The Federal Aviation Administration is renewing the contract with its cybersecurity support vendor but only long enough to put together a solicitation for a new contractor.
The FAA extended its contract with SRI International to manage its security operations center (SOC) in Fairfax, Virginia, which was set to expire on Feb. 29. The extension pushes the expiration date out another six months, with an additional three-month add-on option.
The agency wants to make sure it has enough time to do a full competition and sign a long-term contract that will service all of its cybersecurity needs.
"The purpose of the bridge contract action is to avoid a discontinuation of services while planning for a new competitive procurement," FAA said in a notice on FedBizOpps. The agency plans to have a RFP out in February and a new contractor awarded and onboarded by the end of November.
In the extension notice, the FAA noted it suffered a cyberattack in February 2015. The agency's networks were infected with malware, though no sensitive information was exfiltrated and no long-term damage done, according to reports.
Nevertheless, the agency doesn't want to be a victim again and is looking for a partner that can provide comprehensive cybersecurity management.
"After a cyber-event took place in 2015, the FAA has been working to improve upon the cybersecurity requirements for the follow-on competition to ensure the FAA is afforded the appropriate level of protection for continued operations," the notice states.
Aaron Boyd is an awarding-winning journalist currently serving as editor of Federal Times — a Washington, D.C. institution covering federal workforce and contracting for more than 50 years — and Fifth Domain — a news and information hub focused on cybersecurity and cyberwar from a civilian, military and international perspective.
