Georgia Tech Procurement Assistance Center

SolarWinds hack proves contractors need to be prepared for APTs

By

If you don’t know about SolarWinds, then you haven’t been reading the news for the past six months.  Last October 2020, it was reported that a widely-used networking tool that helps companies in the public and private sectors manage their Information Technology (IT) portfolios – SolarWinds Orion product — had been compromised.  Publicly, it has been reported that about 18,000 private and government users downloaded the tainted software update, and it provided Russian hackers access to their systems.  The hack hit Federal agencies, including the Departments of Treasury, Commerce, and State, the Department of Homeland Security (DHS), National Security Agency, and parts of the Pentagon, as well as public and private sector companies.  The breadth and depth of this hack are still being assessed.

Continue reading at:  Government Contracting Matters

Here are the NSA general counsel’s cybersecurity warnings

By

The U.S. government needs to do more to protect itself in cyberspace as adversaries’ technological capabilities rise, according to the departing general counsel of the NSA.

Glenn Gerstell, who is leaving the NSA later this year, said the expanding threat landscape — caused by the combination of nation-state’s capabilities and the onset of technologies such as 5G, artificial intelligence and the internet of things — presented several challenges that the intelligence community must grapple with long after he leaves the agency.

“It is almost impossible to overstate the gap between the rate at which the cybersecurity threat is getting worse relative to our ability to effectively address it,” Grestell said at an American Bar Association event Jan. 15.

Continue reading at:  Fifth Domain

“Workin’ 9 To 5” –but not in a government office: Requesting a debriefing

By

In Exceptional Software Strategies, Inc., B-416232, the Government Accountability Office (GAO) recently addressed the obscure rules for when a disappointed offeror must request a debriefing.

It’s generally well known that, in procurements where offerors may have a right to debriefings, a disappointed offeror must submit a written request to the contracting officer within three days after receipt of written agency notice that the company’s proposal has been excluded from the competitive range (FAR 15.505(a)(3)).

If an offeror misses the deadline, it does not necessarily mean it won’t get a debriefing, but any debriefing will not be “required.”

In Exceptional Software, on Thursday, March 15, the National Security Agency (NSA) provided the protester with written notice that its proposal was excluded from the competitive range and provided a brief rationale for that exclusion. Under FAR 15.505(a)(3), the offeror then had three days – until Monday, March 19 – to request a debriefing. (When the third day falls on a weekend or holiday, the deadline always moves to the next business day.) On Monday at 4:59 p.m., the offeror submitted its written request for a debriefing, which the NSA provided on April 2.  Four days later, the offeror protested.

Under the GAO’s debriefing exception, a protest is timely if it is filed either within 10 days after the protester knew or should have known of the basis of protest, or within 10 days after the close of a required debriefing.

Keep reading this article at: http://www.mondaq.com/article.asp?articleid=728628

Federal contractor sentenced for removing and transmitting classified materials

By

Reality Winner was sentenced yesterday to five years and three months in prison for removing classified national defense material from a government facility and mailing it to a news outlet.

Winner was arrested by the FBI at her home in Augusta, Georgia on June 3, 2017.  The parties filed a plea agreement on June 21, in which Winner agreed to plead guilty to the one-count indictment charging her with unlawful retention and transmission of national defense information.  The parties agreed that a sentence of imprisonment for 63 months followed by a three-year term of supervised release is the appropriate disposition of the case.  The Court accepted the plea agreement at sentencing.

Winner was a contractor assigned to a unit of Fort Gordon in Georgia. She had been employed at the facility since on or about Feb. 13, 2017, and held a TOP SECRET//Sensitive Compartmented (SCI) clearance during that time.  Prior to that position, Winner had served in the U.S. Air Force from 2010-2016 and held a TOP SECRET//SCI security clearance.

  • Evidence presented at the change of plea hearing established that on or about May 9, 2017, Winner printed an intelligence report that was classified at the TOP SECRET//SCI level, and she removed it from the facility where she worked.  Information may be classified as TOP SECRET if its unauthorized disclosure can reasonably be expected to cause exceptionally grave damage to the national security of the United States.
  • Later on May 9, Winner unlawfully transmitted a hard copy of the intelligence report to an online news outlet. The intelligence report revealed the sources and methods used to acquire the information contained in the report, which, if disclosed, would be harmful to the United States and valuable to our adversaries.

