Georgia Tech Procurement Assistance Center

SAM.gov hackers used spearphishing, spoofing, credential theft

By

Cybercrooks who stole federal payments by hacking contractor accounts on a General Services Administration (GSA) website used sophisticated spearphishing techniques to steal login credentials and then diverted payments to bank accounts they controlled, an executive of a contractor targeted in the scam told FedScoop.

It’s unclear how much the scammers have netted through their scheme, which is being investigated by the GSA inspector general and federal law enforcement.

The inspector general’s office declined to comment, but sources familiar with the investigation told FedScoop that the cyberattacks that facilitated the fraud had been identified last year and were ongoing as
recently as last week.

Keep reading this article at: https://www.fedscoop.com/sam-gov-hackers-used-spearphishing-spoofing-credential-theft/

Also see Tips for Surviving Compromise of Government’s Vendor Database: http://gtpac.org/2018/03/26/tips-for-surviving-compromise-of-governments-vendor-database/

Do federal supply schedule contracts still have value?

By

Over the past several months, there has been a confluence of congressional and agency actions that will have a significant impact on Federal Supply Schedule (FSS) contract holders.

These changes are so significant that they will likely cause companies with FSS contracts to question whether having an FSS makes sense.

These changes could also cause companies to restructure the segments of their companies that are responsible for selling to the federal government.

Keep reading this article at: https://governmentcontractsnavigator.com/2018/03/22/do-federal-supply-schedule-contracts-still-have-value/

Why CDM vendors need more flexibility

By

The first two phases of the Department of Homeland Security’s Continuous Diagnostic and Mitigation (CDM) program have helped government agencies deploy foundational cybersecurity solutions for real-time visibility and continuous network monitoring to identify vulnerabilities, reduce risk, ensure compliance and respond to threats.

DHS and the General Services Administration (GSA) deserve tremendous credit for implementing a technical program of this size and complexity. However, the first two phases barely bring government to the starting line of the cybersecurity technology race. The private sector and U.S. adversaries are already well past that point.

The most important phase of the CDM program is yet to come, under which government tackles the data security problems of an increasingly mobile workforce and distributed cloud computing environment.

Keep reading this article at: https://fcw.com/articles/2018/03/19/cdm-vendor-flex-comment.aspx

Federal vendor database — SAM — hacked

By

The General Services Administration (GSA) has announced that fraudulent activity has allegedly taken place within the System for Award Management (SAM).

SAM is the federal government’s vendor database.  It also contains links to several other contract-related functions.

Existing SAM registrants are being advised to validate their registration information, particularly their financial information.  If an entity’s financial information in SAM — particularly bank routing information — has been exposed, it is possible for contract payments to be diverted.

Until SAM’s data breach issue is settled, it is going to be particularly difficult for new vendors to register in SAM.

The Federal Service Desk advises that a new entity registering in SAM at www.sam.gov is now required to prepare and submit a notarized letter identifying the authorized Entity’s Administrator before the entity will be activated within the SAM database.

To assist vendors in this process, the Georgia Tech Procurement Assistance Center (GTPAC) has prepared a template.  The template is available here: SAM_Notary_Letter_Template_v1_GTPAC_03.23.2018

Update: GSA has prepared a template for preparation of the notarized letter.  The template is available here: SAM_Notary_Letter_Template_4.12.18_GSA_version

As specified by GSA, GTPAC’s template for the notarized letter specifies that it is to:

  • Be on your company/organization letterhead
  • Be signed by your company President, CEO, or other authorized signature authority
  • Contain your company/organization DUNS Number
  • Contain your company/organization Legal Business Name (as associated with the DUNS Number)
  • Contain your company/organization physical address (as associated with the DUNS Number)
  • Contain the new Entity Administrator’s name, phone number, address, and email address
  • Contain the following statement above the signature block of your letter with the appropriate information inserted where noted: “The purpose of this notarized letter is to designate [insert name of Entity Administrator] as Entity Administrator for [insert Legal Business Name].  I, [insert Name and Title of signatory], hereby confirm that [insert name of Entity Administrator] is an authorized officer, agent, or representative of [insert entity Legal Business Name, or, for individuals representing themselves, say him/herself]. This letter will authorize [insert name of Entity Administrator] to have access to the System for Award Management (SAM). SAM is a computer system managed by the U.S. Government, and it is only accessible by individuals who are either authorized to represent a particular entity, or by individuals representing themselves. Accessing or using SAM, or information contained therein, for any unauthorized or illegal purposes, may have civil and criminal penalties, and may negatively impact the status of the SAM registration maintained on this entity. I, the below-signed, attest to the accuracy of all information contained in this letter.”

