HHS awards $21.9M for cybersecurity tech, including identity and information protection
Contract Overview
Contract Amount: $21,869,351 ($21.9M)
Contractor: Copper River Enterprise Services, LLC
Awarding Agency: Department of Health and Human Services
Start Date: 2016-09-29
End Date: 2018-09-29
Contract Duration: 730 days
Daily Burn Rate: $30.0K/day
Competition Type: NOT AVAILABLE FOR COMPETITION
Number of Offers Received: 1
Pricing Type: TIME AND MATERIALS
Sector: IT
Official Description: IGF::OT::IGF - IMPLEMENTATION OF THREE CYBERSECURITY TECHNOLOGY SOLUTIONS (INFORMATION PROTECTION LOGGING AND EVENT MANAGEMENT IDENTITY MANAGEMENT DERIVED CREDENTIALS)
Place of Performance
Location: SILVER SPRING, MONTGOMERY County, MARYLAND, 20903
State: Maryland Government Spending
Plain-Language Summary
Department of Health and Human Services obligated $21.9 million to COPPER RIVER ENTERPRISE SERVICES, LLC for work described as: IGF::OT::IGF - IMPLEMENTATION OF THREE CYBERSECURITY TECHNOLOGY SOLUTIONS (INFORMATION PROTECTION LOGGING AND EVENT MANAGEMENT IDENTITY MANAGEMENT DERIVED CREDENTIALS) Key points: 1. Contract focuses on critical cybersecurity infrastructure for health data protection. 2. The award was not competed, raising questions about potential cost savings. 3. The contract duration of two years suggests a need for ongoing support. 4. The specific services include logging, event management, and identity management. 5. The contractor, Copper River Enterprise Services, LLC, has experience in IT services. 6. The contract type is Time and Materials, which can lead to cost overruns if not managed carefully.
Value Assessment
Rating: fair
The contract value of $21.9 million over two years for cybersecurity implementation appears to be within a reasonable range for the scope of services. However, without a competitive bidding process, it is difficult to benchmark the pricing against market rates or identify potential cost savings. The Time and Materials pricing structure introduces a degree of uncertainty regarding the final cost, as it is dependent on the hours worked and resources utilized. Further analysis would be needed to compare specific technology solutions and implementation costs with similar government or private sector contracts.
Cost Per Unit: N/A
Competition Analysis
Competition Level: sole-source
This contract was awarded on a sole-source basis, meaning it was not open to competition from other vendors. This approach is typically used when a specific vendor possesses unique capabilities or when there is an urgent need that cannot be met through a competitive process. The lack of competition means that the government did not benefit from the price discovery and potential cost reductions that typically arise from multiple bids. This raises concerns about whether the government secured the best possible value for its investment.
Taxpayer Impact: Taxpayers may have paid a premium due to the absence of competitive bidding. Without competing offers, there is less assurance that the price reflects the most economical option available in the market.
Public Impact
The Food and Drug Administration (FDA) is the primary beneficiary, enhancing its cybersecurity posture. Services delivered include implementation of information protection, logging, event management, and identity management solutions. The geographic impact is primarily within the FDA's operational centers, likely in Maryland. The contract supports IT professionals and cybersecurity specialists involved in the implementation and maintenance of these systems.
Waste & Efficiency Indicators
Waste Risk Score: 50 / 10
Warning Flags
- Sole-source award limits price competition and potential taxpayer savings.
- Time and Materials contract type carries inherent risk of cost escalation without strict oversight.
- Lack of detailed performance metrics in the provided data makes assessing effectiveness challenging.
Positive Signals
- Addresses critical cybersecurity needs for a key health regulatory agency.
- Contractor has experience in relevant IT and cybersecurity domains.
- Awarded to support specific, defined technology solutions for information protection and identity management.
Sector Analysis
This contract falls within the broader Information Technology (IT) services sector, specifically focusing on cybersecurity solutions. The market for cybersecurity services is robust and growing, driven by increasing threats to sensitive data. The FDA's need for advanced information protection and identity management aligns with industry trends towards zero-trust architectures and enhanced data security. Comparable spending benchmarks for similar cybersecurity implementations within federal agencies can vary widely based on the complexity and scale of the solutions deployed.
