Georgia Tech Procurement Assistance Center

Focus of Feb. 20th Georgia Innovation Summit is emerging technology

By

How will emerging technologies affect small businesses and what that sector will be like in the future?

That core question is the theme of the 2018 Georgia Innovation Summit, scheduled for Feb. 20 at the Georgia Tech Research Institute Conference Center in Atlanta. (Register at this link: http://workforce.georgia.org/event/3rd-annual-innovation-summit/)

Now in its third year, the Georgia Innovation Summit is an annual gathering of the state’s top business, education, and government leaders who meet in a series of panel discussions to discuss emerging trends and innovations that will affect businesses of all sizes across Georgia.

The Georgia Mentor Protégé Connection — in partnership with the Georgia Department of Economic Development, the Georgia Centers of Innovation, and Georgia Tech’s Enterprise Innovation Institute (EI2) — is presenting this year’s summit.

Keynote speakers include Jen Bonnett, general manager of Georgia Tech’s Advanced Technology Development Center (ATDC), and David Justice, the Georgia Centers of Innovation’s executive director.

“Emerging technologies are rapidly shaping and changing not only the types of businesses that are being created, but also how business itself is being done,” said EIvice president Chris Downing.

“The topics and themes we’ll be exploring this year reflect that understanding and will help attendees better understand how they can incorporate and use emerging technologies to drive business forward.”

Among the topics is financial technology (FinTech), an important sector in Georgia’s economy. Jeff Gapusan, ATDC’s FinTech catalyst, will moderate a panel discussion titled “FinTech’s Impact on Your Business.”

The industry is big in Georgia with 70 percent of the $5.3 trillion in annual U.S. card spending being processed through companies in Georgia. “FinTech isn’t static,” Downing said. “There’s constant disruption in this sector which is affecting everything from traditional banking to retail. This panel features the thought leaders in this space who are driving that innovation.”

Other panel topics include the Internet of Things (IoT), dealing with cybersecurity, and connecting businesses with the resources they need to navigate the ever-changing business climate.

DHS cyber info sharing tool to get a reboot this year

By

The Homeland Security Department plans to update its system for automatically sharing cybersecurity threat information with companies, critical infrastructure providers and other federal agencies this coming summer or fall, a top official said last week.

More than 200 organizations have signed up to automatically receive the indicators, but most of them aren’t using that information to automatically block malicious traffic into their networks, Jeanette Manfra, assistant secretary in Homeland Security’s Office of Cybersecurity and Communications, said.

Generally, that’s because customer organizations say the indicators don’t include enough information for them to determine what’s truly relevant, Manfra told an audience at the industry group US Telecom’s cybersecurity policy forum.

Keep reading this article at: http://www.defenseone.com/technology/2018/01/dhs-cyber-info-sharing-tool-get-reboot-year/145517

The Department of Homeland Security’s (DHS) free Automated Indicator Sharing (AIS) can be accessed at: https://www.us-cert.gov/ais

Have you watched GTPAC’s cybersecurity compliance video yet?  Check it out at: http://gtpac.org/cybersecurity-training-video/

Changes coming to GSA’s contractor cybersecurity requirements

By

The General Services Administration (GSA) plans to officialize regulations on how contractors should handle and protect sensitive information for federal clients, as well as report any incidents that could put that information at risk.

GSA’s proposed contractor cybersecurity rules changes — a pair of actions included in a Federal Register notice published Jan. 12 — follow in the footsteps of the Pentagon’s move last year to update its acquisition regulations, heightening the security standards of the defense contractors who work with sensitive DoD data.

The actions aren’t exactly new. In part, GSA is putting existing contractor information security requirements through the rulemaking and public comment process so they will be be officially added to the GSA Acquisition Regulation, or GSAR, with any subsequent updates.

Keep reading this article at: https://www.fedscoop.com/changes-coming-gsas-contractor-cybersecurity-requirements/

GTPAC has created a video and a template to help businesses comply with DoD’s cybersecurity requirements.  These new resources appear at: http://gtpac.org/cybersecurity-training-video/

Cybersecurity training video and template released

By

The Georgia Tech Procurement Assistance Center (GTPAC) has produced a 20-minute instructional video designed to assist contractors comply with Defense Department (DoD) cybersecurity requirements.

Click image above to view video and access resource documents.

Accompanying the video is a 127-page template that can be used by contractors to create a Security Assessment Report, a System Security Plan, and a Plan of Action.

The video and template, along with related resources, can be found at: http://gtpac.org/cybersecurity-training-video.

