DHS seeks assessment of cybersecurity market for smaller companies

The Department of Homeland Security wants to know more about the state of the market for affordable cybersecurity protection for small and medium-sized businesses. In a request for information released Feb. 20, DHS said it wants to learn more about the role the cybersecurity industry might play in helping such companies adopt the Cybersecurity Framework released by the National Institute of Standards and Technology earlier this month.

The move is part of a voluntary program called the Critical Infrastructure Cyber Community, which seeks to connect companies, especially those that handle critical infrastructure, with available resources to secure and protect operations and networks.

"DHS issued this RFI to engage the private-sector community towards driving markets and innovation through economies of scale to deliver the best cybersecurity to all of our companies and citizens," Phyllis Schneck, deputy undersecretary for cybersecurity at DHS' National Protection and Programs Directorate, told FCW in an emailed statement.

The RFI is geared to providers of managed security services, network monitoring, and other diagnostic and protective systems, and seek answers on how the NIST framework might change the business landscape and make services more accessible and affordable to small and midsize companies. Specifically, DHS asks whether a company that adopts the NIST framework might merit lower service prices, if government has a role to play in touting the value of cybersecurity products to such companies, whether there are policy or technical impediments to offering services to such companies, and whether the government should define what adoption of the NIST framework entails.

A robust market exists to provide those services to large enterprises, but it is not clear if these providers can scale their services to suit smaller companies. "DHS seeks to understand the landscape of capabilities available to SMBs and ways to encourage economies of scale so SMBs can benefit from the rapid advances in cybersecurity and technology," the RFI states.

"I think they will probably analyze the information and determine if this is an area where there is a gap, and what are the appropriate roles for the department, and how they can influence it appropriately," said Evan Wolff, a partner at law firm Crowell and Moring and a former special assistant to DHS' assistant secretary for infrastructure protection.

DHS is collecting responses to the RFI through April 20.