Small Business Impact
This contract does not appear to have a small business set-aside component, as indicated by 'sb': false. There is no information provided regarding subcontracting plans for small businesses. The absence of a set-aside suggests that the primary award was not specifically targeted to encourage small business participation, which could limit opportunities for smaller firms in this particular procurement.
Oversight & Accountability
Oversight for this contract would typically be managed by the contracting officer and the program office within the FDA. The Time and Materials contract type necessitates diligent oversight to monitor labor hours, material costs, and overall project progress to prevent cost overruns. Transparency regarding the specific deliverables and performance metrics would be crucial for effective accountability. Inspector General jurisdiction would apply if any fraud, waste, or abuse were suspected.
Related Government Programs
- Cybersecurity Technology Implementation
- Information Protection Solutions
- Identity Management Systems
- Health Data Security
- Federal IT Services
Risk Flags
- Sole-source award
- Time and Materials contract type
- Potential for cost overruns
- Lack of competitive benchmarking
Tags
it, cybersecurity, health-and-human-services, food-and-drug-administration, delivery-order, time-and-materials, sole-source, information-technology-consulting, maryland, medium-value
Frequently Asked Questions
What is this federal contract paying for?
Department of Health and Human Services awarded $21.9 million to COPPER RIVER ENTERPRISE SERVICES, LLC. IGF::OT::IGF - IMPLEMENTATION OF THREE CYBERSECURITY TECHNOLOGY SOLUTIONS (INFORMATION PROTECTION LOGGING AND EVENT MANAGEMENT IDENTITY MANAGEMENT DERIVED CREDENTIALS)
Who is the contractor on this award?
The obligated recipient is COPPER RIVER ENTERPRISE SERVICES, LLC.
Which agency awarded this contract?
Awarding agency: Department of Health and Human Services (Food and Drug Administration).
What is the total obligated amount?
The obligated amount is $21.9 million.
What is the period of performance?
Start: 2016-09-29. End: 2018-09-29.
What is the track record of Copper River Enterprise Services, LLC with the federal government, particularly in cybersecurity contracts?
Copper River Enterprise Services, LLC has a history of performing various IT and professional services contracts with the federal government. While specific details on their cybersecurity contract performance require deeper investigation into contract databases like FPDS-NG, their presence in this award suggests they possess relevant capabilities. A thorough review would involve examining past performance evaluations, any reported issues or successes on similar projects, and their overall financial stability. Understanding their experience with the specific technologies mentioned (logging, event management, identity management) is crucial for assessing their suitability and the potential risks associated with this contract.
How does the $21.9 million contract value compare to similar cybersecurity technology implementations within the FDA or other health agencies?
Benchmarking this $21.9 million contract value against similar cybersecurity technology implementations requires access to detailed data on comparable projects. Factors such as the scope of services (e.g., specific modules implemented, number of users supported, data volume), the duration of the contract, and the specific technologies chosen significantly influence cost. Without more granular information on the FDA's specific requirements and the solutions deployed, a direct comparison is challenging. However, for a two-year implementation of advanced identity and information protection systems within a large federal agency, this value appears to be within a plausible range, though the lack of competition prevents definitive value assessment.
What are the primary risks associated with a sole-source, Time and Materials contract for cybersecurity implementation?
The primary risks associated with a sole-source, Time and Materials (T&M) contract for cybersecurity implementation are twofold. Firstly, the sole-source nature eliminates competitive pressure, potentially leading to higher prices than could be achieved through open bidding. This lack of competition reduces the government's leverage in price negotiations. Secondly, the T&M structure means the contractor is reimbursed for actual labor hours and material costs, plus a fee. This can incentivize longer project durations or inefficient resource allocation if not rigorously monitored, leading to cost overruns and potentially exceeding the initially estimated value. Effective oversight, clear performance metrics, and strong contract management are critical to mitigate these risks.
