former chief operating officer at the National Security Agency, told FCW at a recent cybersecurity event that while increased collaboration borne of proximity can be valuable, practical concerns can bring a tangle of complications. "Getting there is a problem," he said.

For instance, Sager noted, legacy IT systems supporting individual response operations would probably have to be accommodated. Some legacy IT support systems might have to be rebuilt or significantly adjusted to work with other systems in a combined environment.

About the Author

Mark Rockwell is a staff writer covering acquisition, procurement and homeland security. Contact him at mrockwell@fcw.com or follow him on Twitter at @MRockwell4.

The 2015 Federal 100

Meet 100 women and men who are doing great things in federal IT.

Featured

  • Shutterstock image (by venimo): e-learning concept image, digital content and online webinar icons.

    Can MOOCs make the grade for federal training?

    Massive open online courses can offer specialized IT instruction on a flexible schedule and on the cheap. That may not always mesh with government's preference for structure and certification, however.

  • Shutterstock image (by edel): graduation cap and diploma.

    Cybersecurity: 6 schools with the right stuff

    The federal government craves more cybersecurity professionals. These six schools are helping meet that demand.

  • Rick Holgate

    Holgate to depart ATF

    Former ACT president will take a job with Gartner, follow his spouse to Vienna, Austria.

  • Are VA techies slacking off on Yammer?

    A new IG report cites security and productivity concerns associated with employees' use of the popular online collaboration tool.

  • Shutterstock image: digital fingerprint, cyber crime.

    Exclusive: The OPM breach details you haven't seen

    An official timeline of the Office of Personnel Management breach obtained by FCW pinpoints the hackers’ calibrated extraction of data, and the government's step-by-step response.

  • Stephen Warren

    Deputy CIO Warren exits VA

    The onetime acting CIO at Veterans Affairs will be taking over CIO duties at the Office of the Comptroller of the Currency.

  • Shutterstock image: monitoring factors of healthcare.

    DOD awards massive health records contract

    Leidos, Accenture and Cerner pull off an unexpected win of the multi-billion-dollar Defense Healthcare Management System Modernization contract, beating out the presumptive health-records leader.

  • Sweating the OPM data breach -- Illustration by Dragutin Cvijanovic

    Sweating the stolen data

    Millions of background-check records were compromised, OPM now says. Here's the jaw-dropping range of personal data that was exposed.

  • FCW magazine

    Let's talk about Alliant 2

    The General Services Administration is going to great lengths to gather feedback on its IT services GWAC. Will it make for a better acquisition vehicle?

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above