Contract Award: Northrop Grumman to implement Cyber Protection for U.S. DoD

News Report

Just a few days after being awarded the NATO NCIRC contract in partnership with Finmeccanica, Northrop Grumman announced the acquisition of a cybersecurity task order by the U.S. Defense Information Systems Agency (DISA) to strengthen cybersecurity protections across all Department of Defense (DoD) and Intelligence Community networks by implementing the Host Based Security System (HBSS) as part of the U.S. DoD Information Assurance and Computer Network Defense contract.

The task order was competitively awarded under the Encore 2 contract vehicle and is valued at $189 million over a three-year base period with two one-year options. As prime integrator, Northrop Grumman will provide software license maintenance support, training, help desk and architectural infrastructure support personnel.

Under the terms of the contract, Northrop Grumman will provide support in architecting, engineering, maintaining, deploying and implementing the HBSS solution. This includes but is not limited to the Combatant Commanders, Services, Field Activities and Agencies and the intelligence community's networks and associated host platforms.

The Technology

HBSS is the U.S. DoD's commercial-off-the-shelf suite of automated and standardized software used to provide enhanced host based security – security on desktops and laptops versus at the boundary such as routers and switches – against both inside and external threats.

HBSS monitors, detects, and counters against known cyber-threats to U.S. DoD Enterprise. Under the sponsorship of the Enterprise-wide Information Assurance and computer Network Defense Solutions Steering Group (ESSG), the HBSS solution will be attached to each host (server, desktop, and laptop) in DoD. The system will be managed by local administrators and configured to address known exploit traffic using an Intrusion Prevention System (IPS) and host firewall. DISA PEO-MA is providing the program management and supporting the deployment of this solution.

Comments

 "Cybersecurity is one of Northrop Grumman's four core businesses due to its vital role in our nation's defense," said Karen Williams, vice president of Northrop Grumman's Defense Technologies Division. "The HBSS award reinforces Northrop Grumman's position as a top provider of defense-in-depth cybersecurity solutions across the DoD and intelligence domains."

"Our Northrop Grumman team brings a wealth of cybersecurity integration experience and capabilities to help ensure that all five million end-points are protected across the DoD and intelligence community," said Sam Abbate, vice president of defense enterprise solutions for Northrop Grumman. "We look forward to working with DISA to continue our support to these communities in this critical cybersecurity function."

The Context

The U.S. Defense Information Systems Agency (DISA), at the request of the United States Strategic Command (USSTRATCOM) and in support of National Security goals established by the President; started the acquisition from industry of a capability that will develop and deploy an automated Host-Based Security System (HBSS) solution, that will provide network administrators and security personnel with mechanisms to prevent, detect, track, report, and remediate malicious computer-related activities and incidents across all U.S. DoD networks and information systems.

In October 2007, U.S. DoD mandated HBSS for eventual installation on all unclassified and classified networks. Full implementation of HBSS is critical to defending government networks from an increasing number of sophisticated cyber attacks. HBSS provides system administrators significant improvements in situational awareness and drastically reduces or eliminates the effectiveness of cyber attacks, ensuring vital network capabilities are available to warfighters.

Back in 2010, Mark Orndorff, director of PEO MA/NetOps, wrote that DISA was attempting to transform HBSS into a tool for continuous monitoring of DOD networks. “We’re building out an enterprise architecture to take what was originally designed to improve the security of end-points but then pull information from a system and correlate it to a DOD enterprise level so that commanders operating and defending the network will know the status of their security posture, giving us a readiness report card that’s machine-generated. It will give us the ability to collect and correlate alarms as attacks propagate around the network — essentially letting us know what’s on the network. It will also give us the ability to look for what we call rogue systems.”

Northrop Grumman has been working on the deployment of HBSS since 2008. The company recently completed deployment of HBSS 3.0 across 263 active duty U.S. Air Force bases and Air National Guard sites around the world.

Currently, DISA is looking beyond HBSS for ways to more closely monitor DOD networks. One solution involves network appliances that perform deep packet inspection on data that crosses DISA’s networks. That capability allows DISA to move toward its goal of full situational awareness for traffic traveling along the Global Information Grid.

References: Northrop Grumman (1), DISA (2), DefenseSystems (3)