The Contracting Education Academy

Contracting Academy Logo
You are here: Home / Archives for security threat

By

GSA could be vulnerable to security threats from ‘trusted insiders’

The General Services Administration needs to bolster its efforts to protect against insider threats from current and recently separated employees, a watchdog reported recently.

The GSA inspector general reviewed the agency’s processes to thwart harmful actions from “trusted insiders” to its personnel, facilities, operations and resources. GSA has about 12,000 employees throughout its central office, Federal Acquisition Service, Public Buildings Service, Office of Governmentwide Policy, 11 national staff offices, 11 regional offices and two independent offices. An October 2011 executive order and subsequent policy from November 2012 laid out requirements for agencies’ insider threat programs. In 2014, GSA established its own program (a two-person team that reports to the senior designated official who is the associate administrator of GSA’s Office of Mission Assurance) and in 2017 the National Insider Threat Task Force certified it met the minimum standards. However, the inspector general found some areas of concern since then.

“We found that GSA’s [insider threat program] does not consistently collaborate with other GSA staff offices to gather key threat information proactively and does not communicate insider threat risks and program challenges to the GSA administrator as required,” said the report.  “Instead, the [program] senior designated official has taken a reactive approach that leaves GSA susceptible to insider threats.”

Another issue was that after the National Insider Threat Task Force deemed GSA’s insider threat program was at full operational capacity in November 2017, GSA’s insider threat working group disbanded because staff thought it was no longer needed.  The group had members from the Office of Human Resources Management, Office of GSA IT, Office of the Chief Financial Officer and Office of Mission Assurance.

Keep reading this article at: https://www.govexec.com/oversight/2021/02/watchdog-says-gsas-insider-threats-program-needs-improvement/172147/

By

GSA introduces vendor risk assessment program in draft solicitation

The General Services Administration could soon start requiring on-site assessments of certain federal contractors under a new program to scrutinize risks to the supply chain. 

Tucked into the draft of a new governmentwide acquisition vehicle for information technology services called Polaris is language describing a tool to “identify, assess and monitor supply chain risks of critical vendors.”  It would use classified and unclassified sources.

GSA said once the tool it’s developing—referred to as the Vendor Risk Assessment Program — is complete, “the contractor agrees the government may, at its own discretion, perform audits of supply chain risk processes or events,” adding, “on site assessments may be required.”

The Vendor Risk Assessment Program first appeared online in a Sept. 2017 blogpost by GSA’s Shon Lyublanovits describing plans to address risks to the supply chain of the government’s information and communications technology. Around that time, agencies would have been busy working to remove Kaspersky software from their systems.  And GSA was engaged in a series of pilots toward a service that would be shared across the government to uncover businesses’ due diligence, including for cybersecurity concerns.

Keep reading this article at: https://www.nextgov.com/cybersecurity/2021/01/gsa-introduces-vendor-risk-assessment-program-draft-solicitation/171289/

By

GSA to remove almost all drones from contract offerings over China concerns

By Feb. 1, all but five unmanned aerial vehicles will be removed from the General Services Administration’s offerings.

The General Services Administration — the federal government’s central buyer — will no longer include drones in its suite of offerings, except those previously approved by a small innovation unit inside the Defense Department.

Citing the threat of Chinese manufacturers, GSA officials announced Tuesday the agency will be canceling contracts offering drones from all but five suppliers on the Multiple Award Schedules, the set of pre-vetted contracts that offer everything from paper clips to helicopters to data centers.

“GSA is removing all identified drones that are not approved through the [Defense Innovation Unit’s] Blue sUAS program from MAS contracts,” a GSA spokesperson told Nextgov. “Affected vendors will be notified by their contracting officer and only the identified drones will be removed from their MAS contract.”

Keep reading this article at: https://www.nextgov.com/cybersecurity/2021/01/gsa-remove-almost-all-drones-contract-offerings-over-china-concerns/171352/

By

Comments on government supply chain rule push for better definitions and more time

Industry groups and other comments highlight the difficulty of complying with a provision of last year’s defense authorization act that requires the removal of products from companies including Huawei and ZTE. 

The broad, ambiguous language of Congressionally-mandated rule for government contractors to remove products and services from companies that pose threats to national security is complicating implementation, according to public comments.

The comment period for the interim Federal Acquisition Rule implementing Part B of Section 889 — a provision of the 2019 National Defense Authorization Act — closed last week, and the more than 30 comments submitted raise questions related to fundamental compliance issues.

While in general, commenters agree with the rule’s intent, groups representing industry, including the National Defense Industrial Association, BSA | The Software Alliance, the Coalition for Government Procurement and the Internet Association submitted detailed letters to Regulations.gov outlining compliance challenges.  Nearly all asked for extended timelines for implementation and better definitions for key terms and phrases used in the regulation.

Keep reading this article at: https://www.nextgov.com/cybersecurity/2020/09/comments-government-supply-chain-rule-push-better-definitions-and-more-time/168460/

By

Top DoD scientist sets up task forces to look at industrial base, infrastructure

The Defense Department’s top scientist is concerned about the state of defense businesses, critical infrastructure and security of microelectronics in the military, and he’s asking some of the Pentagon’s top minds to look into the issues.

In three Oct. 30 memos to the Defense Science Board — a group of military, civilian, science and academic experts sponsored by DoD — Defense Undersecretary for Research and Engineering Michael Griffin asks that task forces be set up to assess the businesses the Pentagon needs to create weapons and how to protect the military’s resiliency. He also asks a task force to look at how to ensure trustworthy microelectronics are used in military systems.

The 21st Century Industrial Base for National Defense Task Force is tasked with taking proactive steps to increase the depth, breadth and security of the defense industrial base.

The memo gives the task force up to 12 months to study how the industrial base can respond to the need for the military to surge and mobilize. It will also look at how industry can adapt modernization practices to continuously adapt to threats.

Keep reading this article at: https://federalnewsnetwork.com/defense-main/2019/11/top-dod-scientist-sets-up-task-forces-to-look-at-industrial-base-infrastructure/

Contracting Academy Logo
75 Fifth Street, NW, Suite 300
Atlanta, GA 30308
info@ContractingAcademy.gatech.edu
Phone: 404-894-6109
Fax: 404-410-6885

RSS Twitter