Background

The Defense Federal Acquisition Regulation Supplement (DFARS) prescribes that DFARS clause 252.204-7012 (“Safeguarding Covered Defense Information and Cyber Incident Reporting”)  be inserted in many DoD contracts.

In general, the clause requires that contractors provide adequate security on all applicable contractor information systems – and investigate and report on any compromises of such systems.  The DFARS clause also requires contractors to:

  • isolate malicious software,
  • preserve and protect all media involved in a cyber incident,
  • provide DoD with access to information or equipment for purposes of forensic analysis,
  • assess damage as a result of a cyber incident, and
  • “flow down” the clause in any subcontracts involving information covered by the requirements.
Click on the graphic above to see the government’s complete list of Controlled Unclassified Information (CUI) covered by the regulation.
Impact

If you are a DoD contractor, it is very likely that your contract incorporates DFARS clause 252.204-7012.  The clause is required in all solicitations and contracts, including solicitations and contracts issued under Federal Acquisition Regulation (FAR) Part 12 procedures for the acquisition of commercial items.  (Note: The clause is not required for solicitations and contracts solely for the acquisition of Commercial Off the Shelf – or COTS – items.)

To provide adequate security, DoD contractors covered by the DFARS clause are expected, at a minimum and effective immediately, to implement the standards set forth in National Institute of Standards and Technology (NIST) Special Publication 800-171 (Revision 1).

In general terms, to meet the government’s cybersecurity standards, contractors must assess their information systems, develop a security plan, and create an action plan.  GTPAC’s template – available for download as a Word document on the same webpage where the video appears – provides a step-by-step process by which each of these tasks can be completed and documentation can be compiled.

Information and Assistance

The video and template were funded through a cooperative agreement with the Defense Logistics Agency, and created with the support of the Georgia Institute of Technology.  The content of the video presentation does not necessarily reflect the official views of or imply endorsement by the U.S. Department of Defense, the Defense Logistics Agency, or Georgia Tech.

For further assistance with complying with DoD’s contractual cybersecurity requirements, please feel free to contact a GTPAC Procurement Counselor.  A list of Counselors, their locations, and contact information can be found at: http://gtpac.org/team-directory.

Companies located outside the state of Georgia may contact their nearest Procurement Technical Assistance Center (PTAC) for assistance with government contracting matters.  PTACs are located in all 50 states, the District of Columbia, Guam, and Puerto Rico.  Find a directory of PTACs at: http://www.aptac-us.org/find-a-ptac.

GTPAC is a part of the Enterprise Innovation Institute (EI2), Georgia Tech’s business outreach organization which serves as the primary vehicle to achieve Georgia Tech’s goal of expanded local, regional, and global outreach.  EI2 is the nation’s largest and most comprehensive university-based program of business and industry assistance, technology commercialization, and economic development.

 

 

 

NOAA scouting small businesses for help securing data from satellites

By

The agency best known for its use of satellites and sensors to pump out weather and climate data for forecasters needs some extra cybersecurity help.

The National Oceanic and Atmospheric Administration is looking for small businesses that might be able to help with the IT security of its data centers and systems, as well as the data flow of everything between them and its satellites, according to an agency request for information.

NOAA’s “Office of Satellite and Product Operations (OSPO) requires an IT Security Program to implement required security controls to ensure confidentiality, integrity and availability of the information resources integral to the successful operation of OSPO satellite ground systems, product processing and distribution systems, and Admin LANs,” the agency’s RFI says.

Keep reading this article at: https://www.fedscoop.com/noaa-scouting-small-businesses-help-securing-data-satellites/

Army and Navy cyber command ready way ahead of schedule

By

U.S. Army Cyber Command announced November 2 that all 41 of its active duty Cyber Mission Force teams were validated as having achieved full operational capability in September 2017, more than a year ahead of schedule. To read the official announcement, click on photo above.   (Photo Credit: U.S. Army photo by Steve Stover)

The Army and Navy components of the military’s Cyber Mission Forces have reached full operational capability, the services announced Thursday, beating their 2018 deadline by roughly a year.

The Army and Navy announcement marks a major milestone for U.S. Cyber Command, which has grown since 2010 from a rough plan to build a military unit complementary to the largely civilian National Security Agency to what will soon be a full combatant command.

Together, the Army and Navy components comprise about 60 percent of the 6,200 cyber troops divided among 133 teams that will make up a fully operational U.S. Cyber Command next year.

