Federal patch service to stop

After a year spent helping federal agencies patch their insecure operating systems, government officials say they plan to leave that role to others.

This week, DHS officials said that the department will get out of the business of distributing security patches because the private sector is better at it than the federal government. Lawrence Hale, deputy director of the United States Computer Emergency Response Team, could not say exactly when the department would stop offering a service called Patch Authentication and Dissemination Capability (PADC). But he suggested that agencies would soon have to find commercial alternatives to the government's free service. Forty-seven federal agencies now use it.

When the federal government began planning the patch distribution service more than three years ago, Hale said that the idea of offering patch management assistance was ahead of its time. But by the time the government had awarded a contract to a company that could provide the service, other commercial alternatives had surpassed the limited offering that the government had contracted.

Many companies now sell patch management as part of an integrated configuration management service that includes vulnerability scanning, patch installation and asset management. The PADC service is for patch installation only. Agencies that use the free service buy the other services separately if they want them, but at prices that are often higher than those of the integrated commercial packages, Hale said.

General Dynamics Corp. and its Veridian Corp. subsidiary provide the government's patch management service under a $10 million contract.

Featured

  • Cybersecurity
    Boy looks under voting booth at Ventura Polling Station for California primary Ventura County, California. Joseph Sohm / Shutterstock.com

    FBI breach notice rules lauded by states, but some want more

    A recent policy change by the FBI would notify states when their local election systems are hacked, but some state officials and lawmakers want the feds to inform a broader range of stakeholders in the election ecosystem.

  • paths (cybrain/Shutterstock.com)

    Does strategic planning help organizations?

    Steve Kelman notes growing support for strategic planning efforts -- and the steps agencies take to keep those plans relevant.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.