In the wake of massive leakage of sensitive data and information, the US Senate is contemplating about outsourcing its core cyber security support to a managed security service. Currently, it strictly follows an in-house model, but the need to beef up the security and privacy services has gained a paramount importance, and the senate has taken note.
The outsourcing route is one of two options currently under consideration by the Senate. The other option is to stick mostly with the status quo, which is to procure the support services using a combination of contractor-supplied resources and in-house personnel, equipment, and security operating centres.
The only significant support functions which are unlikely to be outsourced or moved are quality assurance management, contractor supervision, program management, technology assessment, and security policies and standards. So, candidates will be tasked with network security monitoring, threat analysis, incident reporting, vulnerability analysis, and security engineering and research.
Though nothing has been confirmed yet, it is evident that the Senate intends to exercise as much control as possible on any security outsourcing arrangement. It is not yet known when this outsourcing will get underway, and in fact whether it will even see the light of the day. At this stage it can only be fit to consider this as one of the options being explored by the Senate, though doubt and reluctance stays in many quarters.