Defense contracts worth billions cover network operations, cyberthreat sharing, Android security

The Defense Information Systems Agency (DISA) this week awarded Lockheed Martin a three-year contract to support operations and security on the Department of Defense global data network. The contract, which could be extended up to four additional years, might reach a potential $4.6 billion over seven years.

RELATED: GAO goes undercover to expose military electronic parts fraud against DoD

SECURITY: Stuxnet cyberattack by US a 'destabilizing and dangerous' course of action, security expert Bruce Schneier says

The Global Systems Management Operations (GSM-O) contract includes not just Lockheed, but teammates AT&T, ACS, Serco, BAE Systems, ManTech and others. The DoD's GSM-O is headquartered at Fort Meade, Md., home of the National Security Agency, with multiple support locations said to be across the globe. Lockheed's responsibilities under the contract, which replaces a decade-long contract awarded to SAIC, calls for network provisioning, operations, assurance and maintenance across the military's networks.

The award follows another Lockheed win last month with the DoD to provide the workforce technology underpinnings and analysis for the Department of Defense Cybercrime Center, known as DC3, run under the aegis of the Air Force, and based in Lithicum, Md. The previous contractor supporting this was General Dynamics.

DC3 program director at Lockheed, Rohan Amin, this week discussed the work being done for that project.

DC3 is concerned with all types of cybercrime that might occur related to the defense services and networks. It has been focusing on how to better share cyber-intelligence not just in the DoD, but with businesses that work closely with the DoD, Amin says.

The effort that Lockheed is assisting DoD with now involves expanding intelligence-sharing to include as many as 2,650 companies that partner with DoD today and store classified information. As Lockheed assumed the contract last month there were only 37 companies doing that, but the goal is now to have DoD bring a much wider array of companies into the intelligence-sharing effort. There is even discussion that this might proceed beyond those holding classified information.

"This is an attempt by DoD to reach out to industry in a collaborative way," says Amin about what he still considers a pilot program to get the 2,650 companies on board to securely share information about cyber-incidents. The goal is to obtain and share real-time reporting about attacks against these companies that hold classified information.

Currently there's a "secure portal to facilitate sharing of information," Amin says. The data is being stripped of any reference to specific companies or individuals before it's shared across DoD and industry partners, he says, adding a very limited number of individuals in the military will receive data that hasn't been sanitized in this way.

By sharing important and timely information about suspected cyber-incidents, such as phishing attacks, for example, it's hoped that the DoD and its industry partners will gain improved insight into attacks aimed at undermining security.


Another contract related to security that may help DoD into the future was issued by the Defense Advanced Research Projects Agency (DARPA) this week to Fairfax, Va.-based Invincea for work on security in Android-based smartphones and tablets. Android devices are undergoing real-world field tests in Afghanistan by the U.S. Army, where troops are using about 5,000 smartphones and tablets from various manufacturers. Invincea notes that the Army has basically set up its own wireless network for these 5,000 or so Android devices which are running military-specific apps.

According to Invincea, the new four-year contract, worth about $21.4 million, is a follow-up to an earlier contract Invincea worked on to come up with a secure operating system, encryption and software controls for remote wiping of the Android devices that the U.S. Army is using in Afghanistan. The latest contract awarded calls for Invincea to come up with application controls to make sure only approved apps can be downloaded, plus to devise ways to prevent any possible exploits against browsers that might have vulnerabilities, says Anup Ghosh, founder and CEO at Invincea. He says it will be much like a "whitelisting" technology for unauthorized Android apps.

The DoD does not yet have a definite plan to make mobile devices widely available to enlisted personnel, though that is a strategy being worked on, with the National Security Agency and various DoD agencies providing needed input. There is no announced plan to use only Google's Android platform either, but it has proven appealing in some regards because unlike with Apple's iOS platform, the Android operating system can be changed to suit DoD's requirements.

Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security.

Read more about wide area network in Network World's Wide Area Network section.

Join the CSO newsletter!

Error: Please check your email address.

More about AppleAustralian Computer SocietyBAE Systems AustraliaDefense Advanced Research Projects AgencyDefense Information Systems AgencyDISAGeneral DynamicsGoogleIDGLockheed MartinNational Security Agency

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Ellen Messmer

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place