'More Than Cyberprotection'

By Nick Wakeman, Staff WriterThe Safeguard Program, a General Services Administration blanket purchase agreement with 27 prime contractors, is expected to be the contract vehicle of choice as agencies begin protecting their critical infrastructures.Many in industry and government see critical infrastructure protection, which includes guarding everything from information technology systems to buildings and people, as the next big growth market once the year 2000 date code problem has passed.According to Office of Management and Budget figures, federal spending on infrastructure protection is projected to jump from $1 billion in 1999 to about $1.5 billion in 2000."I don't think that is the end number at all, but it is a good start," said Anthony Valletta, vice president of command and control systems at SRA International Inc. of Fairfax, Va. SRA is one of the 27 companies that won a blanket purchase agreement or BPA under GSA's Safeguard Program. GSA has been awarding $250 million, four-year BPAs since March, but no more are expected to be awarded.Winning BPAs were: Analytical Data Systems Engineering Corp., Anteon Corp., AverStar Inc., Booz-Allen & Hamilton Inc., CACI International Inc., Collins Consulting Group, Computer Sciences Corp., Electronic Data Systems Corp., Electronic Warfare Associates Corp., GRC International Inc., GTE Federal Network Systems (formerly BBN Corp.), GTE Information Systems Division (which is up for sale by GTE), IBM Corp., KPMG LLP, Kajax Engineering Inc., L&E Associates Inc., Litton-PRC Inc., Litton-TASC Inc., Lockheed Martin Corp., Logicon Inc., Science Applications International Corp., SRA International Inc., STG Inc., Telos Corp., Trident Data Systems, TRW Inc. and Unisys Corp.Two task orders have been awarded so far, one going to Booz-Allen & Hamilton for $322,000 worth of work at the Department of Veterans Affairs, and a second one worth $219,000 going to Unisys for work with the Military Sealift Command. While a few other task orders are in the pipeline, the volume should pick up after Jan. 1, 2000, government and industry officials said."Everyone is focused on Y2K right now," said Richard Krauss, GSA program manager for the program. "Once January rolls around, a lot of the focus will be redirected to this."The impetus behind the Safeguard Program began when President Clinton released Presidential Decision Directive 63, which told agencies to identify what their critical infrastructures are and how to protect them from terrorists, hackers and other attacks.GSA developed the Safeguard Program as a contract vehicle for agencies to use to buy the services needed to comply with the directive, Krauss said."A lot of agencies just didn't know how to get those things done," he said.To win a spot on the contract, the teams had to show capabilities in areas such as critical infrastructure asset identification, risk management, critical infrastructure continuity and contingency planning, physical infrastructure protection, information systems security and information assurance, and emergency preparedness, awareness and training. "We wanted a one-stop shop," Krauss said.The one-stop-shop approach has led to large numbers of partners and subcontractors under the primes. There are 60 partners under the 27 primes and then another 90 subcontractors, he said.With teams able to provide a broad range of services, agencies only need to turn to one prime and not several, said Valletta, who is a former acting assistant secretary for command, control, communications and intelligence at the Department of Defense."This is more than just cyberprotection," Valletta said. An agency needs to look at what its mission is and what infrastructure, including people, information systems and facilities, it needs to complete that mission, he said."That is what we are going to do," he said.Monique Smith, a program specialist for IBM Government Industry of Bethesda, Md., said the BPA allows agencies to buy the "hardware, software and services all in one place. It makes it easier to get to the solution."Year 2000 problems have heightened the awareness of how important it is for agencies to protect critical infrastructures, said John Thomas, vice president for strategic development and information assurance at AverStar of Burlington, Mass. "Y2K really set the stage for this," he said. Thomas is the former commander of the Global Network Operation and Security Center for the Defense Information Systems Agency. The year 2000 problem forced agencies to look at what they had to have to complete their missions, he said.Agencies also have been focusing more on security issues as they have begun exploring more electronic commerce projects, said Donna Alter, mission manager for global services at IBM.One of the issues the contractors will be helping customers with is developing security policies, said Rocco Youmans, program manager for the Arlington, Va.-based GTE Federal Network Systems team. "It is paramount to get the policies developed because everything is driven off of that," he said.Youmans said he expects to see more money appropriated to agencies after the year 2000 specifically for critical infrastructure protection.The Safeguard Program BPAs are only available to federal agencies, but the need for critical infrastructure goes well beyond the federal government. Company officials also are eyeing the state and local governments and commercial entities as potential markets.Attacks, cyber and otherwise, could have a devastating impact on blood bank systems, banking and financial networks, food distribution systems, power grids and water supplies, industry officials said."We are using the same team to go after these markets as well," Valletta said.