Georgia Tech Procurement Assistance Center

Contractors and advocacy groups push back on states’ efforts to mandate surveillance software

By

A broad coalition of 14 organizations representing state contractors and issue advocacy groups released an open letter last week opposing legislation that has cropped up in over 30 state legislatures that, if passed, would require government contractors to purchase and install monitoring software.

While varying somewhat from state-to-state, the bills typically require the software to take very specific actions, such as screenshots of all “state-funded activity at least once every three (3) minutes” and logging of “keystroke and mouse event frequency.”  The legislation also demands contractors store that data for years to come.

The groups that signed onto the letter represent contractors in wide-ranging professions, including accountants, technologists and engineers, as well as the health industry and an association representing state legislators. In the letter, they state that the requirements in the bills carry “significant” privacy and data security risks.

“At a time when most states and businesses have worked together to implement stronger data protection standards, this legislation would undermine existing progress, raise costs, and needlessly expose public and private information to new threat vectors,” they wrote.

Keep reading this article at: https://www.nextgov.com/policy/2019/03/contractors-and-advocacy-groups-push-back-state-efforts-mandate-surveillance-software/155818/

Here’s how technology vendors can navigate the legislative branch

By

Congress can be a difficult place for technology vendors to do business.

The legislative branch’s “unique, fragmented and opaque rules” set a barrier to entry that can keep even vendors with experience in other areas of government out of the loop. But a new white paper from Future Congress aims to lay out the rules of the road for vendors and civic hackers who’d like to help Congress function better.

The paper gives a little information on everything from the governance structure of IT in the House and Senate to the acquisition rules and practices that govern the $288 million in IT spending Congress does each year.

Keep reading this article at: https://www.fedscoop.com/future-congress-tech-vendor-white-paper/

Air Force reveals same-day contracting opportunity forum

By

Small businesses will be invited to submit their best solutions to the U.S. Air Force for the opportunity to participate in pitch sessions scheduled for March 6-7, 2019.

Prior to the event, the service will reveal a list of requirements, requesting five-page white papers from organizations describing their products or services. Businesses offering the solutions with most potential will be asked to take part in the two-day event and could receive a one-page contract immediately.

“We did an experiment where we wanted to do 50 contracts in 50 hours. We ended up doing 104 contracts with small business, and that was kind of a dry run [for the upcoming event],” U.S. Air Force Secretary Heather Wilson said.

Prior to what’s being called “pitch day,” the Air Force will describe some of its toughest problems in areas such as software, intelligence and special operations via venues such as LinkedIn and other websites. The service also plans to include an open category so businesses with innovative ideas in other fields can participate.

Keep reading this article at: https://www.afcea.org/content/air-force-reveals-same-day-contracting-opportunity

See Air Force Nov. 13, 2018 announcement posted on Facebook here: https://www.facebook.com/AirForceForum/photos/pcb.1117075248466114/1117075098466129/?type=3&theater 

TSA wants industry input on its proposed agile contract vehicle

By

The Transportation Security Administration is asking industry to weigh in on its strategy for building a bullpen of tech companies the agency could call on to stand up new software applications.

The agency last week issued a special notice detailing its Fast Agile Scalable Teams procurement program, a proposed contract vehicle TSA plans to use to acquire custom software and modernize legacy systems.

Vendors selected under the blanket purchase agreement would be required to apply agile methodology—breaking large projects into smaller chunks, developed in sprints—to build and maintain a suite of enterprisewide software applications.

“In order to successfully execute [its] mission, TSA must have the capability to customize mission support systems [and] develop custom software solutions when no solution is commercially available or from government sources,” the agency wrote in a performance work statement.

Keep reading this article at: https://www.nextgov.com/it-modernization/2018/11/tsa-wants-industry-input-its-proposed-agile-contract-vehicle/152590/

Georgia Tech researchers awarded $7.5 million from ONR for secure stack

By

A team of Georgia Tech researchers from the School of Computer Science (SCS) has been awarded $7.5 million from the Office of Naval Research to develop a customized attack-resistant software stack.

SCS Assistant Professor Bill Harris is the principal investigator on the project and is collaborating with Professors Wenke Lee and Alessandro Orso, Associate Professor Santosh Pande, and Assistant Professor Taesoo Kim.

The researchers are working on a technique for reducing what’s known as the attack surface, the total number of ways in which a program can be vulnerable to exploit. Most general-purpose software includes code that not every user needs, and unused code can create an opportunity for exploit for an attacker. Through this research, users will be able to run software in which unneeded code is removed, thus decreasing the vulnerability of the programs they use.

