DHS awards $92.4M for TSA IT security, with General Dynamics leading verification and validation services

Contract Overview

Contract Amount: $92,457,762 ($92.5M)

Contractor: General Dynamics Information Technology, Inc.

Awarding Agency: Department of Homeland Security

Start Date: 2009-02-25

End Date: 2014-10-12

Contract Duration: 2,055 days

Daily Burn Rate: $45.0K/day

Competition Type: COMPETITIVE DELIVERY ORDER

Number of Offers Received: 2

Pricing Type: FIRM FIXED PRICE

Sector: IT

Official Description: THIS TASK ORDER OCCURS UNDER THE U.S. DEPT. OF HOMELAND SECURITY (DHS) ENTERPRISE ACQUISITION GATEWAY FOR LEADING EDGE SOLUTIONS (EAGLE) CONTRACT. THE TO REQUIREMENT CALLS FOR INDEPENDENT VERIFICATION AND VALIDATION SERVICES BASED IN A SECURITY OPERATIONS CENTER FOR THE TSA OFFICE OF INFORMATION TECHNOLOGY (OIT). AMONG THE PRIMARY FUNCTIONS OF THE SOC IS MONITORING SECURITY DEVICES DEPLOYED ON THE TSA IT INFRASTRUCTURE IN PROTECTING IT AGAINST BREACHES, INTRUSIONS, POLICY VIOLATIONS AND ATTACKS.

Place of Performance

Location: ASHBURN, LOUDOUN County, VIRGINIA, 20147

State: Virginia Government Spending

Plain-Language Summary

Department of Homeland Security obligated $92.5 million to GENERAL DYNAMICS INFORMATION TECHNOLOGY, INC. for work described as: THIS TASK ORDER OCCURS UNDER THE U.S. DEPT. OF HOMELAND SECURITY (DHS) ENTERPRISE ACQUISITION GATEWAY FOR LEADING EDGE SOLUTIONS (EAGLE) CONTRACT. THE TO REQUIREMENT CALLS FOR INDEPENDENT VERIFICATION AND VALIDATION SERVICES BASED IN A SECURITY OPERATIONS CENTER FOR THE TSA OFFIC… Key points: 1. The contract focuses on critical Independent Verification and Validation (IV&V) services for TSA's IT infrastructure. 2. Services include monitoring security devices to protect against breaches, intrusions, policy violations, and attacks. 3. This task order was issued under the broader DHS EAGLE contract, indicating a pre-established framework. 4. The firm-fixed-price contract type suggests predictable costs for the government. 5. General Dynamics Information Technology, Inc. is the incumbent contractor for these services. 6. The contract duration spans over 5 years, from February 2009 to October 2014. 7. The North American Industry Classification System (NAICS) code 541512 points to Computer Systems Design Services. 8. The contract was awarded as a competitive delivery order, suggesting multiple bids were considered.

Value Assessment

Rating: good

The total award of $92.4 million over approximately 5.7 years for IV&V services for TSA's IT infrastructure appears reasonable given the critical nature of cybersecurity. Benchmarking against similar large-scale IT security contracts is challenging without more granular data on specific services and deliverables. However, the firm-fixed-price structure provides cost certainty. The contract's value is substantial, reflecting the complexity and importance of securing national transportation IT systems.

Cost Per Unit: N/A

Competition Analysis

Competition Level: full-and-open

This was a competitive delivery order, indicating that the requirement was competed under the DHS EAGLE contract vehicle. While the specific number of bidders is not provided, the 'full-and-open' competition designation suggests that a broad range of qualified vendors had the opportunity to bid. This level of competition is generally expected to drive better pricing and service quality.

Taxpayer Impact: A competitive award process helps ensure that taxpayer funds are used efficiently by fostering a market-driven price for essential IT security services.

Public Impact

The primary beneficiaries are the Transportation Security Administration (TSA) and the Department of Homeland Security (DHS), which receive enhanced IT security. Services delivered include continuous monitoring, threat detection, and validation of security controls for TSA's IT infrastructure. The geographic impact is national, as TSA's IT systems support operations across the United States. The contract supports a workforce skilled in cybersecurity, IT systems design, and security operations.

