DOT offers agencies option for security

Anticipating a shift in focus toward security services and away from Year 2000, the Transportation Department plans to establish an office that will offer agencies government-wide security services ranging from risk analysis to how to recover from a cyberattack.

DOT's Transportation Administrative Service Center plans to award a contract under the department's Information Technology Omnibus Procurement-II (ITOP-II) contract by the end of the month to provide the security services. Proposals are due March 17.

Through the new Information Technology Security Services Bureau, TASC plans to offer security services including risk analysis, security plan development, certification of sensitive systems, disaster recovery and penetration testing.

"We feel security is a major problem," said Holly Twining, principal for Information Technology Operations at TASC. "Security is a hot topic, but fixing the Year 2000 problem has taken our focus off security. We think there will be some growing interest after March 31 as agencies begin to take their eye off Year 2000 and address security issues that need to be addressed."

The Office of Management and Budget set March 31 as the deadline for agencies to have mission-critical systems fixed, tested and installed.

OMB plans to release a report this month indicating about 90 percent of all federal mission-critical systems are Year 2000-compliant.

The security services bureau plans to manage agencies' security task orders, which officials said differentiates the bureau from ITOP-II or the General Services Administration schedule, Twining said. "TASC can provide a project manager to manage an agency task order," she said. "If agencies come to us, we can manage their contract, bill the vendor and provide platforms on which to test products."

Twining said TASC is accustomed to serving DOT users' security needs. "We're taking that knowledge and using it to transition to other customers in government," she said.

"Commerce is aware of the array of services currently being provided by TASC, the quality of those services, and the degree of customer satisfaction," said Alan Balutis, deputy chief information officer at the Commerce Department. "We'd certainly be interested in any expansion of the existing services to a new area like security."

Some ITOP-II vendors, however, said they already offer similar services on ITOP-II. Debra Banning, ITOP-II program manager at Booz-Allen & Hamilton Inc., said DOT's requirements are similar to information security services Booz-Allen offers through ITOP-II, but she declined to comment on whether the company would pursue the task order. "We are considering all of the benefits and risks."

Banning said working closely with DOT to offer security services to other agencies holds some appeal because it would give the winning vendor a level of credibility it might not have if it sold directly to agencies.

Others are more skeptical about the contract. "I really think that Transportation needs to devote its resources to transportation-related programs and regulations," said a source at a civilian agency who requested anonymity.

The source expressed concern that DOT personnel may not have the expertise to ensure that the security services offered by ITOP-II vendors are in accordance with the federal government's high standards.


  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

  • Comment
    Pilot Class. The author and Barbie Flowers are first row third and second from right, respectively.

    How VA is disrupting tech delivery

    A former Digital Service specialist at the Department of Veterans Affairs explains efforts to transition government from a legacy "project" approach to a more user-centered "product" method.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.