Lee compares the project to a house. “When you build a house, you only really need one door, but the house may still have multiple doors. The number of doors increases the opportunity to break in,” Lee said. “If you only have one door, your house is more secure.”

In order to do this, the researchers are looking at the full stack of software systems, including applications, operating systems, and possibly Internet of Things devices. They are planning to use static and dynamic analysis techniques to determine which pathways through the system different users need. Each researcher has a specific area of expertise:

  • Pande’s focus on compilers will help determine what essential code must be loaded for each user during application execution.
  • Harris’s expertise with static analysis will provide guarantees that the software maintains its integrity despite removed code.
  • Orso will use dynamic analysis and testing techniques to confirm the modified system still functions as expected.
  • Kim will use his expertise in systems to determine which modules can be removed from the operating system without compromising its functionality.
  • Lee will focus on the aspects related to security and use his expertise to analyze and experiment with malware.

Overall, the five researchers have the set of complementary skills needed for the project to be successful. Over the five-year life of the grant, the researchers expect to develop a series of approaches for reducing attack surface that anyone can use on complex systems, as well on low-level code.

“Going back to the house metaphor, the problem is that different people want to use different doors,” Orso says. “Our research will allow users to customize the house for each person so that it contains only the door that person needs.”

Source: http://www.news.gatech.edu/2018/01/12/georgia-tech-researchers-awarded-75-million-office-naval-research-secure-stack

Company that used Russian coders for Pentagon project strikes deal

By

Russian developers did some of the coding work for a Defense Department software system and stored that code inside a server in Moscow, according to a non-prosecution agreement released Monday.

Those Russian coders only worked on unclassified portions of the Defense Information Systems Agency project, but, in some cases, knew they were helping to develop a highly sensitive system that would attach to Defense Department information networks, according to the agreement between the Justice Department and Netcracker Technology Corp., the subcontractor that hired the Russian coders.

The non-prosecution deal ends a criminal investigation against Netcracker that was led by the Justice Department’s national security division and the U.S. Attorney’s Office for the Eastern District of Virginia.

Keep reading this article at: http://www.nextgov.com/cybersecurity/2017/12/company-used-russian-coders-pentagon-project-strikes-deal/144466/

6 companies score $258 million in supercomputing contracts

By

The Energy Department is investing hundreds of millions of dollars in researching powerful but energy-efficient computers.

The department is awarding $258 million in research contracts to six companies developing supercomputing technology. Over the next three years, those companies are expected to build out the hardware, software and applications for an exascale computing system 50 times faster than today’s most powerful computers, according to the Energy Department. The department is aiming to have one exascale system by 2021.

IBM, Intel, Hewlett-Packard, Advanced Micro Devices, Cray Inc. and NVIDIA were awarded research contracts and are expected to invest hundreds of millions of dollars of their own money, bringing the total cost of the project to about $430 million.

Keep reading this article at: http://www.nextgov.com/emerging-tech/2017/06/6-companies-score-258m-supercomputing-contracts/138769

Oracle to leave GSA schedule: A signal of broader change?

By

GSA logoOracle is leaving the General Services Administration’s schedules program. It’s not going to just stop selling directly through the IT schedule, but the software giant will no longer use third-party resellers either, according to multiple sources.

Let that sink in for a second. One of the largest software vendors in the world is telling GSA, thanks, but we can live without you.

Sources said Oracle decided the GSA schedules just weren’t worth the hassle any longer — the compliance requirements, the potential and real threats of False Claims Act lawsuits and the new Transactional Data Reporting (TDR) rule, all played into this decision.

“The federal market is a very small chunk of their business and while it seems big for us, when you look at someone like Oracle’s overall business, they have to expend an exorbitant amount of resources for little payoff,” said Jennifer Aubel, a principal with Aronson Consulting, who said she wasn’t familiar with Oracle’s decision. “With the TDR and even with not having to do price reduction clause reporting, a company like Oracle would still have to do monthly reporting and there is a lot of concerns, including how GSA will keep the data secure.”

Keep reading this article at: http://federalnewsradio.com/reporters-notebook-jason-miller/2016/09/oracle-leave-gsa-schedule-signal-broader-change/

Government contractors could lose key protection, attorneys warn

By

Supreme CourtUnless overturned by the U.S. Supreme Court, a federal ruling threatens to erode a basic protection enjoyed by businesses that contract with the government, according to veteran litigators with national law firm LeClairRyan.

