Georgia Tech Procurement Assistance Center

Reminder: DoD contractors required to meet cybersecurity requirements by year-end

By

The window for Department of Defense (DoD) contractors to bring themselves into compliance with cybersecurity requirements is closing.

Specifically, changes to the Defense Federal Acquisition Regulation Supplement (DFARS) published in late 2016 require that DoD contractors and subcontractors provide “adequate security” on “covered information systems.”  The new rule also imposes reporting requirements for cyber incidents.  Failure to comply with these requirements could result in loss of government contracting opportunities and civil and criminal liability for responsible companies and individuals.

Background

On October 21, 2016, DoD published a final rule significantly expanding the obligations of private industry with respect to cybersecurity on contractor information systems that host certain government and other sensitive data. 81 Fed. Reg. 72986 (Oct. 16, 2016).  Specifically, the new rule amends the contract clause at DFARS 252.204-7012, which addresses “Safeguarding Covered Defense Information and Cyber Incident Reporting.” According to DoD, “[t]he objectives of the rule are to improve information security for DoD information stored on or transiting contractor information systems as well as in a cloud environment.”  

The amended DFARS clause imposes a critical and fast-approaching compliance deadline for DoD contractors and subcontractors to implement specific security measures on their “covered systems” by December 31, 2017.

The new contract clause at DFARS 252.204-7012 mandates that DoD contractors and their subcontractors “provide adequate security” on all “covered contractor information systems.”

Keep reading this article at: http://www.jdsupra.com/legalnews/alert-dod-contractors-required-to-meet-65186/

Federal cybersecurity requirements seminar now available on video

By

Video coverage of the August 9th seminar on Cybersecurity Requirements for Federal Contractors is now available for viewing, along with pertinent printed resources.

The Georgia Tech Procurement Assistance Center (GTPAC) co-hosted the recent event, along with the Georgia Manufacturing Extension Program (GaMEP).

At the end of this year — if you are a Department of Defense (DoD) contractor or hope to be one — there are new cybersecurity requirements that will be in your contract that will require you to limit access to your information systems, identify system users, and take measures to safeguard federal contract information (FCI).  Your compliance with these rules, among others, require documented processes and procedures.  And, similar requirements are expected to be included in other federal contracts in the near future.

Access to the video is right here.  Following introductory remarks, details on the cyber requirements begin at the 18:00 minute mark in the video.

Click on the image above to start video.

In addition, the following links to the actual presentation materials and other resources are provided below:

GTPAC will continue to provide to our clients additional cybersecurity compliance materials as they become available.

Want to do Defense Dept. contracting? You’ll benefit from Georgia Tech’s Aug. 9 briefing

By

At the end of this year — if you are a Department of Defense (DoD) contractor or hope to be one — there are new cybersecurity requirements that will be in your contract that will require you to limit access to your information systems, identify system users, and take measures to safeguard federal contract information (FCI).  Your compliance with these rules, among others, require documented processes and procedures.

There is some good news.  Now, you have the opportunity to learn the details of DoD’s new requirements — and prepare to address the requirements — by attending Georgia Tech’s free briefing on cybersecurity being held Wednesday, August 9, 2017.  The briefing will be held from 9:00 a.m. to noon.

This is your opportunity to learn why and how businesses, particularly DoD contractors, are being targeted by cyber attackers — and the steps you can take to protect your company.

Here’s how you will benefit by attending the August 9 briefing:

  • Understand NIST 800-171 compliance issues for contractors to the federal government.
  • Learn how businesses are being targeted.
  • Learn about different types of cyber hackers.
  • Explore the root causes of attacks.
  • Understand how to identify your assets and risks, protect your assets, detect vulnerability, respond to malicious events, and recover successfully from such events.

Speakers include:

  • Dave Stieren, Program Manager, National Institute of Standards and Technology
  • Spencer Cobb, Cytellix Cyber Security Readiness for Manufacturing

Location: Centergy Building, 75 – 5th Street, NW, Hodges Room, 3rd Floor, Atlanta, GA 30308

Pre-Registration Required!   Register at: https://www.eventbrite.com/e/cybersecurity-for-manufacturers-atlanta-seminar-tickets-35607900188

This event is being sponsored by: Georgia Tech Procurement Assistance Center (GTPAC), Georgia Manufacturing Extension Partnership (GaMEP), National Institute of Standards and Technology (NIST), the Georgia Department of Economic Development, and the Georgia Centers for Innovation.

What’s that cybersecurity FAR clause doing in my contract?

By

Many contractors we talk to believe that cybersecurity requirements are exclusively a concern of contractors working with DoD or with highly-classified, top secret projects. While perhaps true to some degree in the past, that belief is now outdated. In recent years, the federal government has steadily expanded the reach of cybersecurity requirements imposed on contractors and contracts of all shapes and sizes, and that trend is expected to continue.