Vendors are reminded that there is no cost to register in SAM — it is free.

You must mail the original letter, signed by the Notary, to:

FEDERAL SERVICE DESK

ATTN: SAM.GOV REGISTRATION PROCESSING

100 CAPITOL COMMERCE BLVD STE 309

MONTGOMERY, AL 36117-4260

Address Update:

FEDERAL SERVICE DESK

ATTN: ​SAM.GOV​ REGISTRATION PROCESSING

460 INDUSTRIAL BLVD

LONDON, KY 40741-7285

UNITED STATES OF AMERICA

Georgia businesses who need assistance with this process should contact a GTPAC counselor for no-cost assistance.  A directory of our counselors appears at: http://gtpac.org/team-directory.

Businesses located outside the state of Georgia may contact the Procurement Technical Assistance Center (PTAC) in their state.  A directory is at: http://www.aptac-us.org/find-a-ptac.

Japanese manufacturer to pay $66 million settlement for supplying defective bullet proof vests

By

Toyobo Co. Ltd. of Japan and its American subsidiary, Toyobo U.S.A. Inc., f/k/a Toyobo America Inc. (collectively, Toyobo), have agreed to pay $66 million to resolve claims under the False Claims Act that they sold defective Zylon fiber used in bullet proof vests that the United States purchased for federal, state, local, and tribal law enforcement agencies, the Justice Department has announced.

The settlement resolves allegations that between at least 2001 and 2005, Toyobo, the sole manufacturer of Zylon fiber, knew that Zylon degraded quickly in normal heat and humidity, and that this degradation rendered bullet proof vests containing Zylon unfit for use.  It was further alleged that Toyobo nonetheless actively marketed Zylon fiber for bullet proof vests, published misleading degradation data that understated the degradation problem, and when Second Chance Body Armor recalled some of its Zylon-containing vests in late 2003, started a public relations campaign designed to influence other body armor manufacturers to keep selling Zylon-containing vests.

According to the government, Toyobo’s actions delayed by several years efforts to determine the true extent of Zylon degradation.  Finally, in August 2005, the National Institute of Justice (NIJ) completed a study of Zylon-containing vests and found that more than 50 percent of used vests could not stop bullets that they had been certified to stop.  Thereafter, the NIJ decertified all Zylon-containing vests.

This settlement is part of a larger investigation undertaken by the Justice Department’s Civil Division of the body armor industry’s use of Zylon in body armor.  The Civil Division previously recovered more than $66 million from 16 entities involved in the manufacture, distribution or sale of Zylon vests, including body armor manufacturers, weavers, international trading companies, and five individuals.  The settlement announced on March 15th brings the Division’s overall recoveries to over $132 million.  The United States still has lawsuits pending against Richard Davis, the former chief executive of Second Chance, and Honeywell International Inc.

The latest settlement resolves allegations filed in two lawsuits, one brought by the United States and the other filed by Aaron Westrick, Ph.D., a law enforcement officer formerly employed by Second Chance who is now a Criminal Justice professor at Lake Superior University.  Dr. Westrick’s lawsuit was filed under the qui tam, or whistleblower, provisions of the False Claims Act, which permit private individuals to sue on behalf of the government for false claims and to share in any recovery.  The Act also allows the government to intervene and take over the action, as it did in 2005 in Dr. Westrick’s case.  Dr. Westrick will receive $5,775,000.

This case was handled by the Justice Department’s Civil Division, along with the General Services Administration, Office of the Inspector General; the Department of Commerce, Office of Inspector General; the Defense Criminal Investigative Service; the U.S. Army Criminal Investigative Command; the Department of the Treasury, Office of Inspector General for Tax Administration; the Air Force Office of Special Investigations; the Department of Energy, Office of the Inspector General; and the Defense Contracting Audit Agency.