What is the expected effectiveness of the implemented cybersecurity solutions in protecting sensitive health data?
The expected effectiveness of the implemented cybersecurity solutions hinges on several factors beyond the contract award itself. The contract specifies the implementation of 'Information Protection Logging and Event Management' and 'Identity Management Derived Credentials.' These are foundational elements for robust cybersecurity. Effective logging and event management enable detection and response to threats, while strong identity management ensures only authorized personnel access sensitive data. The success will depend on the quality of the chosen technologies, the expertise of the implementation team (Copper River Enterprise Services, LLC), the thoroughness of the configuration, and the ongoing operational processes and vigilance of the FDA's IT security staff. Regular audits and performance monitoring will be key indicators of effectiveness.
How has federal spending on cybersecurity technology solutions evolved, and where does this contract fit within that trend?
Federal spending on cybersecurity technology solutions has seen a consistent and significant upward trend over the past decade, driven by increasing cyber threats, evolving regulatory requirements, and the digitization of government operations. Agencies are investing heavily in areas like threat detection, data loss prevention, identity and access management, and cloud security. This $21.9 million contract for the FDA fits within this broader trend, representing a specific investment in critical infrastructure protection. It aligns with the government's overall strategy to enhance its cyber defenses and safeguard sensitive information, particularly within health and human services sectors where data breaches can have severe consequences.
Industry Classification
NAICS: Professional, Scientific, and Technical Services › Management, Scientific, and Technical Consulting Services › Other Scientific and Technical Consulting Services
Product/Service Code: IT AND TELECOM - INFORMATION TECHNOLOGY AND TELECOMMUNICATIONS › ADP AND TELECOMMUNICATIONS
Competition & Pricing
Extent Competed: NOT AVAILABLE FOR COMPETITION
Solicitation Procedures: ONLY ONE SOURCE
Offers Received: 1
Pricing Type: TIME AND MATERIALS (Y)
Evaluated Preference: NONE
Contractor Details
Parent Company: Alaska Native Government Services,LLC (UEI: 144280943)
Address: 1577 C ST STE 201, ANCHORAGE, AK, 99501
Business Categories: Category Business, Corporate Entity Tax Exempt, Limited Liability Corporation, Minority Owned Business, Native American Owned Business, Self-Certified Small Disadvantaged Business, Small Business, Special Designations, Tribally Owned Firm, U.S.-Owned Business
Financial Breakdown
Contract Ceiling: $21,949,009
Exercised Options: $21,869,351
Current Obligation: $21,869,351
Contract Characteristics
Multi-Year Contract: Yes
Commercial Item: COMMERCIAL ITEM PROCEDURES NOT USED
Cost or Pricing Data: NO
Parent Contract
Parent Award PIID: HHSF223201610030I
IDV Type: IDC
Timeline
Start Date: 2016-09-29
Current End Date: 2018-09-29
Potential End Date: 2018-09-29 00:00:00
Last Modified: 2019-04-15
More Contracts from Copper River Enterprise Services, LLC
- Ca-Broadcom Software Maintenance — $20.0M (Department of Agriculture)
- Conference Support — $19.7M (Department of State)
- This Contract Provides Engineering Support Services — $12.5M (Department of State)
- Professional Support to Overseas School — $2.0M (Department of State)
View all Copper River Enterprise Services, LLC federal contracts →
Other Department of Health and Human Services Contracts
- Contact Center Operations (CCO) — $5.5B (Maximus Federal Services, Inc.)
- TAS::75 0849::TAS Oper of Govt R&D Goco Facilities — $4.8B (Leidos Biomedical Research Inc)
- THE Purpose of This Contract IS to Provide the Full Complement of Services Necessary to Care for UC in ORR Custody Including Facilities Set-Up, Maintenance, and Support Internal and Perimeter (IF Applicable) Security, Direct Care and Supervision Inc — $3.5B (Rapid Deployment Inc)
- Contact Center Operations — $2.6B (Maximus Federal Services, Inc.)
- Federal Contract — $2.4B (Leidos Biomedical Research Inc)
View all Department of Health and Human Services contracts →