The Department of Health and Human Services inspector general is in pursuit of information about cyberthreat-hunting software.

The OIG issued a request-for-information on Nov. 29 to get private sector insight on what software solutions it might employ in a cybersecurity initiative underway.

Related: Read the RFI

"Security of electronic information is of the utmost importance, and some networks and systems may not have the necessary safeguards or could be vulnerable to external and internal attacks or threats," the RFI said.

"OIG currently engages in cyber assessments of HHS and its operating divisions' networks and systems. HHS has 11 operating divisions, including eight agencies in the U.S. Public Health Service and three human services agencies. These divisions administer a wide variety of health and human services and conduct life-saving research for the nation, protecting and serving all Americans."

The RFI is seeking information on software programs that have a number of capabilities, including identifying:

  • Attack indicators like beaconing
  • Connections to malicious domains
  • Unauthorized reconnaissance and scanning of ports, services, or scans searching for vulnerabilities
  • Suspicious URLs
  • Concurrent logins to several systems

The software solution would also need to analyze logs, network traffic and hosts/endpoints, as well as be able to "to correlate threats detected to cyber kill chain attack phases in order to reveal the progression of an attack."

The HHS OIG said in the RFI that the system needs to be scalable to run on Petabyte-styled datasets and at Gigabit speeds and include support staff and IT helpdesk-style capabilities.

The deadline for RFI responses is Dec. 13 at 2 p.m. and must be submitted electronically.

For more information, contact Tory Estabrook at Tory.Estabrook@psc.hhs.gov.

Share:
In Other News
Load More