As an example, one year ago this month the government implemented a new FAR clause, FAR 52.204-21, entitled “Basic Safeguarding of Covered Contractor Information Systems.” This clause, which went into effect on May 16, 2016, brings basic cybersecurity requirements to many federal contracts. The clause is supposed to be inserted in every solicitation and contract where a contractor or subcontractor at any tier may have federal contract information (FCI) residing in or transitioning through its information system.

FCI is broadly defined as “information, not intended for public release, that is provided by or generated for the Government under a contract to develop or deliver a product or service to the Government, but not including information provided by the Government to the public.”

Prime contractors are also expected to flow down the clause to subcontracts at all tiers that may have FCI in their systems, including subcontracts for commercial items (but not subcontracts for commercial off-the-shelf items).

Keep reading this article at: http://www.mondaq.com/article.asp?articleid=602460

Note: Georgia Tech is sponsoring a free cybersecurity briefing on Aug. 9, 2017.  For details, visit: http://gtpac.org/2017/06/30/georgia-tech-sponsors-cybersecurity-briefing-in-august-for-manufacturers/

Georgia Tech sponsors cybersecurity briefing in August for manufacturers

By

If you are a Georgia manufacturer, here is your opportunity to learn why and how manufacturers are being targeted by cyber attackers — and the steps you can take to protect your company.

On Wednesday, August 9, 2017, Georgia Tech is holding a free briefing on cybersecurity for manufacturers.  The briefing is 9:00 a.m. to noon.

Here’s how attendees will benefit:

  • Understand NIST 800-171 compliance issues for contractors to the federal government.
  • Learn how manufacturers are being targeted.
  • Learn about different types of cyber hackers.
  • Explore the root causes of attacks.
  • Understand how to identify your assets and risks, protect your assets, detect vulnerability, respond to malicious events, and recover successfully from such events.

Speakers include:

  • Dave Stieren, Program Manager, National Institute of Standards and Technology
  • Spencer Cobb, Cytellix Cyber Security Readiness for Manufacturing

Location: Centergy Building, 75 – 5th Street, NW, Hodges Room, 3rd Floor, Atlanta, GA 30308

Pre-Registration Required!   Register at: https://www.eventbrite.com/e/cybersecurity-for-manufacturers-atlanta-seminar-tickets-35607900188

This event is being sponsored by: Georgia Tech Procurement Assistance Center (GTPAC), Georgia Manufacturing Extension Partnership (GaMEP), National Institute of Standards and Technology (NIST), the Georgia Department of Economic Development, and the Georgia Centers for Innovation.

 

New training center in Augusta to counter emerging cyberthreats

By

This is a rendering of the future $60 million Georgia Cyber Innovation and Training Center to be built in downtown Augusta.

In December, as the legislative session was about to kick into high gear, two well-connected Georgia business leaders approached Gov. Nathan Deal’s office with an ambitious idea for the state to build a high-tech training center to assist the NSA and U.S. Army Cyber Command, which just weeks earlier had broken ground on its future headquarters at Fort Gordon.

It would need to be built quickly to stringent national security specifications to handle classified intelligence. But such a center could bolster the state’s claim as a vital center in the nation’s sprawling intelligence network.

The Army Cyber Command is headquartered at Fort Gordon.

On Monday, just six months later, Gov. Nathan Deal and leaders in Augusta held a ceremonial groundbreaking to mark construction of the Georgia Cyber Innovation and Training Center, a $60 million compound that will feature research and classroom space for Augusta University and the state’s technical colleges, as well as office space for established and startup companies.

About 28,000 civilians in Georgia work in cybersecurity. About 13,000, including military personnel, work in cybersecurity in the Augusta area, Deal said Monday.

Keep reading this article at: http://digital.olivesoftware.com/Olive/ODN/AtlantaJournalConstitution/shared/ShowArticle.aspx?doc=AJC/2017/06/20&entity=Ar00106&sk=EC2A4954

Cyber executive order could signal windfall for contractors

By

This week, the House passed a major bill that would create working capital funds agencies to modernize their internal technology. Last week, President Donald Trump signed an executive order directing agencies to update their cybersecurity practices and to hold agency heads, not chief information officers, accountable for incidents.

What do these moves mean for technology contractors? They could signal continued or greater upcoming investments in private-sector cyber services, Candace Worley, McAfee’s chief technical strategist, told Nextgov.

