DoD's $34.7M Cyber Security Audit Contract Awarded to KBR Wyle Services for DHA Support
Contract Overview
Contract Amount: $34,725,452 ($34.7M)
Contractor: KBR Wyle Services, LLC
Awarding Agency: Department of Defense
Start Date: 2014-09-30
End Date: 2017-09-29
Contract Duration: 1,095 days
Daily Burn Rate: $31.7K/day
Competition Type: FULL AND OPEN COMPETITION
Number of Offers Received: 7
Pricing Type: COST PLUS FIXED FEE
Sector: IT
Official Description: IGF::OT::IGF DEFENSE HEALTH AGENCY CYBER SECURITY AUDIT AND COMPLIANCE SUPPORT REQUIRES PROJECT EXECUTION, INFORMATION ASSURANCE, CERTIFICATION AND ACCREDITATION AND NETWORK ENGINEERING SERVICES. THIS SUPPORT INCLUDES ALL DOD MILITARY HEALTH SERVICES SITES, WHICH VARY IN SIZE FROM 1500 TO OVER 60,000 SERVER, WORKSTATION, AND MEDICAL DEVICE ASSETS AND SUPPORT AS MANY AS 35 TO 45 PROGRAMS OF RECORD SYSTEMS.
Place of Performance
Location: NORTH CHARLESTON, CHARLESTON County, SOUTH CAROLINA, 29419
Plain-Language Summary
Department of Defense obligated $34.7 million to KBR WYLE SERVICES, LLC for work described as: IGF::OT::IGF DEFENSE HEALTH AGENCY CYBER SECURITY AUDIT AND COMPLIANCE SUPPORT REQUIRES PROJECT EXECUTION, INFORMATION ASSURANCE, CERTIFICATION AND ACCREDITATION AND NETWORK ENGINEERING SERVICES. THIS SUPPORT INCLUDES ALL DOD MILITARY HEALTH SERVICES SITES, WHICH VARY IN SIZE FR… Key points: 1. Contract provides essential cybersecurity, information assurance, and network engineering for the Defense Health Agency. 2. Scope covers a wide range of military health services sites and numerous programs of record systems. 3. The contract's duration of 1095 days indicates a significant, ongoing need for these services. 4. Awarded through full and open competition, suggesting a robust market for these specialized services. 5. The cost-plus-fixed-fee contract type allows for flexibility but requires careful oversight of costs. 6. Performance is concentrated in South Carolina, potentially impacting local workforce and economy.
Value Assessment
Rating: good
The contract value of approximately $34.7 million over three years for comprehensive cybersecurity and engineering services for the Defense Health Agency appears reasonable given the scope. While direct comparisons are difficult without specific service-level data, the breadth of support required across numerous military health sites and programs of record suggests a significant undertaking. The cost-plus-fixed-fee structure necessitates diligent monitoring to ensure cost efficiency and prevent scope creep, but it also allows for adaptation to evolving cyber threats.
Cost Per Unit: N/A
Competition Analysis
Competition Level: full-and-open
This contract was awarded under full and open competition, indicating that multiple capable vendors had the opportunity to bid. The presence of 7 bidders (no) suggests a competitive market for these specialized engineering and cybersecurity services. This level of competition is generally favorable for price discovery and can lead to better value for the government.
Taxpayer Impact: Full and open competition typically results in more competitive pricing, which benefits taxpayers by ensuring the government is not overpaying for essential services.
Public Impact
Benefits military health services by ensuring the security and reliability of IT systems supporting patient care. Delivers critical cybersecurity audit, compliance, and network engineering services. Geographic impact is broad, covering all Department of Defense military health services sites. Workforce implications include specialized IT and cybersecurity professionals required for contract performance.
Waste & Efficiency Indicators
Waste Risk Score: 50 / 10
Warning Flags
- Cost-plus-fixed-fee contracts can lead to cost overruns if not managed tightly.
- The broad scope across numerous sites and systems presents a complex management challenge.
- Reliance on a single contractor for critical cybersecurity functions warrants ongoing performance monitoring.
Positive Signals
- Awarded through full and open competition, indicating a healthy market and potential for competitive pricing.
- The contract addresses a critical need for cybersecurity within the defense health infrastructure.
- The contractor, KBR Wyle Services, likely possesses specialized expertise required for this complex task.
Sector Analysis
This contract falls within the Engineering Services sector, specifically focusing on cybersecurity and IT infrastructure support for a major government health agency. The market for cybersecurity services is substantial and growing, driven by increasing cyber threats and regulatory requirements. Comparable spending benchmarks would typically involve other large-scale IT and cybersecurity support contracts for federal agencies, particularly within the defense and healthcare sectors.
Small Business Impact
The data indicates this contract was not set aside for small businesses (sb: false). Given the specialized nature of cybersecurity audit and compliance support for a large agency like the DHA, it is unlikely that small businesses would be the primary awardees without specific set-aside provisions. Subcontracting opportunities for small businesses may exist, but are not explicitly detailed in the provided data.
