Machiavelli — yes, that Machiavelli — knew a thing or two about working with a powerful government. In his most well-known writings, Machiavelli opined on both the application of power and importance of intellect when addressing that power. To be sure, in his 1521 treatise “The Art of War,” the tactician warns forces facing a government to be wary if all is not as it seems:
If the [government] puts some booty before you, you ought to believe that within it there is a hook and that it conceals some trick … you should never believe that the [government] does not know how to carry on his affairs.”
Against this ominous paraphrase, let’s take a look at the cyber battlefield. On Aug. 17, 2016, the General Services Administration revealed what may well qualify as one of Machiavelli’s booty-encrusted hooks — a solicitation for four new special item numbers (SINs) intended to give federal agencies a new way to buy cybersecurity services called, collectively, Highly Adaptive Cybersecurity Services, or HACS. (I can only assume the acronym is intentional.) Although intended to have been included in the GSA’s Multiple Award Schedule 70 (IT Schedule 70) solicitation by Sept. 1, these services are expected to be included in the upcoming refresh and include:
- Penetration Testing under SIN 132-45A
- Incident Response under SIN 132-45B
- Cyber Hunt under SIN 132-45C
- Risk and Vulnerability Assessment under SIN 132-45D
The GSA anticipates the inclusion of these new SINs will improve the way government customers can acquire cybersecurity services through IT Schedule 70, while allowing industry the opportunity to differentiate their cybersecurity services from other IT-related services. Moreover, the new SINs will be subject to “cooperative purchasing” — meaning that state, local and tribal governments can also order these services.