On June 21, the General Services Administration (GSA), on behalf of the Cybersecurity and Infrastructure Security Agency (CISA), issued a request for information for EINSTEIN modernization. Responses are due by 2:00 p.m. Eastern on July 14.

The GSA, Federal Acquisition Service (FAS), Region 8 is issuing a follow-up RFI on behalf of CISA. The purpose of this RFI is to assist the Government in conducting market research. CISA is interested on gaining technical feedback from industry on techniques and technologies intended to detect and respond to threats within federal agency networks. CISA plans to modernize the legacy capabilities used under the EINSTEIN program to detect threats targeting federal networks. This information will be used for market research only. The Government is not obligated to release a future solicitation based on this market research.

Initially established in 2003, EINSTEIN 1 capabilities monitor the flow of network traffic transiting to and from Federal Civilian Executive Branch (FCEB) agencies. EINSTEIN 2, first deployed in 2008, is an intrusion detection system that identifies malicious or potentially harmful computer network activity in federal government network traffic based on specific known signatures. Both capabilities are fully deployed and screen all FCEB traffic routed through physical locations managed and hosted by agencies or vendors, where a federal civilian agency consolidates its external connections and has security controls to secure and monitor the connections. The evolutions of technologies and threat landscapes have highlighted limitations in the EINSTEIN capabilities and the benefits it provides.

The visibility provided by existing EINSTEIN sensors remains a crucial enabler of CISA’s mission to protect FCEB agencies. It is one component that CISA uses to gain operational visibility, protect FCEB agencies, and respond to threats. With the limitations of EINSTEIN capabilities, CISA stands to lose that needed visibility. Consequently, a new solution may be necessary to compensate for this loss of visibility to protect FCEB agencies adequately.

For future CISA needs, the augmentation or replacement of this visibility must be considered within the current networking environment and how it may be combined and used with other data sources acquired by CISA analysts. The results will allow CISA to determine how to increase its operational visibility into and respond to malicious cyber activities against the nation and provide operationally relevant data to agencies to strengthen their networks.


Source: SAM

IC News brings you business opportunities like this one each week. If you find value in our work, please consider supporting IC News with a subscription.