“The plain language of a contract has always meant precisely what it says, not what the government claims it means,” said Thomas A. Coulter, a shareholder in LeClairRyan’s Alexandria and Richmond, Va., offices. “And yet this fundamental principle of contract law could suffer lasting damage — with potentially far-reaching implications for contractors — if the High Court declines to examine, and ultimately reject, the Air Force’s treatment of our client, Distributed Solutions, Inc.”

LeClairRyan submitted a brief on March 10 asking the Supreme Court to take up the case of Distributed Solutions Inc. v. Deborah Lee James, Secretary of the Air Force (15-1157). The contract dispute hinges on whether the Air Force had a perpetual right to use Distributed Solutions’ proprietary software required to successfully run the multi-million dollar purchasing and contract management support system for over 3,500 Air Force activities that operate using Non-Appropriated Funds.

During the course of negotiations, the government drafted and agreed to clearly worded language indicating that its usage rights for the software were valid only for the life of the five-year contract, Coulter explained. However, toward the end of the contract, the government claimed the right to use the software perpetually — with no obligation to pay licensing fees after the contract had ended.

“The meaning of the phrase ‘[t]his modification [which contained the government’s right to use the software] is valid for the entire life of the contract’– language the Government drafted — is clear and unambiguous,” the attorney said, “Despite acknowledging the clarity of its own language, the government later claimed that the language did not mean what it clearly said.”

Distributed Solutions filed an unsuccessful claim with the Air Force. A review board denied the company’s appeal in August 2014. In the review board’s judgment, Distributed Solutions should have avoided the dispute by better explaining its interpretation of the provision in question. The Federal Circuit upheld this view, which runs counter to time-honored legal principles in contract law, said Stephen M. Faraci, a shareholder in LeClairRyan’s Richmond office.

Unless corrected, these judgments could have far-reaching implications for contractors, the attorney said. “Bear in mind, this language was drafted by the government itself,” Faraci noted. “So does this mean that, moving forward, parties contracting with the government will need to inquire about the meaning of language drafted by the government, regardless of the language’s clarity, to avoid the risk that the government later will reverse itself?”

This new expectation for contractors to question the meaning of clear and unambiguous wording will be particularly onerous to small businesses, which are a significant source of innovation for government operations, according to Coulter.  Such an expectation could deter small businesses from entering into government contracts to avoid the expense of employing attorneys to negotiate each word of the contract in order to ensure they can hold the government to its contractual obligations, he said.

Given that government contracts are already voluminous and complex, often with multiple modification provisions, such an expectation would be unprecedented, unworkable and unwise, added Joseph M. Rainsbury, counsel in LeClairRyan’s Roanokeoffice. “Plain contractual language speaks for itself and has always been sufficient, legally,” he said. “Contractors such as Distributed Solutions should not be expected to read between the lines or to inform the government about their interpretations of clearly worded provisions.”

“Should the judgment stand, contractors with proprietary software will have significant concerns about the business costs/risks of developing counteracting contracting language needed to prevent the government from later arbitrarily reinterpreting the intent of plain language that they have previously agreed to,” said Daniel E. Carr, Founder and CEO of Distributed Solutions, which is a small business. “This is particularly true if software innovation is at the core of what the company is and does,” Carr said. “If a company implements for the government an innovative proprietary solution, it simply must know that this will not involve the sudden, unexpected and unfair loss of its precious intellectual property. This kind of overreach might be commonplace around the world, but it is not supposed to happen in the United States.”

Source: http://www.prnewswire.com/news-releases/government-contractors-could-lose-key-protection-attorneys-warn-300250693.html

Software vendors be warned: The old rules may no longer apply to government

By

Software vendors take notice: The General Services Administration (GSA) is proposing a new rule regarding something arcane but important.

GSA logoGSA has identified 15 terms and conditions common in commercial supplier agreements that it considers incompatible with existing federal law. And where there is a conflict, government’s own commercial terms rule. It’s designed to save everyone time. Vendors won’t have to comb their contracts for offending clauses — they just can’t be enforced.

For now it applies to any GSA contract that includes software. But don’t rule out the possibility of the rule going governmentwide.

For example, GSA is forcing an end to automatic renewals of period-limited software licenses or maintenance agreements. Instead, ordering agencies will award one-year with renewal options to be negotiated and re-awarded in subsequent years. The legal basis for this is that a contracting officer may not obligate funds that have not been appropriated, lest he or she be found in violation of the Anti-Deficiency Act.

Keep reading this article for a complete description of all the nullified terms and conditions: http://www.bizjournals.com/washington/blog/fedbiz_daily/2015/04/software-vendors-be-warned-the-old-rules-may-no.html

Contracting News

Read More

Contracting Tips

Read More

GTPAC News

Read More

Georgia Tech News

Read More