Oversight & Accountability
Oversight for this contract would typically be managed by the contracting officer and the Defense Contract Management Agency (DCMA). The cost-plus-fixed-fee structure necessitates rigorous financial oversight to ensure costs are reasonable and allocable. Transparency is generally maintained through contract reporting mechanisms, and the Inspector General for the Department of Defense would have jurisdiction over any potential fraud, waste, or abuse.
Related Government Programs
- DoD Cybersecurity Initiatives
- Defense Health Agency IT Modernization
- Federal Information Security Management Act (FISMA) Compliance
- IT Services for Healthcare Providers
- Cybersecurity Auditing Services
Risk Flags
- Cost-Plus-Fixed-Fee contract type requires diligent oversight.
- Broad scope across numerous sites and systems presents management complexity.
- Cybersecurity is a constantly evolving threat landscape.
Tags
it-services, cybersecurity, defense-health-agency, department-of-defense, engineering-services, full-and-open-competition, cost-plus-fixed-fee, delivery-order, south-carolina, audit-and-compliance
Frequently Asked Questions
What is this federal contract paying for?
Department of Defense awarded $34.7 million to KBR WYLE SERVICES, LLC. IGF::OT::IGF DEFENSE HEALTH AGENCY CYBER SECURITY AUDIT AND COMPLIANCE SUPPORT REQUIRES PROJECT EXECUTION, INFORMATION ASSURANCE, CERTIFICATION AND ACCREDITATION AND NETWORK ENGINEERING SERVICES. THIS SUPPORT INCLUDES ALL DOD MILITARY HEALTH SERVICES SITES, WHICH VARY IN SIZE FROM 1500 TO OVER 60,000 SERVER, WORKSTATION, AND MEDICAL DEVICE ASSETS AND SUPPORT AS MANY AS 35 TO 45 PROGRAMS OF RECORD SYSTEMS.
Who is the contractor on this award?
The obligated recipient is KBR WYLE SERVICES, LLC.
Which agency awarded this contract?
Awarding agency: Department of Defense (Department of the Navy).
What is the total obligated amount?
The obligated amount is $34.7 million.
What is the period of performance?
Start: 2014-09-30. End: 2017-09-29.
What is the track record of KBR Wyle Services, LLC in performing similar cybersecurity and engineering contracts for the Department of Defense?
KBR Wyle Services, LLC has a history of performing various services for the Department of Defense, including engineering, technical, and professional support. While specific details on past cybersecurity audit and compliance contracts of this exact scope are not provided, their general experience within the defense sector suggests a capability to handle complex technical requirements. A deeper dive into their past performance evaluations and contract history would be necessary to fully assess their track record for this specific type of work. This would involve reviewing performance metrics on previous DoD contracts, any past issues or disputes, and client feedback to gauge their reliability and effectiveness in delivering similar services.
How does the awarded value of $34.7 million compare to similar cybersecurity support contracts for federal health agencies?
Comparing the $34.7 million contract value requires context regarding the scope, duration, and specific services rendered. Cybersecurity support for large federal health agencies is inherently complex and costly due to the sensitive data involved and the extensive IT infrastructure. Contracts for similar services, such as IT security, network engineering, and compliance support for agencies like the Veterans Affairs or other large DoD components, can range from tens to hundreds of millions of dollars over several years. The provided contract's duration of three years and its coverage of numerous DHA sites and systems suggest that the value is within a reasonable range for the services required, assuming effective performance and cost management.
What are the primary risks associated with this contract, and what mitigation strategies are likely in place?
Primary risks include potential cost overruns due to the cost-plus-fixed-fee structure, scope creep as cyber threats evolve, and performance issues in delivering comprehensive cybersecurity across diverse military health sites. Mitigation strategies likely involve robust contract oversight, detailed performance work statements, regular progress reviews, and clear change management processes. The government would closely monitor expenditures against the fixed fee and ensure that any changes to the scope are properly justified and funded. Furthermore, performance metrics and service level agreements would be crucial for ensuring the contractor meets the required cybersecurity standards.
How effective is the current cybersecurity posture of the Defense Health Agency, and how does this contract contribute to its improvement?
This contract directly contributes to improving the DHA's cybersecurity posture by providing essential audit, compliance, and engineering services. These services are critical for identifying vulnerabilities, ensuring adherence to security protocols, and maintaining the integrity of sensitive health information. The effectiveness of the DHA's overall cybersecurity is a continuous process, and contracts like this are vital components. They enable proactive threat detection, risk mitigation, and the implementation of necessary security controls, thereby strengthening the agency's defenses against cyberattacks and ensuring the confidentiality and availability of critical health data.
What has been the historical spending trend for cybersecurity and IT support services by the Defense Health Agency over the past five years?
Historical spending data for the Defense Health Agency on cybersecurity and IT support services over the past five years would reveal trends in investment in these critical areas. While specific figures are not provided here, it is generally understood that federal agencies, particularly within the Department of Defense, have seen increasing budgets allocated to cybersecurity due to the escalating threat landscape. This trend likely applies to the DHA as well, indicating a growing emphasis on protecting health information systems. Analyzing past spending would provide context for the $34.7 million award, showing whether it represents an increase, decrease, or stable level of investment in these services.
What specific types of cyber threats or vulnerabilities is this contract designed to address for the DHA?