Indeed, Winner, in an interview with the FBI on June 3, 2017, admitted knowing at the time she stole and transmitted the intelligence report that it contained information about intelligence sources and methods, which information she knew was valuable to adversaries of the United States.  Further, the information contained in the intelligence report had not been released to the public at the time Winner retained it and transmitted it to the online news outlet.  Winner, who had received training regarding the proper handling, marking, transportation, and storage of classified information, knew that she was not permitted to remove the intelligence report from the facility where she worked, retain it, or transmit it to the news outlet.

The investigation of this case was conducted by the FBI.

Source: https://www.justice.gov/opa/pr/federal-government-contractor-sentenced-removing-and-transmitting-classified-materials-news

See earlier article on this subject at: https://gtpac.org/2018/06/30/contractor-employee-pleads-guilty-to-espionage-in-connection-with-nsa-data-leak/

GAO: Agency closing time is 4:30 pm, not 5:00 pm

By

Unless an agency designates different business hours, the Federal Acquisition Regulation (FAR) says that a government agency is deemed to close at 4:30 p.m. local time–not 5:00 p.m., as it would be easy to assume.

In a recent case, the 4:30 p.m. closing time cost an unsuccessful offeror a chance at a GAO protest because the offeror’s debriefing request, sent to the agency at 4:59 p.m., was deemed untimely.

The GAO’s decision in Exceptional Software Strategies, Inc., B-416232 (July 12, 2018) involved an NSA solicitation seeking to award up to six IDIQ contracts for the definition, prototyping, development, and production of visualization and presentation tools.  Thirteen offerors, including Exceptional Software Strategies, Inc., submitted initial proposals.

The evaluation panel determined that ESS’s proposal was unacceptable under one of the non-price factors.  On Thursday, March 15, 2018, NSA informed ESS that its proposal had been excluded from the competitive range.  The letter explained that ESS had been found unacceptable, and the reasons why.

Keep reading this article at: http://smallgovcon.com/gaobidprotests/gao-agency-closing-time-is-430-p-m-not-500-p-m/

Contractor employee pleads guilty to espionage in connection with NSA data leak

By

U.S. Air Force veteran Reality Winner — the first person prosecuted by the Trump administration for leaking government information — pleaded guilty Tuesday to espionage for leaking a classified document detailing Russian efforts to hack into state election systems to an online news magazine.

“She pled guilty to willful retention and transmission of national defense information,” said Billie Jean Winner-Davis.

Winner’s lead defense attorney, Baker Donelson partner and former general counsel of the U.S. Department of Homeland Security Joe Whitley, said in a written statement after Winner’s plea, “She has taken this matter seriously, and has made a very difficult decision that will no doubt impact the rest of her life.”

“Obviously, her final sentencing is still pending, and she has a number of conditions and restrictions in her plea agreement that she is committed to honoring,” Whitley said. “However, Reality wishes to thank the numerous individuals and organizations who have supported her through this process.”

Winner, jailed without bond since her arrest more than a year ago at her Augusta, Georgia, home, pleaded guilty as part of a deal with federal prosecutors, who recommended a 63-month sentence followed by three years of supervised release, Winner-Davis said.

Keep reading this article at: https://www.law.com/dailyreportonline/2018/06/26/reality-winner-pleads-guilty-to-espionage-faces-potential-5-year-sentence/

Counterintelligence chief: Contractors ‘kicking butt’ in combating insider threats

By

Though some of the most damaging exposures of classified material have come from companies working for the federal government in recent years, the intelligence community’s 100,000 contractors overall “are kicking butt” in helping agencies head off insider threats, the nation’s top counterintelligence chief said on Monday.

Anticipating threats “is a team sport,” Bill Evanina, the government’s national counterintelligence executive, told a gathering of the Intelligence and National Security Alliance, a nonprofit group made up of contractors and former intelligence officials. “The only way to win is a partnership, a whole-of-government, whole-of-country approach” that includes contractors and the news media as well.