Keep reading this article at: http://www.nextgov.com/cybersecurity/2017/11/army-and-navy-cyber-command-ready-way-ahead-schedule/142278

Note: The Army Cyber Command is headquartered at Fort Gordon in Augusta, GA.  In June of 2017, groundbreaking was held for the construction of the Georgia Cyber Innovation and Training Center, a $60 million compound that will feature research and classroom space for Augusta University and the state’s technical colleges, as well as office space for established and startup companies.  For more information, see: http://gtpac.org/2017/06/21/new-training-center-in-augusta-to-counter-emerging-cyberthreats/

Deadlines approach for government contractors on cybersecurity compliance

By

Government contractors are subject to cybersecurity requirements, found in the Federal Acquisition Regulation (FAR) and each agency’s supplement to the FAR, and some important deadlines are fast approaching. Set forth below is a high-level overview of cybersecurity requirements found in the FAR and the Department of Defense (DoD) FAR Supplement (DFARS).

The FAR requires government contractors that handle “federal contract information” to comply with 15 requirements for safeguarding that information. These requirements are similar to certain requirements found in NIST SP 800-171.

Under the FAR, “federal contract information” is defined as:

information, not intended for public release, that is provided by or generated for the Government under a contract to develop or deliver a product or service to the Government, but not including information provided by the Government to the public (such as on public Web sites) or simple transactional information, such as necessary to process payments.

This is a broad category of information, and some commentators have suggested that it would apply to “virtually all” federal contracts.

Keep reading this article at: https://www.jdsupra.com/legalnews/deadlines-approach-for-government-74231/

Reminder: DoD contractors required to meet cybersecurity requirements by year-end

By

The window for Department of Defense (DoD) contractors to bring themselves into compliance with cybersecurity requirements is closing.

Specifically, changes to the Defense Federal Acquisition Regulation Supplement (DFARS) published in late 2016 require that DoD contractors and subcontractors provide “adequate security” on “covered information systems.”  The new rule also imposes reporting requirements for cyber incidents.  Failure to comply with these requirements could result in loss of government contracting opportunities and civil and criminal liability for responsible companies and individuals.

Background

On October 21, 2016, DoD published a final rule significantly expanding the obligations of private industry with respect to cybersecurity on contractor information systems that host certain government and other sensitive data. 81 Fed. Reg. 72986 (Oct. 16, 2016).  Specifically, the new rule amends the contract clause at DFARS 252.204-7012, which addresses “Safeguarding Covered Defense Information and Cyber Incident Reporting.” According to DoD, “[t]he objectives of the rule are to improve information security for DoD information stored on or transiting contractor information systems as well as in a cloud environment.”  

The amended DFARS clause imposes a critical and fast-approaching compliance deadline for DoD contractors and subcontractors to implement specific security measures on their “covered systems” by December 31, 2017.

The new contract clause at DFARS 252.204-7012 mandates that DoD contractors and their subcontractors “provide adequate security” on all “covered contractor information systems.”

Keep reading this article at: http://www.jdsupra.com/legalnews/alert-dod-contractors-required-to-meet-65186/

Oct. 27 cybersecurity webinar reviews key regulatory actions impacting government contractors

By

The Georgia Tech Procurement Assistance Center (GTPAC) is hosting a one-hour lunchtime webinar on Oct. 27, 2017 on the subject of the regulatory obligations federal contractors have for protecting data from cyber-attacks.

Interested parties can sign-up to participate in this free webinar by clicking here.  After registering, enrollees will receive webinar access information from the instructor a few days before the webinar.

Businesses seeking information and resources on the subject of government cybersecurity rules can visit this page.  GTPAC hosted a half-day briefing for businesses on Aug. 9th, and visitors to this page can view a video of the event, plus download a number of resource materials.

Federal cybersecurity requirements seminar now available on video

By

Video coverage of the August 9th seminar on Cybersecurity Requirements for Federal Contractors is now available for viewing, along with pertinent printed resources.

The Georgia Tech Procurement Assistance Center (GTPAC) co-hosted the recent event, along with the Georgia Manufacturing Extension Program (GaMEP).

At the end of this year — if you are a Department of Defense (DoD) contractor or hope to be one — there are new cybersecurity requirements that will be in your contract that will require you to limit access to your information systems, identify system users, and take measures to safeguard federal contract information (FCI).  Your compliance with these rules, among others, require documented processes and procedures.  And, similar requirements are expected to be included in other federal contracts in the near future.

Access to the video is right here.  Following introductory remarks, details on the cyber requirements begin at the 18:00 minute mark in the video.

Click on the image above to start video.

In addition, the following links to the actual presentation materials and other resources are provided below:

GTPAC will continue to provide to our clients additional cybersecurity compliance materials as they become available.

Contracting News

Read More

Contracting Tips

Read More

GTPAC News

Read More

Georgia Tech News

Read More