Written byPatrick O’Neill
The Defense Department’s unified IT provider is on the hunt for insider threat protection cybersecurity solutions to answer lawmakers’ fears that the departmentwide network consolidation did not do enough to protect against threats from within.
Standing up the Defense Information Systems Agency-led Joint Service Provider has been a years-long process that was supposed to reach full operation last year. That hasn’t happened yet. A unified provider and the new network will result in less attack surface for outside hacks, but a House Armed Services Committee’s Subcommittee for Emerging Threats and Capabilities proposal pointed squarely at the lack of planning for insider threats.
The JSP’s newly published sources sought announcement outlines a system “to monitor and log anomalous user behavior accessing network and computer systems managed by the JSP” including 80,000 end devices across multiple networks.
“The JSP is seeking information for potential sources for a commercial off-the-shelf system (including software, hardware, support, training, and travel) to monitor and log anomalous user behavior accessing network and computer systems managed by the JSP,” the announcement reads.
It continues: “The source should have insider threat cybersecurity solutions that proactively identifies and supports investigations of user violations to allow government network administrators and security personnel to proactively manage insider threat incidents. A total of approximately 80,000 end devices will be configured across multiple networks supporting the Pentagon and National Capital Region (NCR) in a phased implementation approach, although some implementations may occur simultaneously.”
DISA wants a system that contains “privacy protection to ensure JSP Customers can detect events and individuals that put the enterprise at risk, while providing protection for everyone else. It should contain investigative tools to enable targeting, review, and investigation of events that happened before, during, and after a violation occurs to facilitate root cause analysis of the problem.”
The requirements for any prospective system includes encrypting all communications and being undetectable by the end-user.