Waste & Efficiency Indicators

Waste Risk Score: 50 / 10

Warning Flags

Potential for vendor lock-in if services are highly specialized and integrated.
Reliance on a single contractor for critical security monitoring could pose risks if performance degrades.
The long duration of the contract might lead to less agile adaptation to evolving cyber threats without careful management.

Positive Signals

The competitive award process suggests a strong initial selection based on merit and price.
The firm-fixed-price contract provides budget predictability for the government.
The contract is part of a larger DHS framework (EAGLE), potentially streamlining oversight and integration.
General Dynamics' incumbency may indicate a proven track record of delivering these specific services.

Sector Analysis

This contract falls within the Computer Systems Design Services sector, a critical component of the broader IT services industry. The market for cybersecurity and IT infrastructure monitoring is substantial and growing, driven by increasing digital threats. This contract represents a significant investment by a major federal agency in safeguarding sensitive national infrastructure. Comparable spending benchmarks would typically involve other large federal IV&V or cybersecurity support contracts for critical infrastructure.

Small Business Impact

The provided data does not indicate any specific small business set-aside provisions or subcontracting requirements for this particular delivery order. As it was awarded under the DHS EAGLE contract, the overall EAGLE program may have small business goals, but the specifics for this task order are not detailed here. Further analysis would be needed to determine the extent of small business participation.

Oversight & Accountability

Oversight for this contract would likely be managed by the TSA Office of Information Technology (OIT) and potentially the DHS Office of the Inspector General, given the nature of the services. The EAGLE contract vehicle itself likely has established oversight mechanisms. Transparency is generally facilitated through contract award databases and reporting requirements, though specific performance metrics and audit details may not be publicly available.

Related Government Programs

DHS EAGLE Contract
TSA IT Modernization Programs
Federal Cybersecurity Initiatives
Computer Systems Design Services Contracts
IT Infrastructure Support Services

Risk Flags

Potential for performance issues in critical security monitoring.
Risk of vendor lock-in due to specialized services.
Need for continuous adaptation to evolving cyber threats.
Ensuring adequate small business participation if subcontracting is involved.

Frequently Asked Questions

What is this federal contract paying for?

Department of Homeland Security awarded $92.5 million to GENERAL DYNAMICS INFORMATION TECHNOLOGY, INC.. THIS TASK ORDER OCCURS UNDER THE U.S. DEPT. OF HOMELAND SECURITY (DHS) ENTERPRISE ACQUISITION GATEWAY FOR LEADING EDGE SOLUTIONS (EAGLE) CONTRACT. THE TO REQUIREMENT CALLS FOR INDEPENDENT VERIFICATION AND VALIDATION SERVICES BASED IN A SECURITY OPERATIONS CENTER FOR THE TSA OFFICE OF INFORMATION TECHNOLOGY (OIT). AMONG THE PRIMARY FUNCTIONS OF THE SOC IS MONITORING SECURITY DEVICES DEPLOYED ON THE TSA IT INFRASTRUCTURE IN PROTECTING IT AGAINST BREACHES, INTRUSIONS, POLICY VIOLATIONS AND ATTACKS

Who is the contractor on this award?

The obligated recipient is GENERAL DYNAMICS INFORMATION TECHNOLOGY, INC..

Which agency awarded this contract?

Awarding agency: Department of Homeland Security (Transportation Security Administration).

What is the total obligated amount?

The obligated amount is $92.5 million.

What is the period of performance?

Start: 2009-02-25. End: 2014-10-12.

What is the track record of General Dynamics Information Technology, Inc. in providing similar IT security and IV&V services to federal agencies?

General Dynamics Information Technology (GDIT) has a long history of providing IT services, including cybersecurity, to various federal agencies. Their experience often encompasses large-scale system integration, network security, and mission-critical support. For TSA specifically, their incumbency on this IV&V contract suggests a demonstrated ability to meet the agency's unique security requirements. GDIT's broader portfolio includes support for defense, intelligence, and civilian agencies, indicating a wide range of relevant expertise. However, a comprehensive assessment would require reviewing past performance evaluations, any contract disputes, and client satisfaction feedback across their federal engagements.

How does the $92.4 million award compare to other federal contracts for similar IT security and IV&V services?

