The Contracting Education Academy

Contracting Academy Logo
  • Home
  • Training & Education
  • Services
  • Contact Us
You are here: Home / Archives for cyberattacks

November 8, 2018 By AMK

DoD task force addresses the growing threats to critical technology

Amid an alleged campaign of hacking by the Chinese government, efforts are taking place to prevent the exfiltration of data and protect sensitive information that is stored in the U.S. government and the defense-industrial base.

In a memo dated Oct. 24, Secretary of Defense Jim Mattis announced the creation of the Protecting Critical Technology Task Force to safeguard critical American technology.

“Each year, American businesses lose hundreds of billions of dollars while our military superiority is challenged,” Deputy Secretary of Defense Patrick M. Shanahan said in a statement. “Together with our partners in industry, we will use every tool at our disposal to end the loss of intellectual property, technology and data critical to our national security.”

The PCTTF will report to Shanahan and Gen. Paul Selva, the vice chairman of the joint chief of staff. It includes representatives from the Central Intelligence Agency and the Defense Security Service, according to an industry official briefed on the matter.

Keep reading this article at: https://www.fifthdomain.com/dod/2018/11/02/a-new-dod-task-force-addresses-the-growing-threats-to-critical-technology/

Filed Under: Government Contracting News Tagged With: CIA, cyberattacks, cybersecurity, cyberthreat, DoD, DSS, hackers, intellectual property, technology

October 12, 2018 By AMK

GAO reviews agency actions in the wake of Equifax data breach

It’s easy to forget that roughly a year ago, Equifax was hacked, which compromised the personal information of roughly 145.5 million individuals.

The scope of the breach was concerning for a number of reasons, not the least of which was the fact that Equifax was providing identity verification services for three federal agencies at the time it was attacked.

In a recent report, GAO reviewed how these agencies responded to the attack. While not making any specific recommendations at this time, GAO’s report does highlight the extent to which federal agencies were not fully prepared for cyberattacks on private contractors.

Prior to the Equifax breach, the IRS, the Social Security Administration, and USPS contracted with Equifax to provide identity verification services. These agencies relied on Equifax’s databases to verify the identities of individuals applying for various services. For example, the IRS used Equifax servers to verify identities for tax return purposes.

Following the Equifax cyberattack, agencies took a variety of steps to assess the situation and make proactive changes to their contracts with Equifax. Foremost was notifying impacted individuals. While there was no breach of agency systems in connection with the Equifax attack, there was nevertheless concern that impacted individuals may have had an increased risk for identity theft. Accordingly, one of the first actions taken by the impacted agencies was to notify impacted individuals.

Keep reading this article at: http://smallgovcon.com/uncategorized/gao-reviews-agency-actions-in-the-wake-of-equifax-data-breach/

Filed Under: Government Contracting News Tagged With: cyberattacks, cybersecurity, data breach, Equifax, GAO, hack, IRS, Social Security Administration, USPS

April 9, 2018 By AMK

Paper submittals will soon be required of all SAM.gov registrants

Effective April 27, 2018, the General Services Administration (GSA) will be requiring each entity that wants to renew or update their electronic registration in the System for Award Management (SAM) to mail-in an original, signed notarized letter that confirms the identity of the account’s authorized administrator.

This comes as a follow-up to an announcement make about two and a half weeks ago that GSA is engaged in “an active investigation into alleged third-party fraudulent activity” within SAM.

SAM is essentially the vendor database of the federal government.  GSA is in the process of integrating a total of ten databases within SAM.

At present, before a new SAM entity registration is activated, the entity establishing the new record in SAM must submit an original, signed notarized letter identifying the authorized “entity administrator” who is associated with the entity’s DUNS number.  With GSA’s latest announcement, the notarized letter also will be required of all existing SAM registrants who wish to update or renew their record.

The alleged breach of the SAM database was identified by GSA’s Office of Inspector General (OIG), and there is ongoing concern that vendors’ financial information and points of contact could be exposed.  This creates risk that grant and contract payments could be diverted.

In GSA’s first announcement of the problem, GSA advised that “entities should contact their Federal agency awarding official if they find that payments, which were due their entity from a Federal agency, have been paid to a bank account other than the entity’s bank account.”   SAM contains bank routing information on each entity.  GSA’s advice was later updated to say: “If an entity suspects a payment due them from a Federal agency was paid to a bank account other than their own, they should contact the Federal Service Desk.”

