Senate, DSS eyeing threat scanning systems
Civilian and defense agencies are looking for ways to filter data on potential cyber security threats across the Internet.
Both the Defense Security Service (DSS) and the U.S. Senate Sergeant at Arms issued requests for information from firms that could provide services to gather threat information from multiple sources.
The DSS, which specializes in personnel security investigations and security education and awareness training, said it is looking for “sources to provide a service which compiles cyber threat sources and aggregates this data from the Internet.”
DDS will require a firm to provide a single (Secure Socket Layer) web graphical user interface that would let users query and view data on the activity of botnets, including Dridex, Solar and Jedobot families.
DDS wants to be able to access data on victim IP addresses as well as the nature and duration of recent attacks. Other features on DDS’s wish list include the ability to gather and query:
- Global network information, including neighboring routers and trace route histories;
- Host operating system data in response to a query, including port and web server information;
- Global TCP and user datagram protocol scanning activity and related geolocation information;
- Access by nickname, email, URL abd keywords to data from sources such as Pastebin and pastie.org, sites used to share source code snippets.
DDS says it also want the service to offer an APIs for both input and outputs of the system and the ability to notify users when a query is complete.
In the Senate, the Sergeant at Arms (SAA) office released a similar request for information, for an off-the-shelf system to automatically scan public-facing Senate websites for various application vulnerabilities.
In its RFI, the SAA said an Enterprise Vulnerability Scanning System (EVSS) would automatically scan networked devices to reveal vulnerabilities associated with each device, such as missing updates or misconfigured applications.
SAA estimated that EVSS would need to scan 20-30 internal web applications and about 150 external web applications per month as well as about 100 externally-accessible IP addresses and 150 internal addresses.
The SAA said it wants the chosen contractor to perform regular security control reviews of its systems and ensure that all software security updates are applied before connecting the new system to the Senate IT infrastructure.
At the same time, the office also said it would reserve the right to perform vulnerability assessments of the contractor’s systems “to ensure the systems do not threaten the confidentiality, integrity or availability of Senate information systems.”
Connect with the GCN staff on Twitter @GCNtech.