Senate Explores Outsourcing Security Services - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Government // Cybersecurity
09:06 AM
Connect Directly

Senate Explores Outsourcing Security Services

The US Senate might outsource core cyber security support to a managed security service. Candidate tasks include network security monitoring, threat analysis, incident reporting, vulnerability analysis, and security engineering and research.

H-1B Visa Program: 13 Notable Statistics
H-1B Visa Program: 13 Notable Statistics
(Click image for larger view and slideshow.)

In a break from its current in-house service delivery model, the United States Senate might use managed security services providers for some of its core cyber security support requirements.

Some of the support functions being considered as candidates for outsourcing to a third party include network security monitoring, threat analysis, incident reporting, vulnerability analysis, and security engineering and research.

The only significant support functions that are not suitable for outsourcing include program management, quality assurance management, contractor supervision, technology assessment, and security policies and standards.

[Want more on the government's attitude toward the cloud? Read DoD Changes Cloud Computing Policy.]

Details of the Senate's interest in exploring a managed service option for some security functions are contained in a notice recently posted by the Office of the Sergeant at Arms at the US Senate. The notice seeks information from vendors able to deliver the services from their own facilities.

Vendors will be required to assist the Senate's technology staff in monitoring networks for threats, provide incident reporting and analysis and research, and evaluate and test security products and technologies. In addition, they will have to be subject matter experts in areas such as advanced persistent threat (APT) detection and mitigation and be willing to assist Senate staffers in operating and maintaining enterprise vulnerability assessments tools, the notice said.

The outsourcing route is one of two options currently under consideration by the Senate. The other option is to stick mostly with the status quo, which is to procure the support services using a combination of contractor-supplied resources and in-house personnel, equipment, and security operating centers.

111th US Senate class photo.
(Image: Wikipedia)
111th US Senate class photo.
(Image: Wikipedia)

The notice does not offer any explanation for the Senate's new interest in outsourcing key security functions to third-party providers. But it makes clear that the Senate intends to exert as much control as it can over any security outsourcing arrangement. The Senate, for instance, will maintain sole custody of all data under a managed service arrangement. It will insist on access to all security metadata maintained by the service provider in order to respond to threats faster.

Any managed service provider that is selected for the task will also need to provide the services using personnel who are US citizens working in US-based facilities and on computers, storage systems, and networks located on US soil.

It's unclear how quickly, or even whether, the Senate ultimately will outsource security support functions to a third party. The notice is merely an expression of its interest in considering other options to its current security delivery model. Even so, the Senate's interest in at least exploring the option is interesting, considering that a vast majority of federal IT professionals remain wary about migrating any IT service to the cloud.

In a MeriTalk survey of 153 federal IT professionals this September, 89% expressed concern about moving to cloud services for a variety of reasons. Forty-three percent of those surveyed compared moving to the cloud to giving a teenager the keys to a new convertible.

Many cited a lack of proper data governance as a reason for their reluctance to move applications and services to the cloud. Close to 80% cited security as one of the biggest reasons for holding back from the cloud.

To meet obligations -- and avoid accusations of coverup and incompetence -- federal agencies must get serious about digitizing records. Get the No Excuse For Missing Documents Tech Digest from InformationWeek Government today (free registration required).

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
8/11/2018 | 3:03:36 AM
Pending Review
This comment is waiting for review by our moderators.
User Rank: Apprentice
7/21/2017 | 8:13:33 AM
I haven't any word to appreciate this post.....Really i am impressed from this post....the person who create this post it was a great human..thanks for shared this with us.
User Rank: Apprentice
12/9/2014 | 11:34:18 AM
Contractors are not Cheap
I work for the Federal Government and I can see a need for augmenting IT and cybersecurity with contractors. But *not* outsourcing the basic function of it. Seriously? The contractors I work with are getting paid far better than me. At least 4 were on long term contracts for a total of 15 years before the contract changed hands. Then they just moved to a different company. If the arguement against civil servants is that their benefits are too expensive, one has to wonder what is saved by hiring expensive contractors that resist government oversight. How? The government simply becomes a "customer" and the contrator- while well meaning and very skilled- proceeds to do what the company wishes for them to do- which may or may not align with the government needs/wishes. There are several times I have seen managers throw their hands up over personnel issues they are unable to rectify because the only person who has any sway with the contractors in question is the COR- who only asks if the terms of the contract are being fulfilled. Our government is putting far too much power into the hands of private vendors. We are selling our integrity.
User Rank: Ninja
12/4/2014 | 11:33:08 AM
What for?
With one hundred members and thousands of employees, I think it highly likely that the US Senate has enough computer work to keep at least a small staff of professionals busy full time and if it doesn't, the Congress as a whole definitely does.  If political patronage is the issue, then I can't think it would be hard to extend reasonable civil service protections (under whatever name; but not necessarily the overwrought ones granted to executive branch employees) to career employees with no public policy making functions.  If the existing staff isn't doing its job right, then fix that problem either by giving people the time, training, and resources needed to do their jobs; and/or replacing the people who cannot or will not perform acceptably.  Then if after that, the computing staff decides that outsourcing is necessary to meet some temporary needs, then they should have the authority to make the necessary arrangements without bothering the leadership.

I see absolutely no logical reason to outsource permanent functions if there is enough work to keep someone busy full time and think it's absolutely ridiculous for government to do so; if for no other reason than that in house employees have their careers invested in the institutions that employ them, while contractors have to treat the institution as just another customer.  And contractors can be even harder to fire than career civil service people, as they can afford better lawyers and are allowed to write off lobbying as a business expense.

User Rank: Ninja
12/2/2014 | 2:24:42 PM
Bigger Question
Why would the Senate have it's own IT?  Shouldn't this be part of a larger government entity that, because of its size, has sufficient internal talent or at least a substantially better position from which to negotiate contracts?
Top 10 Data and Analytics Trends for 2021
Jessica Davis, Senior Editor, Enterprise Apps,  11/13/2020
Where Cloud Spending Might Grow in 2021 and Post-Pandemic
Joao-Pierre S. Ruth, Senior Writer,  11/19/2020
The Ever-Expanding List of C-Level Technology Positions
Cynthia Harvey, Freelance Journalist, InformationWeek,  11/10/2020
White Papers
Register for InformationWeek Newsletters
Current Issue
Why Chatbots Are So Popular Right Now
In this IT Trend Report, you will learn more about why chatbots are gaining traction within businesses, particularly while a pandemic is impacting the world.
Flash Poll