DOD on the hunt for security solutions

Recent RFIs focus on virtualization-based security strategeies and commercial solutions for defending against denial-of-service attacks

The Defense Department is asking industry to provide input on two potential initiatives aimed at improving the security of the department's systems.

In a request for information issued earlier this month, the department is asking industry vendors whether virtualization technology might make it easier to secure networks and systems.

In a virtualization-based infrastructure, multiple networks and systems are treated as one common pool of technology in terms of how they are managed and allocated to users.

In theory, virtualization could make it easier to secure those systems. For example, administrators could manage servers used to browse Web sites or handle e-mail -- both of which can expose a network to security risks -- separately from other systems. Likewise, servers that handle sensitive information or operations could be placed in virtual trusted enclaves.

Modern operating systems and many applications in traditional data centers might be too large to secure effectively, according to DOD.

“It may be that the era of monolithic general-purpose operating systems is nearing its end and could be replaced by a cluster of modules or virtual appliances acting in concert to perform services traditionally supplied by operating systems,” the request states.

The Defense Industrial Base Cyber Security/ Information Assurance Task Force, which the department created in 2007, will review the industry information and determine whether virtualization is a viable strategy, according to the RFI.

Meanwhile, the Defense Information Systems Agency wants to deal with a more tactical problem: distributed denial-of-service attacks.

In such attacks, an individual or group attempts to bring down a Web site by overwhelming it with traffic. Distributed denial-of-service attacks attacks made headlines earlier this month when government and private sector sites in the United States and South Korea came under attack.

The agency has issued an RFI looking for solutions that could give administrators a clear and timely picture of what is happening on their networks, alert them in the event of suspicious activity and provide options for mitigating attacks, the notice states.

“The goal of this solution is to detect and mitigate all DDOS attempts to disrupt [Defense Department] network communications and to detect internal assets displaying anomalous behavior across the Internet-to-NIPRnet boundary,” the notice states.

DISA said it’s interested in a tool that can report distributed denial-of-service events within five minutes of the start of the attack. Officials also want the solution to monitor inbound and outbound traffic at 11 worldwide access points to the Internet from the Unclassified but Sensitive IP Router Network (NIPRnet).

The RFI asks vendors to provide details on their proposed solutions’ capabilities for detection, mitigation, monitoring, logging, reporting and alerting. DISA also wants information on proposed systems’ security, administration, architectures, and cost and schedule estimates.

About the Authors

Ben Bain is a reporter for Federal Computer Week.

Doug Beizer is a staff writer for Federal Computer Week.

Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.