The $92.4 million award over approximately 5.7 years for TSA's IT security IV&V services is a significant sum, reflecting the critical nature and scale of the requirement. Comparing it directly to other contracts is complex due to variations in scope, duration, specific services (e.g., penetration testing vs. continuous monitoring), and the agencies involved. However, large federal cybersecurity support contracts often range in the tens to hundreds of millions of dollars. For instance, other agencies like the Department of Defense or the IRS procure substantial cybersecurity support. The value here seems aligned with major federal IT security investments, particularly for an agency like TSA which handles sensitive national security-related data and operations.

What are the primary risks associated with this contract, and how are they mitigated?

Key risks include potential performance failures in critical security monitoring, leading to vulnerabilities; over-reliance on a single vendor; and the possibility of the contractor's technology or processes becoming outdated relative to evolving cyber threats. Mitigation strategies likely involve robust Service Level Agreements (SLAs) within the contract, regular performance reviews, potential for independent audits, and the government's ability to exercise contract options or transition services if performance is unsatisfactory. The competitive nature of the award also serves as an initial risk mitigation by selecting a vendor based on demonstrated capability. Furthermore, the contract being under the DHS EAGLE vehicle may provide additional layers of oversight and standardized procedures.

How effective are IV&V services in enhancing the overall cybersecurity posture of an organization like TSA?

Independent Verification and Validation (IV&V) services are crucial for enhancing an organization's cybersecurity posture by providing an objective assessment of IT systems and security controls. Unlike internal teams who may have inherent biases or limited perspectives, IV&V providers offer an external viewpoint to identify weaknesses, compliance gaps, and potential vulnerabilities that might be overlooked. For TSA, this means ensuring that their security devices and operational procedures are effectively protecting against threats. The continuous monitoring aspect is particularly vital in today's rapidly changing threat landscape. Effective IV&V contributes to a more resilient and secure IT environment, reducing the likelihood and impact of successful cyberattacks.

What are the historical spending patterns for IT security and IV&V services within TSA or DHS?

Historical spending on IT security and IV&V within TSA and DHS has generally trended upwards over the years, reflecting the increasing sophistication of cyber threats and the growing reliance on digital infrastructure. Agencies like TSA, responsible for critical national security functions, consistently allocate significant portions of their IT budgets to security. While specific historical figures for this exact IV&V service are tied to this contract's duration (2009-2014), broader DHS and TSA IT security spending has seen substantial growth. This trend is mirrored across the federal government as agencies grapple with evolving cyber risks and regulatory requirements, often leading to multi-year, high-value contracts for specialized security services.

What is the significance of the contract being awarded under the DHS EAGLE contract vehicle?

The significance of this task order being awarded under the DHS EAGLE (Enterprise Acquisition Gateway for Leading Edge Solutions) contract vehicle is that it leverages a pre-competed, Indefinite Delivery/Indefinite Quantity (IDIQ) contract. This means that DHS has already vetted and established a pool of vendors capable of providing IT solutions. Using EAGLE streamlines the procurement process for individual task orders like this one, potentially reducing acquisition lead times and administrative burden. It also implies that GDIT was one of the pre-qualified vendors under the EAGLE program, and this delivery order represents a specific call for services within that established framework, likely adhering to pre-negotiated terms and conditions.

Industry Classification

NAICS: Professional, Scientific, and Technical Services › Computer Systems Design and Related Services › Computer Systems Design Services

Product/Service Code: IT AND TELECOM - INFORMATION TECHNOLOGY AND TELECOMMUNICATIONS › ADP AND TELECOMMUNICATIONS

Competition & Pricing

Extent Competed: COMPETITIVE DELIVERY ORDER

Solicitation Procedures: NEGOTIATED PROPOSAL/QUOTE

Offers Received: 2

Pricing Type: FIRM FIXED PRICE (J)

Evaluated Preference: NONE

Contractor Details

Parent Company: Sterling Parent Inc. (UEI: 968838909)

Address: 4300 FAIR LAKES CT, FAIRFAX, VA, 22033

Business Categories: Category Business, Not Designated a Small Business

Financial Breakdown

Contract Ceiling: $92,457,762

Exercised Options: $92,457,762

Current Obligation: $92,457,762

Contract Characteristics

Commercial Item: COMMERCIAL ITEM PROCEDURES NOT USED

Parent Contract

Parent Award PIID: HSHQDC06D00038

IDV Type: IDC

Timeline