DOT offers agencies option for security

Anticipating a shift in focus toward security services and away from Year 2000, the Transportation Department plans to establish an office that will offer agencies government-wide security services ranging from risk analysis to how to recover from a cyberattack.

DOT's Transportation Administrative Service Center plans to award a contract under the department's Information Technology Omnibus Procurement-II (ITOP-II) contract by the end of the month to provide the security services. Proposals are due March 17.

Through the new Information Technology Security Services Bureau, TASC plans to offer security services including risk analysis, security plan development, certification of sensitive systems, disaster recovery and penetration testing.

"We feel security is a major problem," said Holly Twining, principal for Information Technology Operations at TASC. "Security is a hot topic, but fixing the Year 2000 problem has taken our focus off security. We think there will be some growing interest after March 31 as agencies begin to take their eye off Year 2000 and address security issues that need to be addressed."

The Office of Management and Budget set March 31 as the deadline for agencies to have mission-critical systems fixed, tested and installed.

OMB plans to release a report this month indicating about 90 percent of all federal mission-critical systems are Year 2000-compliant.

The security services bureau plans to manage agencies' security task orders, which officials said differentiates the bureau from ITOP-II or the General Services Administration schedule, Twining said. "TASC can provide a project manager to manage an agency task order," she said. "If agencies come to us, we can manage their contract, bill the vendor and provide platforms on which to test products."

Twining said TASC is accustomed to serving DOT users' security needs. "We're taking that knowledge and using it to transition to other customers in government," she said.

"Commerce is aware of the array of services currently being provided by TASC, the quality of those services, and the degree of customer satisfaction," said Alan Balutis, deputy chief information officer at the Commerce Department. "We'd certainly be interested in any expansion of the existing services to a new area like security."

Some ITOP-II vendors, however, said they already offer similar services on ITOP-II. Debra Banning, ITOP-II program manager at Booz-Allen & Hamilton Inc., said DOT's requirements are similar to information security services Booz-Allen offers through ITOP-II, but she declined to comment on whether the company would pursue the task order. "We are considering all of the benefits and risks."

Banning said working closely with DOT to offer security services to other agencies holds some appeal because it would give the winning vendor a level of credibility it might not have if it sold directly to agencies.

Others are more skeptical about the contract. "I really think that Transportation needs to devote its resources to transportation-related programs and regulations," said a source at a civilian agency who requested anonymity.

The source expressed concern that DOT personnel may not have the expertise to ensure that the security services offered by ITOP-II vendors are in accordance with the federal government's high standards.