WASHINGTON — The Department of Homeland Security has reaffirmed a $1 billion contract won by Raytheon Co. to protect the networks of dozens of federal agencies from cyber threats, despite protests by Raytheon’s competitors.
Raytheon, based in Waltham, Mass., was picked in September as the prime contractor and systems integrator for the department’s Network Security Deployment division, which oversees cybersecurity for more than 100 civilian federal agencies.
After completing “corrective actions” following questions from the Government Accountability Office, Homeland Security last week reaffirmed Raytheon as its pick, according to Jack Harrington, vice president for cybersecurity and special missions at Raytheon Intelligence, Information and Services.
“It’s providing all of the infrastructure, all of the kind of capabilities” that will be deployed “to all of these agencies to help protect .gov,” Harrington said Monday at his office in Sterling, Va.
A spokesman said Homeland Security reaffirmed on June 2 its decision to award the contract. The deal will provide services to operate and maintain the department’s breach detection and prevention system, known as Einstein, and develop new cybersecurity capabilities.
Beefing up online security has become a priority for government agencies and companies after repeated cyber attacks. Last year, the Office of Personnel Management experienced a breach traced to hackers in China that compromised data on 21.5 million individuals.
“If you think about the federal agencies, many of them have been underserved because of budgets. When you think about even OPM, their mission is not cybersecurity, their mission is getting people cleared,” Harrington said. “This whole cybersecurity thing is a new element, and a hard element for a lot of these agencies who have budgets for many, many years that didn’t include IT security.”
In January, the GAO said Homeland Security’s National Cybersecurity Protection System “provides DHS with a limited ability to detect potentially malicious activity entering and exiting computer networks at federal agencies.” It raised concerns about the system’s ability to monitor network traffic and address threats.
Raytheon, which says it has invested more than $3.5 billion in building its cybersecurity services, will “support DHS in providing those capabilities out to those agencies,” Harrington said.
The company already works with Homeland Security as a liaison, sharing classified cyber threat intelligence with the private sector. Raytheon also shares threat indicators it finds with the Defense Department and within the defense industry, but not all companies are ready to do so. The defense and financial industries are further along in the sharing of cyber information, Harrington said. Retail industry groups have approached Raytheon about how they can start providing cyber intelligence, he said.
Maintaining cyber capabilities within the government also has been a challenge. Air Force and Navy program managers haven’t yet made “big moves” to incorporate cybersecurity requirements into bid documents or contract selections, Harrington said.
“Both the services have been looking at it very hard from the requirement side, as to how do they articulate that and what’s good enough, and how do you measure it and how much money do they have to pay for it,” Harrington said. “But we haven’t seen it come out as a big, major shift.”