December 5, 2012

Reading through the TSP’s budget plan for FY2013, I came across the following interesting “mission critical” “initiative” on the part of TSP administrators:

“We intend to modify existing Data Center and Infrastructure Support contracts to increase the scope of work, to include the creation of a security and network operations team with the capability to detect, track and react to threats to our security and network operations…Further, we intend to award an independent support contract for the Chief Information Security Officer. These changes will increase recordkeeping costs by $3.6 million for this fiscal year.” (Italics added for emphasis.)

So following all the security issues identified in multiple independent audits – not to mention the Serco hacking incident – TSP administrators will be able to “detect” and “react to threats to (TSP) security and network operations…” starting next year. If I had to guess, this will most likely be fully implemented in conjunction with the awarding of the TESS contract – towards the end of 2013 at the earliest – but hey, better late than never right?

Based on the apparent continuing lack of a fully secure online environment, we have to wonder if there are any other security issues that have hit TSP operations that we just don’t know about yet, since the budget document suggests that there still is no robust “capability to detect, track and react to threats to our security and network operations.”

The full memorandum on the 2013 and 2014 budget is here, and the “mission critical” initiative is on page 7.