Keep reading this article at: http://www.nextgov.com/cybersecurity/2017/05/mcafee-vp-cyber-executive-order-could-signal-windfall-contractors/137979

Frequently-cited statistic about danger small businesses face from cyberattacks has no basis in fact

By

It’s the kind of figure that can make your jaw drop, the kind that forces lawmakers and public officials to get off their duffs and do something, that drives home the way cyber insecurity is ravaging small businesspeople across the nation.

House and Senate lawmakers have cited it in bills that would redirect federal resources and are awaiting action on their chambers’ floors. Top executive branch officials have cited it in official testimony to Congress.

But it’s completely erroneous, not based on any existing study, according to an exhaustive Nextgov search.

The statistic, typically attributed to the National Cyber Security Alliance, is that 60 percent of small businesses that suffer a cyberattack will go out of business within six months.

Keep reading this article at: http://www.nextgov.com/cybersecurity/2017/05/how-fake-cyber-statistic-raced-through-washington/137542

See related article, “House Panel Passes Bill Requiring Federal Cyber Guidance for Small Businesses,” at: http://www.nextgov.com/cybersecurity/2017/05/house-panel-passes-bill-requiring-federal-cyber-guidance-small-businesses/137499 

Subcontractor outreach event to be held in Augusta May 9th for Georgia Cyber Innovation & Training Center

By

The Augusta Metro Chamber of Commerce is hosting an event on Tuesday, May 9, 2017, to encourage local, small, and disadvantaged business enterprises to participate in second-tier contracting opportunities associated with the construction of the Georgia Cyber Innovation and Training Center.

Project Overview

The Georgia Cyber Innovation and Training Center will be a state-owned multi-story facility designed to promote modernization in cybersecurity technology for private and public industries through unique education, training, research, and practical applications.  The construction of the center will include a 150,000 square-foot building and adjacent multi-level parking structure.  The estimated cost for both facility and parking structure is $62 million.  The center will enhance American cybersecurity in both the public and private sectors and serve as an incubator for start-up cybersecurity companies. It will also focus on research and development, tapping into the assets of Georgia’s research institutions.

The Georgia Cyber Innovation and Training Center will be a state-owned facility designed to promote modernization in cybersecurity technology for private and public industries through unique education, training, research, and practical applications. It will be housed in a 150,000-square-foot facility to be built near Fort Gordon in Augusta. Fort Gordon is home to the U.S. Army Cyber Command, the U.S. Army Cyber Center of Excellence, and the National Security Agency.

Work Available for Subcontracting

A partial list of scopes of work include, but is not limited to:  soil treatment; concrete (site work, building, landscaping & irrigation); masonry; cabinetry; waterproofing; caulking & sealants; roofing; doors; frames & hardware; drywall & acoustical; flooring; painting; access flooring; toilet partitions & accessories; fire extinguishers and cabinets; residential appliances; and window treatments. 

Construction Oversight

The Georgia Technology Authority (GTA) will oversee construction and operation of the training center. Groundbreaking for the Georgia Cyber Innovation and Training Center is scheduled for spring 2017, with the opening to follow in July 2018. 

Outreach Event time, Date and Location

The subcontractor outreach event will take place at 10:00 a.m. on Tuesday, May 9, 2017 at the Augusta Metro Chamber of Commerce, One Tenth Street, Suite 120, Augusta, GA 30901

Subcontractor Qualifications and Further Information

Contact Jared Hardy, Senior Project Manager, New South Construction, at (404) 443-4000 (W), or (404) 427-5250 (M).  If you prefer email, Jared can be contacted at jhardy@newsouthconstruction.com

 

5 steps for contractors to meet the FAR’s cyber requirements

By

With major data breaches and system hacks dominating the headlines over the past few years, cybersecurity has become a top consideration for anyone operating a business. Although these breaches affect companies from all industries, the government remains a top target for cybercriminals across the globe.

Widespread attempts to take down government systems and steal data have officials scrambling to eliminate risk from all angles.

Recognizing the devastating impact of data breaches, especially considering the sensitive nature of their respective data, the Department of Defense, NASA, and the General Services Administration collaborated on developing safeguards for contractors who store, transmit, and process federal data – a new subpart and contract clause to the Federal Acquisition Regulation (FAR).

The proposed FAR Rule was first issued in August 2012, but the ruling was not finalized until May 2016 – nearly four years later.

The requirements settled upon in the final ruling outline 15 categories of security controls meant to protect government information stored on contractor IT systems. With the federal government spending over $400 million on almost 4 million contracts in 2015 alone, this regulation will affect businesses of all types.

Keep reading this article at: https://washingtontechnology.com/articles/2017/03/07/insights-dunbar-understanding-far-cyber-rules.aspx

Contracting News

Read More

Contracting Tips

Read More

GTPAC News

Read More

Georgia Tech News

Read More