The Contracting Education Academy

Contracting Academy Logo
You are here: Home / Archives for cyberattacks

By

Paper submittals will soon be required of all SAM.gov registrants

Effective April 27, 2018, the General Services Administration (GSA) will be requiring each entity that wants to renew or update their electronic registration in the System for Award Management (SAM) to mail-in an original, signed notarized letter that confirms the identity of the account’s authorized administrator.

This comes as a follow-up to an announcement make about two and a half weeks ago that GSA is engaged in “an active investigation into alleged third-party fraudulent activity” within SAM.

SAM is essentially the vendor database of the federal government.  GSA is in the process of integrating a total of ten databases within SAM.

At present, before a new SAM entity registration is activated, the entity establishing the new record in SAM must submit an original, signed notarized letter identifying the authorized “entity administrator” who is associated with the entity’s DUNS number.  With GSA’s latest announcement, the notarized letter also will be required of all existing SAM registrants who wish to update or renew their record.

The alleged breach of the SAM database was identified by GSA’s Office of Inspector General (OIG), and there is ongoing concern that vendors’ financial information and points of contact could be exposed.  This creates risk that grant and contract payments could be diverted.

In GSA’s first announcement of the problem, GSA advised that “entities should contact their Federal agency awarding official if they find that payments, which were due their entity from a Federal agency, have been paid to a bank account other than the entity’s bank account.”   SAM contains bank routing information on each entity.  GSA’s advice was later updated to say: “If an entity suspects a payment due them from a Federal agency was paid to a bank account other than their own, they should contact the Federal Service Desk.”

The Federal Service Desk can be contacted by phone at 866-606-8220 (toll free) or 334-206-7828 (internationally), Monday through Friday from 8 a.m. to 8 p.m. (EDT).

The notarized letter, on company stationery, is to be mailed to the Federal Service Desk.  Details for the letter appear at: https://www.fsd.gov/fsd-gov/answer.do?sysparm_kbid=d2e67885db0d5f00b3257d321f96194b&sysparm_search=kb0013183.

Update: GSA has produced a template for the notarized letter.  It is available at: SAM_Notary_Letter_Template_4.12.18_GSA_version

 

By

SAM hacked: New vendor registrations require paper documentation

The General Services Administration reports that there is “an active investigation into alleged third-party fraudulent activity” within the System for Award Management (SAM).

SAM is essentially the vendor database of the federal government.  GSA is in the process of integrating a total of ten databases within SAM.

The alleged breach was identified by GSA’s Office of Inspector General (OIG).  GSA is concerned that vendor’s financial information and points of contact could be exposed.

GSA reports that entities whose financial information has changed within the last year are in the process of being notified and are being advised to validate their registration information, particularly their financial information.  GSA’s notification process began on March 22, 2018.

An “entity” is any company, business, or organization who has registered within SAM as a federal contractor or would-be federal contractor.

In the announcement of the breach, GSA advises that “entities should contact their Federal agency awarding official if they find that payments, which were due their entity from a Federal agency, have been paid to a bank account other than the entity’s bank account.”   SAM contains bank routing information on each entity.

New SAM registration procedures are now in effect, presumably temporarily.  An original, signed notarized letter identifying the authorized Entity Administrator for the entity associated with the DUNS number must be submitted before a new SAM entity registration will be activated.

Update: GSA has produced a template for the notarized letter.  It is available at: SAM_Notary_Letter_Template_4.12.18_GSA_version

Information on GSA’s work-around SAM registration process is detailed on the Federal Service Desk’s web site at: https://www.fsd.gov/fsd-gov/answer.do?sysparm_kbid=d2e67885db0d5f00b3257d321f96194b&sysparm_search=sam

 

By

Pentagon warns CEOs: Protect your data or lose our contracts

The Pentagon is warning defense-industry CEOs to better protect their computer networks or risk losing business.

“The culture we need to get to is that we’re going to defend ourselves and that … we want the bar to be so high that it becomes a condition of doing business,” Deputy Defense Secretary Patrick Shanahan said last week at an industry conference here sponsored by the AFCEA and the U.S.Naval Institute.

Shanahan noted that CEOs would likely be hesitant to “sign a cyber disclosure statement that says everybody you do business with is secure.”

“In areas of safety, protecting your workers, in terms of protecting our data or protecting their information, there should be this standard,” he said after the speech.

Keep reading this article at: http://www.defenseone.com/business/2018/02/pentagon-warns-ceos-protect-your-data-or-lose-our-contracts/145779

A partner organization at Georgia Tech has resources and solutions to help contractors comply with DoD’s cybersecurity requirements.  Find them here: http://gtpac.org/cybersecurity-training-video/ 

By

HHS cybersecurity initiative paralyzed by ethics, contracting investigation

A fledgling Health & Human Services (HHS) initiative to protect the nation’s health care system from cyberattack has been paralyzed by the removal of its two top officials amid allegations of favors and ethical improprieties.

The executive running the Health Cybersecurity and Communications Integration Center was put on administrative leave in September, while his deputy left the government. An HHS official says the agency is investigating irregularities and possible fraud in contracts they signed.

The two executives, Leo Scanlon and Maggie Amato, allege they were targeted by disgruntled government employees and private-sector companies worried the cyber center would take away some of their business.

Keep reading this article at: https://www.politico.com/story/2017/11/13/hhs-cybersecurity-initiative-paralyzed-by-ethics-contracting-investigation-244855

By

A bipartisan approach to cyber

As the threat of cyberattacks continues to grow, government officials are asking what can individuals and businesses do to protect themselves.

“We are starting this conversation of when it is time to go on the offensive as it relates to cybersecurity,” said Rep. Tom Graves (R-Ga 14). “This creates a lot of policy, ethics and privacy questions.”

Graves and Rep. Kyrsten Sinema (D-Ariz. 9) heard some answers to those questions during a panel discussion they held at Georgia Tech Monday. The bipartisan event examined how public policy can help people and companies go on the offense to defeat and unmask cyber attackers.

In March, Graves put forth a discussion draft of a bill to allow the use of limited defensive measures to identify and stop attackers. While cyber policy discussions are taking place in Washington, Graves said they wanted to hear from others.

“Quite frankly we’re not satisfied with the direction of where policy has gone as it relates to cybersecurity,” he said.

Monday’s panel allowed for a robust discussion on cybersecurity from a policy perspective, an academic perspective and the private sector perspective.

In addition to Graves and Sinema, the other panelists were:

  • John Lens, a vice president for the Network and Security Business Unit at VMware.
  • Stephen Pair, co-founder and CEO of BitPay.
  • Peter Swire, the Huang Professor of Law and Ethics in the Scheller College of Business.
  • Candace Worley, chief technical strategist for McAfee.

Georgia Tech is a place “where government, industry and universities can come together to talk about some very, very challenging problems in the world,” said Stephen E. Cross, the Institute’s executive vice president for research.

The Institute has been developing cybersecurity solutions for more than 20 years. Tech houses nearly a dozen labs and centers dedicated to cybersecurity, and has more than 450 scientists, faculty and students involved with this research.

Georgia Tech is also home to the Advanced Technology Development Center (ATDC), the state’s technology incubator. ATDC is currently incubating seven companies in the cybersecurity space and assisting 33 entrepreneurs and early-stage startups statewide with entrepreneurial education in cybersecurity.

Source: http://www.news.gatech.edu/2017/05/01/bipartisan-approach-cyber 

Contracting Academy Logo
75 Fifth Street, NW, Suite 300
Atlanta, GA 30308
info@ContractingAcademy.gatech.edu
Phone: 404-894-6109
Fax: 404-410-6885

RSS Twitter