code | Georgia Tech Procurement Assistance Center

As the Senate approaches the end of its debate on the National Defense Authorization Act (NDAA) for Fiscal Year 2019, provisions of the bill regarding access to and review of information technology code deserve close attention. These sections, if enacted, would significantly impact Department of Defense contractors and also would affect matters associated with investments subject to review by U.S. national security agencies.

As drafted, the provisions could expose current and prospective contractors to intrusive scrutiny and significant risks. They lack clarity on key definitions, leaving the precise scope of those risks unclear. We summarize major issues and concerns below. We expect these provisions to receive scrutiny during the House-Senate conference on the NDAA over the summer.

Synopsis of the Proposed Legislation

Three sections of the Senate’s version of the NDAA, which passed the Senate Armed Services Committee in May, would establish new rules designed to mitigate “risks posed by providers of information technology with obligations to foreign governments.” Those risks involve the access that foreign governments may have to code in products or services that are offered to the Department of Defense. The provisions also impose new disclosure requirements on the efforts of a prospective vendor to obtain a license under the Export Administration Regulations (“EAR”) or the International Traffic in Arms Regulation (“ITAR”).

The pending legislation would require proactive disclosure of those matters, and would impose an ongoing duty to supplement those disclosures during the period of performance on the contract. The Secretary of Defense would be authorized to assess and mitigate any resulting national security risks through contractual provisions or other performance requirements.

Keep reading this article at: https://www.insidegovernmentcontracts.com/2018/06/senate-armed-services-committee-proposes-expansive-unclear-software-review-provisions/

A team of Georgia Tech researchers from the School of Computer Science (SCS) has been awarded $7.5 million from the Office of Naval Research to develop a customized attack-resistant software stack.

SCS Assistant Professor Bill Harris is the principal investigator on the project and is collaborating with Professors Wenke Lee and Alessandro Orso, Associate Professor Santosh Pande, and Assistant Professor Taesoo Kim.

The researchers are working on a technique for reducing what’s known as the attack surface, the total number of ways in which a program can be vulnerable to exploit. Most general-purpose software includes code that not every user needs, and unused code can create an opportunity for exploit for an attacker. Through this research, users will be able to run software in which unneeded code is removed, thus decreasing the vulnerability of the programs they use.

Lee compares the project to a house. “When you build a house, you only really need one door, but the house may still have multiple doors. The number of doors increases the opportunity to break in,” Lee said. “If you only have one door, your house is more secure.”

In order to do this, the researchers are looking at the full stack of software systems, including applications, operating systems, and possibly Internet of Things devices. They are planning to use static and dynamic analysis techniques to determine which pathways through the system different users need. Each researcher has a specific area of expertise:

Pande’s focus on compilers will help determine what essential code must be loaded for each user during application execution.
Harris’s expertise with static analysis will provide guarantees that the software maintains its integrity despite removed code.
Orso will use dynamic analysis and testing techniques to confirm the modified system still functions as expected.
Kim will use his expertise in systems to determine which modules can be removed from the operating system without compromising its functionality.
Lee will focus on the aspects related to security and use his expertise to analyze and experiment with malware.

Overall, the five researchers have the set of complementary skills needed for the project to be successful. Over the five-year life of the grant, the researchers expect to develop a series of approaches for reducing attack surface that anyone can use on complex systems, as well on low-level code.

“Going back to the house metaphor, the problem is that different people want to use different doors,” Orso says. “Our research will allow users to customize the house for each person so that it contains only the door that person needs.”

Source: http://www.news.gatech.edu/2018/01/12/georgia-tech-researchers-awarded-75-million-office-naval-research-secure-stack

Software review provisions proposed by Senate Armed Services Committee could have significant impact on DoD contractors

Synopsis of the Proposed Legislation

Georgia Tech researchers awarded $7.5 million from ONR for secure stack

Contracting News

NDAA requires Contracting Officers to provide information to unsuccessful offerors for task and delivery orders valued under $5.5 million

Recent cases indicate viability of False Claims Act liability connected to federal cybersecurity standards

Justice Department recovers over $3 billion from False Claims Act cases in FY 2019

How the Navy SEALs wound up buying 450 counterfeit radio antennas

Lockheed Martin’s Marietta GA facility wins major C-130J contract

Contracting Tips

In certain circumstances the government may waive strict compliance with construction specifications

Getting Ready for CMMC (Resources and Links)

You may have a choice in how to calculate your size

GSA’s big changes in 2020, Part 2

COFC highlights importance of proving damages in CDA claims

GTPAC News

Save the date: 2020 Robins Air Force Base requirements symposium to be held March 26, 2020

GSA hosting Federal Acquisition Service Training Conference in Atlanta, GA April 14-16, 2020

DOAS and Georgians First Commission hosting Georgia Small Business Symposium Feb. 12, 2020

SBA hosting access to capital forum Sept. 16th

Recent DoD contract awards (Aug. 15 – 28)

Georgia Tech News

$25 million project will advance DNA-based archival data storage

Georgia Tech collaborates with IBM to develop software stacks for quantum computers

Georgia Tech’s 100,000th living engineering graduate

President Cabrera’s First Week

Research, sponsored activity awards top $1 billion at Georgia Tech