The claims settled by this agreement are allegations only; there has been no determination of liability.  The lawsuits resolved by the settlement are captioned United States ex rel. Westrick v. Second Chance Body Armor, et al., No. 04-0280 (PLF) (D.D.C.) and United States v. Toyobo Co. Ltd., et al., No. 07-1144 (PLF) (D.D.C.).

Source: https://www.justice.gov/opa/pr/japanese-fiber-manufacturer-pay-66-million-alleged-false-claims-related-defective-bullet

 

GSA awards first wave of contracts in White House’s IT overhaul

By

The General Services Administration on Wednesday announced awardees of the first round of contracts to support the White House’s IT Modernization Centers of Excellence.

GSA issued awards to support each of the five pillars in the administration’s IT modernization efforts: SIE Consulting Group for cloud adoption; McKinsey & Company for IT infrastructure optimization; ICF Incorporated for customer experience; Kaiser Associates for contact center; and ICF Incorporated for service delivery analytics.

Beginning with the Agriculture Department—the testbed agency for the first centers of excellence—the groups will develop strategies to tackle issues within their respective spheres, creating best practices so other agencies can quickly follow suit.

Keep reading this article at: http://www.nextgov.com/it-modernization/2018/03/gsa-awards-first-wave-contracts-white-houses-it-overhaul/146678/

Management of DoD contractor pleads guilty to ‘Made in the USA’ contract fraud

By

The former president and CEO of Wellco Enterprises, Inc. (Wellco) and Tactical Holdings Operations, Inc. (Tactical Holdings), Vincent Lee Ferguson, of Knoxville, Tennessee, has pled guilty to conspiracy to commit wire fraud.

Wellco’s former sales VP, Matthew Lee Ferguson, of Geneva, Illinois, and former marketing director, Kerry Joseph Ferguson, of Houston, Texas, also pled guilty to conspiracy to commit wire fraud.  In addition, Wellco’s former VP of government contracting, Neil Streeter, of Warren, Massachusetts, and former operations manager, Stephanie Lynn (Ferguson) Kaemmerer, of Knoxville, Tennessee, pled guilty to smuggling goods into the United States.

Sentencing has been set for Vincent Lee Ferguson, Matthew Lee Ferguson, and Kerry Joseph Ferguson for June 6, 2018.  Sentencing for Neil Streeter and Stephanie Lynn Kaemmerer is set for June 11, 2018.  Conspiracy to commit wire fraud and smuggling goods into the United States both carry a maximum penalty of 20 years in prison and a fine of up to $250,000.  Each defendant was released pending sentencing.

According to information on file with the U.S. District Court, Wellco was a leading manufacturer and supplier of military footwear to the U.S. Department of Defense (DoD) and to civilian (commercial) customers for over 70 years.  From 2006 through 2012, DoD alone paid in excess of $138 million to Wellco for the supply of combat boots.  Wellco pioneered and patented the first practical method for molding and attaching a rubber sole to a shoe upper in a single operation.  During the Vietnam War, the U.S. Army adopted Wellco technology for the manufacture of its hot-weather boots for the jungles of Vietnam, a boot that became known as the “Vietnam Boot” or the “jungle boot.”   In May, 2007, in a deal involving approximately $22 million, Wellco was acquired by two investment firms, Golden Gate Private Equity, Inc. and Integrity Brands, Inc.  Wellco became a wholly owned subsidiary of Golden Gate’s portfolio company, Tactical Holdings.

In March 2006, Vincent Lee Ferguson was made President and CEO of Wellco.  At that time, he discussed a turnaround plan with Wellco’s Board of Directors for the company to increase commercial sales and “aggressively pursue” sales to the U.S. government.  From December 2008 through August 2012, he conspired with his executive team to import military-style boots that were made in China into the United States and then deceptively market and sell those boots to DoD (and other federal departments and agencies), government contractors, and the general public as “Made in the USA” and as compliant with the Berry Amendment and the Trade Agreements Act (TAA).   The Berry Amendment prohibits DoD from buying clothing that is not grown, reprocessed, reused or produced in the U.S.   The purpose of the Berry Amendment is to protect the viability of America’s textile and clothing production base.  The TAA provides that the government may acquire only “U.S.-made or designated country end products” and requires government contractors to certify that each “end product” meets applicable requirements.

