Georgia Tech Procurement Assistance Center

  • Home
  • About Us
  • Training
    • Class Registration
    • On-demand Training
  • Useful Links
  • Team Directory
    • Albany Counselor
    • Atlanta Counselors
    • Augusta Counselor
    • Carrollton Counselor
    • Columbus Counselor
    • Gainesville Counselor
    • Savannah Counselor
    • Warner Robins Counselor
  • Directions
    • Atlanta – Training Facility
    • Atlanta – Office
    • Albany
    • Augusta
    • Carrollton
    • Columbus
    • Gainesville
    • Savannah
    • Warner Robins
  • New Client Application
  • Contact Us

DoD testing secure cloud to help small contractors protect data

April 10, 2019 By Nancy Cleveland

The Pentagon still has deep concerns about thefts of sensitive Defense data from contractor systems. But it’s concluded that simply using contract terms to order firms to improve their security isn’t going to do the job.

So the department is testing ways to extend its own cybersecurity expertise and infrastructure to small and medium-sized businesses who don’t have the wherewithal to adequately secure their systems against nation-state attackers. Specifically, it plans to build a secure cloud to house the Defense data companies need to perform their contracts, instead of requiring them to store it themselves.

DoD’s research and development budget for 2020 includes $15 million for a small project the department terms the Defense Industrial Base (DIB) Secure Cloud Managed Services Pilot. In the early going, the Pentagon plans to make the cloud service available to “a subset” of small and medium companies that “support prioritized, critical DoD missions and programs.”

In contract terms, the department would treat the secure cloud as Government Furnished Equipment (GFE), said Ellen Lord, the undersecretary for acquisition and sustainment.

Keep reading this article at: https://federalnewsnetwork.com/defense-news/2019/03/dod-will-test-secure-cloud/

 

Filed Under: Contracting News Tagged With: cloud, cybersecurity, data protection, data security, DoD, GFE, hackers, small business

Chinese government hackers steal massive amounts of data from Navy contractor computers

June 12, 2018 By Nancy Cleveland

Chinese government hackers have stolen large swaths of highly sensitive data on undersea warfare from a Navy contractor’s computers, The Washington Post reports.

The stolen information includes secret plans to develop a supersonic anti-ship missile to be used by submarines by 2020, American officials told the Post.

The incidents took place in January and February, but officials did not disclose the contractor that was targeted, the newspaper reported Friday.

Although the information was highly sensitive, it was housed on the contractor’s unclassified network, according to the Post.

“Per federal regulations, there are measures in place that require companies to notify the government when a ‘cyber incident’ has occurred that has actual or potential adverse effects on their networks that contain controlled unclassified information,” Navy Lt. Marycate Walsh said in a statement. “It would be inappropriate to discuss further details at this time.”

Keep reading this article at: http://wtkr.com/2018/06/08/wapo-chinese-government-hackers-steal-massive-amounts-of-data-from-navy-contractor-computers/

Filed Under: Contracting News Tagged With: controlled unclassified information, CUI, cyber, cyber incident, cyber incidents, cyberattack, FBI, hack, hackers, investigation, Navy, network services, unclassified information, undersea warfare

GSA tech office launches bug bounty program

May 17, 2017 By Nancy Cleveland

The cybersecurity company that ran a bug bounty program for the Army and is running ongoing programs for the Pentagon and Air Force will run a similar program for the government’s technology user experience wing, that office announced Friday.

The program run by HackerOne will offer cash rewards ranging from $300 to $5,000 to security researchers who spot dangerous vulnerabilities in websites and applications run by the General Services Administration’s Technology Transformation Service.

TTS did not give a start date for the program.

Keep reading this article at: http://www.nextgov.com/cybersecurity/2017/05/gsa-tech-office-launches-bug-bounty-program/137817

Filed Under: Contracting News Tagged With: Air Force, Army, bug bounty, cybersecurity, GSA, hack, hackers, reward

Final federal rule issued on safeguarding contractor information systems

June 17, 2016 By Nancy Cleveland

Federal Contract InformationAfter years of gestation, a final rule was promulgated May 16, 2016 to mandate minimum cyber defenses for companies that do government business. This Federal Acquisition Regulations rule – “Basic Safeguarding of Contractor Information Systems” 81 Fed. Reg. 30439 – seeks to protect the confidentiality and integrity of federal contract information (FCI) that resides in or transits through any contractor information system.

Why this rule?

Agencies are required by the Federal Information Security Modernization Act (FISMA) to protect federal information. The obligation extends to nonpublic information provided by the federal government to its contractors. Unauthorized cyber extraction of federal information has caused genuine injury to national interests. Using this new FAR provision, every federal agency now will require minimum cyber protection for FCI.

What is federal contract information?

FCI is defined as nonpublic information that is “provided for or generated for the government” under a contract to “develop or deliver a product or service to the government, but not including information provided to the public or simple transactional information. The new rule protects “information systems” rather than carefully defined information types, however. If a contractor processes stores or transmits any FCI, its information system becomes subject to minimum enumerated safeguards. Where a contractor information system hosts FCI and other, non-federal information, the rule applies to the whole system.

Keep reading this article at: http://www.federaltimes.com/story/government/solutions-ideas/2016/06/13/far-rule-federal-contractor-information/85825436/

Filed Under: Contracting News Tagged With: cloud, cyber, cybersecurity, cyberthreat, DFARS, DoD, FCI, federal contract information, Federal Register, FISMA, hack, hackers, information technology, NIST, NIST 800-171, small business, technology, vulnerability

DoD invites you (well, some of you) to “Hack the Pentagon” this month

April 7, 2016 By Nancy Cleveland

Last Thursday (March 31, 2016) the U.S. Department of Defense (DoD) announced the launch of a pilot bug-bounty program for the DoD’s public-facing websites.  Called “Hack the Pentagon,” the bounty program will be managed by HackerOne, the disclosure-as-a-service company founded by Alex Rice and Michiel Prins.

