Georgia Tech Procurement Assistance Center

GSA tech office launches bug bounty program

By

The cybersecurity company that ran a bug bounty program for the Army and is running ongoing programs for the Pentagon and Air Force will run a similar program for the government’s technology user experience wing, that office announced Friday.

The program run by HackerOne will offer cash rewards ranging from $300 to $5,000 to security researchers who spot dangerous vulnerabilities in websites and applications run by the General Services Administration’s Technology Transformation Service.

TTS did not give a start date for the program.

Keep reading this article at: http://www.nextgov.com/cybersecurity/2017/05/gsa-tech-office-launches-bug-bounty-program/137817

Final federal rule issued on safeguarding contractor information systems

By

Federal Contract InformationAfter years of gestation, a final rule was promulgated May 16, 2016 to mandate minimum cyber defenses for companies that do government business. This Federal Acquisition Regulations rule – “Basic Safeguarding of Contractor Information Systems” 81 Fed. Reg. 30439 – seeks to protect the confidentiality and integrity of federal contract information (FCI) that resides in or transits through any contractor information system.

Why this rule?

Agencies are required by the Federal Information Security Modernization Act (FISMA) to protect federal information. The obligation extends to nonpublic information provided by the federal government to its contractors. Unauthorized cyber extraction of federal information has caused genuine injury to national interests. Using this new FAR provision, every federal agency now will require minimum cyber protection for FCI.

What is federal contract information?

FCI is defined as nonpublic information that is “provided for or generated for the government” under a contract to “develop or deliver a product or service to the government, but not including information provided to the public or simple transactional information. The new rule protects “information systems” rather than carefully defined information types, however. If a contractor processes stores or transmits any FCI, its information system becomes subject to minimum enumerated safeguards. Where a contractor information system hosts FCI and other, non-federal information, the rule applies to the whole system.

Keep reading this article at: http://www.federaltimes.com/story/government/solutions-ideas/2016/06/13/far-rule-federal-contractor-information/85825436/

DoD invites you (well, some of you) to “Hack the Pentagon” this month

By

Last Thursday (March 31, 2016) the U.S. Department of Defense (DoD) announced the launch of a pilot bug-bounty program for the DoD’s public-facing websites.  Called “Hack the Pentagon,” the bounty program will be managed by HackerOne, the disclosure-as-a-service company founded by Alex Rice and Michiel Prins.

Since Hack the Pentagon is a pilot, its budget and duration are fairly modest by DoD standards. The Pentagon has budgeted $150,000 for the month-long bug hunt, which will begin on Monday, April 18 and end by Thursday, May 12. Payouts for accepted bugs will come from HackerOne and will be doled out by June 10.

Hack the Pentagon

Pentagon Press Secretary Peter Cook did not specify which DoD sites would be considered fair game for Hack the Pentagon. “The program will target several DoD public websites which will be identified to the participants as the beginning of the challenge approaches,” he said. “Critical, mission-facing computer systems will not be involved in the program.”

The program is not open to everyone. HackerOne’s page sets out the conditions for those eligible for participation.

Keep reading this article at: http://arstechnica.com/security/2016/04/dod-invites-you-well-some-of-you-to-hack-the-pentagon-this-month/

Why small businesses should care about cybersecurity

By

When hacking stories hit the headlines, they’re usually about large companies — organizations that have millions of users. These companies invest huge amounts of money in keeping data secure, so any breach is a serious issue.

A real-time hack attack map can be seen at http://map.norsecorp.com
A real-time hack attack map can be seen at http://map.norsecorp.com

Small businesses and entrepreneurs often neglect cybersecurity, because they assume it’s someone else’s problem, or their data is not worth stealing. But there are lots of reasons why cybersecurity should be priority number one for entrepreneurs.

It’s not good enough to pretend it doesn’t affect you, or claim your operations are too small. And just because you aren’t aware of a hack, doesn’t mean it isn’t happening.