By December 2008, Wellco was manufacturing certain military boot model uppers and insoles in China.  In order to conceal this fact, the conspirators required the Chinese manufacturing facility to include the American flag and “USA” on labels of certain boot uppers.  After two shipments of these deceptively marked boots were detained and seized by the U.S. Department of Homeland Security’s Customs and Border Protection, the conspirators ordered the Chinese facility to stitch tear-away “Made in China” labels in Wellco boot uppers.  After importation, the conspirators instructed Wellco factory workers in Morristown, Tennessee to tear out the “Made in China” tags prior to shipping the boots to government and commercial purchasers.

The defendants marketed and sold these Chinese-made Wellco boots as “Made in the USA.”  They also submitted false certifications to DoD and other federal agencies, and to government contractors that these boots complied with the Berry Amendment and TAA and met certain safety standards, including electrical hazard and blood-borne pathogen protections for U.S. troops.  For example, on August 15, 2012, the defendants submitted a signed “Certificate of Conformance” to a government contractor, representing that Wellco’s boot model S161 was “100% Berry Compliant” and “fully protective against Electrical Hazard,” even though the model was imported from China and not safety tested.  The boots were then supplied to troops stationed at Sheppard Air Force Base in Wichita Falls, Texas.   In total, Wellco sold at least $8.1 million of fraudulent boots.

This case was investigated by Homeland Security Investigations, Defense Criminal Investigative Service, Air Force Office of Special Investigations, General Services Administration Office of Inspector General, and Defense Contract Audit Agency.

Source: https://www.justice.gov/usao-edtn/pr/former-ceo-and-executive-management-defense-contractor-wellco-enterprises-inc-pleads

GSA changes lineup for final ‘Alliant 2 Small Business’ contract

By

The General Services Administration has officially announced the awardees for the Alliant 2 Small Business contract vehicle, dropping three contractors since the pre-award notice in December but adding four more.

The 10-year $15 billion contract gives agencies access to pre-vetted IT services companies—versus the IT commodities on IT Schedule 70.  The vehicle is the small business companion to the $50 billion Alliant 2 Unrestricted which was awarded in November.

GSA officials intended to award 80 spots on the small business vehicle but allowed for a tie in the final position bringing the total to 81.  Almost 500 small business vied for the spots.

Keep reading this article at: http://www.nextgov.com/emerging-tech/2018/02/gsa-changes-lineup-final-alliant-2-small-business/145992/

GSA adds 31 small businesses to OASIS

By

The General Services Administration added 31 companies to its One Acquisition Solution for Integrated Services contract, increasing the number of small businesses offering professional services like program management, management consulting, logistics and more.

The recent addition expands the second pool of OASIS SB contractors from nine to 40 companies, ending the initial on-ramp process. The larger pool will increase competition among firms “while driving down costs for the American taxpayer,” the agency said.

GSA can add more companies through on-ramping at its discretion to address inadequate competition, customer requests or small businesses outgrowing that size designation.

Keep reading this article at: http://www.nextgov.com/cio-briefing/2018/02/gsa-adds-31-small-businesses-oasis/145683/

Changes coming to GSA’s contractor cybersecurity requirements

By

The General Services Administration (GSA) plans to officialize regulations on how contractors should handle and protect sensitive information for federal clients, as well as report any incidents that could put that information at risk.

GSA’s proposed contractor cybersecurity rules changes — a pair of actions included in a Federal Register notice published Jan. 12 — follow in the footsteps of the Pentagon’s move last year to update its acquisition regulations, heightening the security standards of the defense contractors who work with sensitive DoD data.

The actions aren’t exactly new. In part, GSA is putting existing contractor information security requirements through the rulemaking and public comment process so they will be be officially added to the GSA Acquisition Regulation, or GSAR, with any subsequent updates.

Keep reading this article at: https://www.fedscoop.com/changes-coming-gsas-contractor-cybersecurity-requirements/

GTPAC has created a video and a template to help businesses comply with DoD’s cybersecurity requirements.  These new resources appear at: http://gtpac.org/cybersecurity-training-video/

Contracting News

Read More

Contracting Tips

Read More

GTPAC News

Read More

Georgia Tech News

Read More