“We have to get back to patriotism,” he said.

Despite incidents involving National Security Agency contractors such as Edward Snowden and Howard Martin, “we need to eliminate with urgency the idea that most insider threats are contractors,” Evanina said. “There’s no evidence” either for that, he said, or for the common notion that “millennials want to be leakers.”

Keep reading this article at: http://www.govexec.com/defense/2017/04/counterterrorism-chief-contractors-kicking-butt-combating-insider-threats/136904

In a first, NSA advertises work for small companies that develop ‘innovative technologies’

By

The National Security Agency (NSA) has begun recruiting spy-tech inventors on the Monster.com of Beltway contractor jobs.

National_Security_AgencyThe agency posted a special notice to FedBizOpps.gov, right before the holidays, advertising work for small companies that develop “innovative technologies.”

An NSA spokesman told Nextgov last week, “NSA’s posting on FedBizOpps is intended to reach out to vendors that may not know how to do business with the agency and to direct vendors to NSA’s website for more information.”

The Dec. 17 notice is short on specifics and long on administrative procedures. The one-paragraph post offers few details on the broad agency announcement for “innovative mission capabilities.” Would-be covert developers must apply for online access to at least two restricted websites for more information. But the listing does provide the name, phone number and email address of the contracting officer.

The FedBizOpps.gov publicity is a first for NSA. In fact, the agency’s website, as of Dec. 31, stated that “NSA does no ‘open’ procurements; therefore, you will never see an NSA requirement on FEDBIZOPS (sic).”

Keep reading this article at: http://m.nextgov.com/cybersecurity/2015/12/first-nsa-advertises-opportunities-monstercom-federal-contracting/124799

Augusta man pleads guilty to filing false timesheets on NSA subcontract

By

Jesse James Anderson, 34, of Augusta, Georgia pled guilty last week to a charge that he made false statements, in violation of 18 U.S.C. § 1001.  The false statements concerned the number of hours he worked for a National Security Agency (NSA) subcontractor.

NSAAccording to evidence presented during the guilty plea hearing, Anderson worked as a linguist for an NSA subcontractor from February 1, 2012 to January 31, 2014.  During this time, Anderson submitted numerous timesheets falsely stating the number of hours he had worked.  In total, Anderson claimed he worked 736.25 more hours than he actually did, which caused the United States to pay out $69,276.55 more than was actually owed.

United States Attorney Edward J. Tarver said, “False claims submitted to the United States for payments not owed is theft and should be punished to the full extent of the law.  Protecting taxpayer money is a top priority for this United States Attorney’s Office.”

Anderson faces a maximum penalty of 5 years in prison and a $250,000.00 fine.  In addition, the Court can order Anderson to pay restitution in the amount of $69,276.55.

NSA Office of Inspector General Investigator Kristen M. McGrath conducted the investigation which led to the information and plea.  Assistant United States Attorney C. Troy Clark is prosecuting the case on behalf of the United States.

Source: http://www.justice.gov/usao-sdga/pr/former-employee-nsa-subcontractor-pleads-guilty-filing-false-timesheets

What are your odds of getting a security clearance?

By

Is it easy to get a security clearance? It depends on who you ask.

Among the uncleared population there sometimes is a misperception that anyone can get a clearance, based on the millions of clearance-holders out there. In 2013, Director of National Intelligence James Clapper criticized the size of the cleared workforce in a memo that called for reducing the number of individuals with access to intelligence. Recently released figures show a 12 percent decline in the size of the cleared workforce.

Those who have gone through the security clearance process understand the significant headaches involved in both the initial background investigation as well as periodic reinvestigations. Obtaining a security clearance is no easy task, and not everyone who applies will be granted access.

To see a full-size infographic on the value of a security clearance, visit: http://www.clearancejobs.com/files/infographic.html.
To see a full-size infographic on the value of a security clearance, visit: http://www.clearancejobs.com/files/infographic.html.

Keep reading this article at: http://www.govexec.com/excellence/promising-practices/2015/05/what-are-your-odds-getting-security-clearance/113362/

Contracting News

Read More

Contracting Tips

Read More

GTPAC News

Read More

Georgia Tech News

Read More