HHS sets deal for intrusion detection service

HHS sets deal for intrusion detection service

Through a new task order for security services, the Health and Human Services Department has kicked off an effort to consolidate many IT services across its bureaus.

The department this month signed a five-year task order with Northrop Grumman Corp. for intrusion detection software, servers and vulnerability scanning services for all 12 of its bureaus.

'Fifteen months ago, the secretary challenged us in the IT community to develop an IT plan for HHS with explicit goals and consolidation' plans, said Jim Seligman, CIO for the Centers for Disease Control and Prevention and one of the project managers for IT consolidation at HHS.

At HHS, each bureau had created its own security program and set up its own systems and applications'some weaker than others, Seligman said. The idea is to create a more standardized security approach, he said.

'No single security prevention is going to protect you absolutely,' Seligman said. 'The core reason [for the task order] was to pull all agencies up to a minimum high-level baseline for security.'

The security project is just one of 10 consolidation initiatives HHS plans to undertake. During the summer of 2001, department and bureau chiefs identified 21 potential consolidation projects.

Based on CIO audits and reviews and general trends in industry and government, HHS in October 2001 culled the list to 10 projects, Seligman said.

'One of those 10 projects was to do a consolidated standardized contractual service for intrusion detection and routine vulnerability scanning services,' Seligman said.

Signed under a General Services Administration schedule contract held by Northrop Grumman, the deal has one base year and four one-year options. The company will integrate the RealSecure Protection Platform, from Internet Security Systems Inc. of Atlanta, on the HHS bureaus' systems.

All of the bureaus have agreed to use the new service, either to replace or to enhance their existing security measures, Seligman said. There is no requirement that the bureaus replace their hardware if it can use the new intrusion detection program. For now, each bureau will maintain its own hardware and software, he said.

The first task for Northrop Grumman is to inventory the existing security software and hardware and make an assessment about what new hardware and software will be needed.

Initially, the department expects to spend about $2.16 million on the project, but the total cost will depend on the hardware HHS will need to buy and on any software upgrades necessary to run the ISS detection app.


  • Records management: Look beyond the NARA mandates

    Records management is about to get harder

    New collaboration technologies ramped up in the wake of the pandemic have introduced some new challenges.

  • puzzled employee (fizkes/Shutterstock.com)

    Phish Scale: Weighing the threat from email scammers

    The National Institute of Standards and Technology’s Phish Scale quantifies characteristics of phishing emails that are likely to trick users.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.