Labor misses deadline to bid cyber contract, re-ups with Accenture

The Labor Department is extending a cybersecurity deal with Accenture after a long-term contract expired with no replacement in the wings, according to a sole-source contract justification made public on Feb. 10.

The Jan. 28 document came days before Labor's original $16 million contract with Accenture was set to expire. The amount of the contract renewal was redacted, but the extension has a ceiling of three years.

According to officials, the 2010 contract needed to be renewed because otherwise the department would be exposed to cyberattack and its progress on the cybersecurity sprint would be stalled or even reversed.

Putting a new company on the job would have significantly degraded security safeguards, according to contracting documents. Officials warned that "operational security defenses currently being implemented and monitored by the current vendor for the department's enterprise infrastructure will cease immediately" if Accenture were forced to stop work on Jan. 31, when the original contract expired.

A change in vendor would also risk the wrath of Congress and the Office of Management and Budget, which are tracking Labor's progress on the governmentwide cybersecurity sprint.

"If DOL cybersecurity deliverables are not completed on time, DOL would need to report delays to both the U.S. Congress and Office of Management and Budget and will not be able to demonstrate [that] adequate security measures are in place" to protect the department's critical assets, according to the justification.

Identifying and reporting high-value assets was a key part of the Cybersecurity Strategy and Implementation Plan released by the Obama administration last fall.

Labor posted middling results in last summer's 30-day sprint to implement two-factor authentication, the precursor to the cybersecurity strategy. Department officials said they plan to develop and release a new competitive solicitation within the year.