The Contracting Education Academy

Contracting Academy Logo
You are here: Home / Archives for cyberattacks

By

DoD task force addresses the growing threats to critical technology

Amid an alleged campaign of hacking by the Chinese government, efforts are taking place to prevent the exfiltration of data and protect sensitive information that is stored in the U.S. government and the defense-industrial base.

In a memo dated Oct. 24, Secretary of Defense Jim Mattis announced the creation of the Protecting Critical Technology Task Force to safeguard critical American technology.

“Each year, American businesses lose hundreds of billions of dollars while our military superiority is challenged,” Deputy Secretary of Defense Patrick M. Shanahan said in a statement. “Together with our partners in industry, we will use every tool at our disposal to end the loss of intellectual property, technology and data critical to our national security.”

The PCTTF will report to Shanahan and Gen. Paul Selva, the vice chairman of the joint chief of staff. It includes representatives from the Central Intelligence Agency and the Defense Security Service, according to an industry official briefed on the matter.

Keep reading this article at: https://www.fifthdomain.com/dod/2018/11/02/a-new-dod-task-force-addresses-the-growing-threats-to-critical-technology/

By

GAO reviews agency actions in the wake of Equifax data breach

It’s easy to forget that roughly a year ago, Equifax was hacked, which compromised the personal information of roughly 145.5 million individuals.

The scope of the breach was concerning for a number of reasons, not the least of which was the fact that Equifax was providing identity verification services for three federal agencies at the time it was attacked.

In a recent report, GAO reviewed how these agencies responded to the attack. While not making any specific recommendations at this time, GAO’s report does highlight the extent to which federal agencies were not fully prepared for cyberattacks on private contractors.

Prior to the Equifax breach, the IRS, the Social Security Administration, and USPS contracted with Equifax to provide identity verification services. These agencies relied on Equifax’s databases to verify the identities of individuals applying for various services. For example, the IRS used Equifax servers to verify identities for tax return purposes.

Following the Equifax cyberattack, agencies took a variety of steps to assess the situation and make proactive changes to their contracts with Equifax. Foremost was notifying impacted individuals. While there was no breach of agency systems in connection with the Equifax attack, there was nevertheless concern that impacted individuals may have had an increased risk for identity theft. Accordingly, one of the first actions taken by the impacted agencies was to notify impacted individuals.

Keep reading this article at: http://smallgovcon.com/uncategorized/gao-reviews-agency-actions-in-the-wake-of-equifax-data-breach/

By

Paper submittals will soon be required of all SAM.gov registrants

Effective April 27, 2018, the General Services Administration (GSA) will be requiring each entity that wants to renew or update their electronic registration in the System for Award Management (SAM) to mail-in an original, signed notarized letter that confirms the identity of the account’s authorized administrator.

This comes as a follow-up to an announcement make about two and a half weeks ago that GSA is engaged in “an active investigation into alleged third-party fraudulent activity” within SAM.

SAM is essentially the vendor database of the federal government.  GSA is in the process of integrating a total of ten databases within SAM.

At present, before a new SAM entity registration is activated, the entity establishing the new record in SAM must submit an original, signed notarized letter identifying the authorized “entity administrator” who is associated with the entity’s DUNS number.  With GSA’s latest announcement, the notarized letter also will be required of all existing SAM registrants who wish to update or renew their record.

The alleged breach of the SAM database was identified by GSA’s Office of Inspector General (OIG), and there is ongoing concern that vendors’ financial information and points of contact could be exposed.  This creates risk that grant and contract payments could be diverted.

In GSA’s first announcement of the problem, GSA advised that “entities should contact their Federal agency awarding official if they find that payments, which were due their entity from a Federal agency, have been paid to a bank account other than the entity’s bank account.”   SAM contains bank routing information on each entity.  GSA’s advice was later updated to say: “If an entity suspects a payment due them from a Federal agency was paid to a bank account other than their own, they should contact the Federal Service Desk.”

The Federal Service Desk can be contacted by phone at 866-606-8220 (toll free) or 334-206-7828 (internationally), Monday through Friday from 8 a.m. to 8 p.m. (EDT).

The notarized letter, on company stationery, is to be mailed to the Federal Service Desk.  Details for the letter appear at: https://www.fsd.gov/fsd-gov/answer.do?sysparm_kbid=d2e67885db0d5f00b3257d321f96194b&sysparm_search=kb0013183.

Update: GSA has produced a template for the notarized letter.  It is available at: SAM_Notary_Letter_Template_4.12.18_GSA_version

 

By

SAM hacked: New vendor registrations require paper documentation

The General Services Administration reports that there is “an active investigation into alleged third-party fraudulent activity” within the System for Award Management (SAM).

SAM is essentially the vendor database of the federal government.  GSA is in the process of integrating a total of ten databases within SAM.

The alleged breach was identified by GSA’s Office of Inspector General (OIG).  GSA is concerned that vendor’s financial information and points of contact could be exposed.

GSA reports that entities whose financial information has changed within the last year are in the process of being notified and are being advised to validate their registration information, particularly their financial information.  GSA’s notification process began on March 22, 2018.

An “entity” is any company, business, or organization who has registered within SAM as a federal contractor or would-be federal contractor.

In the announcement of the breach, GSA advises that “entities should contact their Federal agency awarding official if they find that payments, which were due their entity from a Federal agency, have been paid to a bank account other than the entity’s bank account.”   SAM contains bank routing information on each entity.

New SAM registration procedures are now in effect, presumably temporarily.  An original, signed notarized letter identifying the authorized Entity Administrator for the entity associated with the DUNS number must be submitted before a new SAM entity registration will be activated.

Update: GSA has produced a template for the notarized letter.  It is available at: SAM_Notary_Letter_Template_4.12.18_GSA_version

Information on GSA’s work-around SAM registration process is detailed on the Federal Service Desk’s web site at: https://www.fsd.gov/fsd-gov/answer.do?sysparm_kbid=d2e67885db0d5f00b3257d321f96194b&sysparm_search=sam

 

By

Pentagon warns CEOs: Protect your data or lose our contracts

The Pentagon is warning defense-industry CEOs to better protect their computer networks or risk losing business.

“The culture we need to get to is that we’re going to defend ourselves and that … we want the bar to be so high that it becomes a condition of doing business,” Deputy Defense Secretary Patrick Shanahan said last week at an industry conference here sponsored by the AFCEA and the U.S.Naval Institute.

Shanahan noted that CEOs would likely be hesitant to “sign a cyber disclosure statement that says everybody you do business with is secure.”

“In areas of safety, protecting your workers, in terms of protecting our data or protecting their information, there should be this standard,” he said after the speech.

Keep reading this article at: http://www.defenseone.com/business/2018/02/pentagon-warns-ceos-protect-your-data-or-lose-our-contracts/145779

A partner organization at Georgia Tech has resources and solutions to help contractors comply with DoD’s cybersecurity requirements.  Find them here: http://gtpac.org/cybersecurity-training-video/ 

Contracting Academy Logo
75 Fifth Street, NW, Suite 300
Atlanta, GA 30308
info@ContractingAcademy.gatech.edu
Phone: 404-894-6109
Fax: 404-410-6885

RSS Twitter