NSF gets outside help

The National Science Foundation is using managed security services to meet the round-the-clock demands of the Internet environment.

"We just don't have the staff to provide the 24/7 services" needed to protect the systems, said Dara Murray, automated data processing security officer at NSF.

To make up for this shortfall, the organization tapped Network Securities Technology Inc. (Netsec) to provide continuous management of intrusion- detection systems. Acquired via the General Services Administration's Federal Supply Service schedule, the contract is worth $182,540 for the initial year of services. There are two option years for which a price has not yet been set.

Under the contract, Netsec provides continuous intrusion-detection system management and monitoring, regular vulnerability assessments and the implementation of security product upgrades.

NSF opted to upgrade its security "to prove to our customers that we are protecting our infrastructure internally before we go outside," Murray said. "We wanted to make sure that hackers couldn't use our systems to attack other networks," as occurs in denial-of- service attacks.

The services also boost NSF's effort to comply with the Government Information Security Reform Act, which requires agencies to submit vulnerability assessments and security improvement plans by September.