Keep reading this article at: http://www.entrepreneur.com/article/252138

Here is Air Force’s $49.5 million plan to outsource cyberweapon and counterhack software

By

The Air Force is finalizing a $49.5 million plan to hire private sector coders who, by developing software, can sabotage adversary computer systems and thwart incoming hack attacks.

An official contract for the “Offensive Cyberspace Operations Defensive Cyberspace Operations Real-Time Operations and Innovation Cyber Development Custom Software Engineering Services” program is slated for publication Jan. 29, 2016.

SHELTER, the nickname for the mouthful of a project title, is a 5.5-year deal that would add to the Defense Department’s growing arsenal of cyberweapons.

Keep reading this article at: http://www.nextgov.com/cybersecurity/2015/12/here-air-forces-495m-plan-outsource-cyberweapon-counterhack-software/124066

See draft RFP Documents for Offensive Cyber Operations (OCO)/Defensive Cyber Operations (DCO) and Real Time Operations and Innovation (RTO&I) Shelter Project at: https://www.fbo.gov/?s=opportunity&mode=form&tab=core&id=b76b22fac14eef97d94e90ee8cd4d982&_cview=0.  Interested Contractors may submit questions concerning the draft RFP no later than 3:00 pm CST on 18 December 2015.

Contractors want guidance from Feds on OPM hack

By

Like federal employees, federal contractors are waiting for agencies to explain exactly what the OPM data breach affecting 4 million employees means for them.

OPM“Everyone’s on standby to find out if they are impacted,” said Pam Walker, senior director for homeland security at the information industry’s IT Alliance for Public Sector. “I know companies are working with OPM” and the Office of Management and Budget, which is preparing governmentwide cybersecurity guidance. Much of the governmentwide work, Walker notes, was in progress before the OPM breach.

Contractor representatives say they’re monitoring the National Archives and Records Administration, whose Information Security Oversight Office posted a proposed rule in the Federal Register last month to update policy detailing how agencies should designate, safeguard, disseminate and dispose of information that by law or regulation is sensitive but not formally classified.

Keep reading this article at: http://www.govexec.com/contracting/2015/06/contractors-await-guidance-feds-opm-hack/115120

Contractors, expect 72-hour rule for disclosing corporate hacks

By

Look for the whole government to take a page from the Pentagon and require that firms notify their agency customers of hacks into company-owned systems within three days of detection, procurement attorneys and federal officials say.

Right now, vendors only have to report compromises of classified information and defense industry trade secrets. The trade secret rule is new and covers breaches of nonpublic military technological and scientific data, referred to as “unclassified controlled technical information.”

That new reporting requirement kicked in Nov. 18, 2013 and applies to all military contracts inked since.

Keep reading this article at: http://www.nextgov.com/cybersecurity/2014/09/contractors-expect-72-hour-rule-disclosing-corporate-hacks/95399/

Will the Government shred your contract after a hack?

By

Contractors are concerned they might lose government business for coming forward about suspected internal data breaches, after the unprecedented decision by two departments to halt contracts with a hacked background investigation firm.

It is believed the personal information of Department of Homeland Security (DHS) employees likely was compromised when a suspected nation state penetrated a USIS corporate network.  USIS conducts personnel investigations on behalf of many agencies, including the Office of Personnel Management (OPM).  DHS and OPM temporarily ceased some jobs with USIS after the incident.

OPM did not pause work as a punishment, but rather as a way to protect federal employees until more details about the intrusion are known, agency officials told Nextgov on Friday, August 8, 2014.  But officials said they do not host information with USIS on the same system DHS uses.

DHS has issued stop work orders to temporarily halt activities that involve personal information, until the department can assess the full scope of the potential intrusion and repairs, Homeland Security officials told Nextgov.

Keep reading this article at: http://www.nextgov.com/cybersecurity/2014/08/will-government-shred-your-contract-after-hack/91049

Contracting News

Read More

Contracting Tips

Read More

GTPAC News

Read More

Georgia Tech News

Read More