The Federal Service Desk can be contacted by phone at 866-606-8220 (toll free) or 334-206-7828 (internationally), Monday through Friday from 8 a.m. to 8 p.m. (EDT).

The notarized letter, on company stationery, is to be mailed to the Federal Service Desk.  Details for the letter appear at: https://www.fsd.gov/fsd-gov/answer.do?sysparm_kbid=d2e67885db0d5f00b3257d321f96194b&sysparm_search=kb0013183.

Update: GSA has produced a template for the notarized letter.  It is available at: SAM_Notary_Letter_Template_4.12.18_GSA_version

 

Filed Under: Government Contracting News Tagged With: breach, cyber incidents, cyberattacks, financial risk, fraud, GSA, hack, SAM, vendor registration

March 23, 2018 By AMK

SAM hacked: New vendor registrations require paper documentation

The General Services Administration reports that there is “an active investigation into alleged third-party fraudulent activity” within the System for Award Management (SAM).

SAM is essentially the vendor database of the federal government.  GSA is in the process of integrating a total of ten databases within SAM.

The alleged breach was identified by GSA’s Office of Inspector General (OIG).  GSA is concerned that vendor’s financial information and points of contact could be exposed.

GSA reports that entities whose financial information has changed within the last year are in the process of being notified and are being advised to validate their registration information, particularly their financial information.  GSA’s notification process began on March 22, 2018.

An “entity” is any company, business, or organization who has registered within SAM as a federal contractor or would-be federal contractor.

In the announcement of the breach, GSA advises that “entities should contact their Federal agency awarding official if they find that payments, which were due their entity from a Federal agency, have been paid to a bank account other than the entity’s bank account.”   SAM contains bank routing information on each entity.

New SAM registration procedures are now in effect, presumably temporarily.  An original, signed notarized letter identifying the authorized Entity Administrator for the entity associated with the DUNS number must be submitted before a new SAM entity registration will be activated.

Update: GSA has produced a template for the notarized letter.  It is available at: SAM_Notary_Letter_Template_4.12.18_GSA_version

Information on GSA’s work-around SAM registration process is detailed on the Federal Service Desk’s web site at: https://www.fsd.gov/fsd-gov/answer.do?sysparm_kbid=d2e67885db0d5f00b3257d321f96194b&sysparm_search=sam

 

Filed Under: Government Contracting News Tagged With: breach, cyber incidents, cyberattacks, financial risk, fraud, GSA, hack, SAM, vendor registration

February 12, 2018 By AMK

Pentagon warns CEOs: Protect your data or lose our contracts

The Pentagon is warning defense-industry CEOs to better protect their computer networks or risk losing business.

“The culture we need to get to is that we’re going to defend ourselves and that … we want the bar to be so high that it becomes a condition of doing business,” Deputy Defense Secretary Patrick Shanahan said last week at an industry conference here sponsored by the AFCEA and the U.S.Naval Institute.

Shanahan noted that CEOs would likely be hesitant to “sign a cyber disclosure statement that says everybody you do business with is secure.”

“In areas of safety, protecting your workers, in terms of protecting our data or protecting their information, there should be this standard,” he said after the speech.

Keep reading this article at: http://www.defenseone.com/business/2018/02/pentagon-warns-ceos-protect-your-data-or-lose-our-contracts/145779

A partner organization at Georgia Tech has resources and solutions to help contractors comply with DoD’s cybersecurity requirements.  Find them here: http://gtpac.org/cybersecurity-training-video/ 

Filed Under: Government Contracting News Tagged With: cyber, cyber attacks, cyberattacks, DoD, information security

  • 1
  • 2
  • Next Page »

Popular Topics

abuse acquisition reform acquisition strategy acquisition training acquisition workforce Air Force Army AT&L bid protest budget budget cuts competition cybersecurity DAU DFARS DHS DoD DOJ FAR fraud GAO Georgia Tech GSA GSA Schedule GSA Schedules IG industrial base information technology innovation IT Justice Dept. Navy NDAA OFPP OMB OTA Pentagon procurement reform protest SBA sequestration small business spending technology VA
Contracting Academy Logo
75 Fifth Street, NW, Suite 300
Atlanta, GA 30308
info@ContractingAcademy.gatech.edu
Phone: 404-894-6109
Fax: 404-410-6885

RSS Twitter

Search this Website

Copyright © 2023 · Georgia Tech - Enterprise Innovation Institute