Since Hack the Pentagon is a pilot, its budget and duration are fairly modest by DoD standards. The Pentagon has budgeted $150,000 for the month-long bug hunt, which will begin on Monday, April 18 and end by Thursday, May 12. Payouts for accepted bugs will come from HackerOne and will be doled out by June 10.

Hack the Pentagon

Pentagon Press Secretary Peter Cook did not specify which DoD sites would be considered fair game for Hack the Pentagon. “The program will target several DoD public websites which will be identified to the participants as the beginning of the challenge approaches,” he said. “Critical, mission-facing computer systems will not be involved in the program.”

The program is not open to everyone. HackerOne’s page sets out the conditions for those eligible for participation.

Keep reading this article at: http://arstechnica.com/security/2016/04/dod-invites-you-well-some-of-you-to-hack-the-pentagon-this-month/

Filed Under: Contracting News Tagged With: crowdsourcing, DoD, hack, Hack the Pentagon, hackers, incentive, Pentagon, prize, web resources

Why small businesses should care about cybersecurity

January 8, 2016 By Nancy Cleveland

When hacking stories hit the headlines, they’re usually about large companies — organizations that have millions of users. These companies invest huge amounts of money in keeping data secure, so any breach is a serious issue.

A real-time hack attack map can be seen at http://map.norsecorp.com
A real-time hack attack map can be seen at http://map.norsecorp.com

Small businesses and entrepreneurs often neglect cybersecurity, because they assume it’s someone else’s problem, or their data is not worth stealing. But there are lots of reasons why cybersecurity should be priority number one for entrepreneurs.

It’s not good enough to pretend it doesn’t affect you, or claim your operations are too small. And just because you aren’t aware of a hack, doesn’t mean it isn’t happening.

Keep reading this article at: http://www.entrepreneur.com/article/252138

Filed Under: Contracting Tips Tagged With: cyber, cybersecurity, cyberthreat, hack, hackers, small business, vulnerability

Will the Government shred your contract after a hack?

August 14, 2014 By ei2admin

Contractors are concerned they might lose government business for coming forward about suspected internal data breaches, after the unprecedented decision by two departments to halt contracts with a hacked background investigation firm.

It is believed the personal information of Department of Homeland Security (DHS) employees likely was compromised when a suspected nation state penetrated a USIS corporate network.  USIS conducts personnel investigations on behalf of many agencies, including the Office of Personnel Management (OPM).  DHS and OPM temporarily ceased some jobs with USIS after the incident.

OPM did not pause work as a punishment, but rather as a way to protect federal employees until more details about the intrusion are known, agency officials told Nextgov on Friday, August 8, 2014.  But officials said they do not host information with USIS on the same system DHS uses.

DHS has issued stop work orders to temporarily halt activities that involve personal information, until the department can assess the full scope of the potential intrusion and repairs, Homeland Security officials told Nextgov.

Keep reading this article at: http://www.nextgov.com/cybersecurity/2014/08/will-government-shred-your-contract-after-hack/91049

Filed Under: Contracting News Tagged With: contractor performance, data breach, data compromise, DHS, hack, hackers, information technology, IT, OPM, performance standards

Recent Posts

  • Contractors must update EEO poster
  • SBA scorecard shows federal government continues to prioritize small business contracting
  • The risk of organizational conflicts of interest
  • The gap widens between COFC and GAO on late is late rule
  • OMB releases guidance related to small business goals

Popular Topics

8(a) abuse Army bid protest budget budget cuts certification construction contract awards contracting opportunities cybersecurity DoD DOJ False Claims Act FAR federal contracting federal contracts fraud GAO Georgia Tech government contracting government contract training government trends GSA GSA Schedule GTPAC HUBZone innovation IT Justice Dept. marketing NDAA OMB SBA SDVOSB set-aside small business small business goals spending subcontracting technology VA veteran owned business VOSB wosb

Contracting News

SBA scorecard shows federal government continues to prioritize small business contracting

OMB releases guidance related to small business goals

OMB issues guidance on impact of injunction on government contractor vaccine mandate

Changes coming to DOD’s Cybersecurity Maturity Model Certification under CMMC 2.0

Judge issues nationwide injunction halting enforcement of COVID-19 vaccine mandate

Read More

Contracting Tips

Contractors must update EEO poster

The risk of organizational conflicts of interest

The gap widens between COFC and GAO on late is late rule

Are verbal agreements good enough for government contractors?

CMMC 2.0 simplifies requirements but raises risks for government contractors

Read More

GTPAC News

VA direct access program events in 2022

Sandia National Laboratories seeks small business suppliers

Navy OSBP hosting DCAA overview (part 2) event Jan. 12, 2022

Navy OSBP hosting cybersecurity “ask me anything” event Dec. 16th

State of Georgia hosting supplier systems training on January 26, 2022

Read More

Georgia Tech News

Undergraduate enrollment growth reflects inclusive excellence

Georgia Tech delivers $4 billion in economic impact to the State of Georgia

Georgia Tech awards first round of seed grants to support team-based research

Georgia Tech announces inaugural Associate Vice President of Corporate Engagement

DoD funds Georgia Tech to enhance U.S. hypersonics capabilities

Read More

  • SAM.gov registration is free, and help with SAM is free, too
APTAC RSS Twitter GTPAC - 30th Year of Service

Copyright © 2023 · Georgia Tech - Enterprise Innovation Institute