Industry Response to GovNet RFI Strong Analysis of How to Better Secure Key Government Communications Moves to Next Phase

GSA # 9910

November 28, 2001
Contact: Bill Bearden (202) 501-1231
bill.bearden@gsa.gov

Washington, DC -- At the request of the President's Cyberspace Security Advisor, the U.S. General Services Administration released a Request for Information (RFI) to the U.S. telecommunications industry on October 10, 2001, seeking information and suggestions on how to better secure key internal government communications.

The project, called GovNet, asks industry to evaluate building a "corporate intranet" on an air-gapped network, to be used by interested federal agencies in addition to their existing internet connectivity. The RFI also requested that industry propose other ways for the federal government to better secure certain critical classes of internal government communication from external attacks that are common on internet-connected systems.

"As blended virus-worm-DDOS attacks become more common and sophisticated, prudent risk management requires that we look at all of the alternatives," said Richard Clarke, Special Advisor to the President for Cyberspace Security. "Some things the Federal government does are sufficiently important that they need extra protection, for example: air traffic control, manned space flight, disaster relief, and law enforcement. Encryption is not enough, I am also concerned with minimizing service outages caused by DDOS attacks."

By the RFI deadline last week, written responses from 167 companies had been received. GSA has organized an RFI evaluation team consisting of representatives from 16 Federal agencies. Also, the Software Engineering Institute of Carnegie Mellon will do an independent evaluation of the RFI responses.

"This is a very strong industry response, and we really appreciate all of the time and effort that went into generating the many comprehensive submissions," said John Johnson, GSA's Federal Technology Service Assistant Commissioner for Service Development. "We will thoroughly analyze all of the responses, and report back to the White House by February, 2002."

"Based on the analysis of the RFI responses, we will determine the next steps," Clarke said. "I really appreciate the many constructive and creative responses from industry experts from around the country."

(NOTE: DDOS stands for distributed denial of service.)