This contract is designed to address a broad spectrum of cyber threats and vulnerabilities relevant to a large healthcare IT infrastructure. This includes threats such as malware, ransomware, phishing attacks, insider threats, and unauthorized access attempts. It also focuses on ensuring compliance with various cybersecurity regulations and standards (e.g., HIPAA, NIST guidelines, DoD directives). The services provided, including audits and certifications, help identify weaknesses in systems, networks, and data protection measures, allowing for remediation before they can be exploited by malicious actors. The goal is to maintain the confidentiality, integrity, and availability of patient health information and critical operational systems.
Industry Classification
NAICS: Professional, Scientific, and Technical Services › Architectural, Engineering, and Related Services › Engineering Services
Product/Service Code: IT AND TELECOM - INFORMATION TECHNOLOGY AND TELECOMMUNICATIONS › ADP AND TELECOMMUNICATIONS
Competition & Pricing
Extent Competed: FULL AND OPEN COMPETITION
Solicitation Procedures: SUBJECT TO MULTIPLE AWARD FAIR OPPORTUNITY
Offers Received: 7
Pricing Type: COST PLUS FIXED FEE (U)
Evaluated Preference: NONE
Contractor Details
Parent Company: KBR, Inc. (UEI: 784072626)
Address: 7000 COLUMBIA GATEWAY DR STE 100, COLUMBIA, MD, 21046
Business Categories: Category Business, Corporate Entity Not Tax Exempt, Not Designated a Small Business, Special Designations, U.S.-Owned Business
Financial Breakdown
Contract Ceiling: $40,452,446
Exercised Options: $40,452,446
Current Obligation: $34,725,452
Subaward Activity
Number of Subawards: 1
Total Subaward Amount: $155,919
Contract Characteristics
Commercial Item: COMMERCIAL ITEM PROCEDURES NOT USED
Cost or Pricing Data: NO
Parent Contract
Parent Award PIID: N6523613D4956
IDV Type: IDC
Timeline
Start Date: 2014-09-30
Current End Date: 2017-09-29
Potential End Date: 2017-09-29 00:00:00
Last Modified: 2018-10-17
More Contracts from KBR Wyle Services, LLC
- Bioastronautics Contract-Activities for the Health &productivity of Crews Working and Living in Space — $1.5B (National Aeronautics and Space Administration)
- Fpds-Ng Mission Systems Operations Contract (msoc) — $1.0B (National Aeronautics and Space Administration)
- THE Purpose of This Contract IS to Acquire Engineering Services and Related Services to MSD and Related Organizations Throughout Gsfc, AS Required, for the Formulation, Design, Development, Fabrication, Integration, Testing, Verification, and Operations of Space Flight and Ground System Hardware and Software, Including Development and Validation of NEW Technologies to Enable Future Space and Science Missions. the Engineering Areas of Emphasis ARE Multidisciplinary With Concentration in the Mechanical Engineering Areas of Materials, Structural Analysis and Loads, Mechanical Design, Electromechanical Design, Thermal, Contamination and Coatings, Manufacturing and Integration and Test — $728.5M (National Aeronautics and Space Administration)
- 200106!000121!1700!F7004 !marine Corps Logistics Base !M6700499C0002 !a!n!*!n!p00015 !20010228!20080930!041014242!041014242!139691877!n!honeywell Technology Solutions!7000 Columbia Gateway Driv!columbia !md!21046!35000!031!12!jacksonville !duval !florida !+000004292865!n!n!000000000000!j049!maint & Repair of Eq/Maintenance & Repair Shop EQ !a4a!combat Vehicles !2000!NOT Discernable or Classified !811310!*!*!3! ! !C!*!*!*!B!*!*!A! !A !N!J!2!006!B! !C!Y!Z! ! !N!C!N! ! ! !a!a!a!a!000!a!d!n! ! ! ! ! ! !0001! — $670.1M (Department of Defense)
- Mission Operations Management Services (moms) — $623.8M (National Aeronautics and Space Administration)
Other Department of Defense Contracts
- Federal Contract — $51.3B (Humana Government Business Inc)
- Lrip LOT 12 Advance Acquisition Contract — $35.1B (Lockheed Martin Corporation)
- SSN 802 and 803 Long Lead Time Material — $34.7B (Electric Boat Corporation)
- 200204!008532!1700!AF600 !naval AIR Systems Command !N0001902C3002 !A!N! !N! !20011026!20120430!008016958!008016958!834951691!n!lockheed Martin Corporation !lockheed Blvd !fort Worth !tx!76108!27000!439!48!fort Worth !tarrant !texas !+000026000000!n!n!018981928201!ac15!rdte/Aircraft-Eng/Manuf Develop !a1a!airframes and Spares !2ama!jast/Jsf !336411!E! !3! ! ! ! ! !99990909!B! ! !A! !a!n!r!2!002!n!1a!a!n!z! ! !N!C!N! ! ! !a!a!a!a!000!a!c!n! ! ! !Y! !N00019!0001! — $34.2B (Lockheed Martin Corporation)
- KC-X Modernization Program — $32.0B (THE Boeing Company)