Quick Study


Quick Study

By Brian Robinson

View all blogs

DOD blacklist authority could go too far, say small-biz advocates

Business advocates are charging the Defense Department with redlining the government contracting business to the extent that the 2011 Defense Authorization bill would allow DOD officials to secretly blacklist contractors and bar them from doing any business with the federal government.

In particular, they say this “blatant power grab” by agency heads could end up significantly harming small-business contracting because it could lead to the concentration of contracting dollars in the hands of just a small number of big companies.

The American Small Business League (ASBL) recently went public with its concerns in a dispatch from Communications Director Chris Gunn in The Exception magazine.

“Small-business advocates are concerned that DOD’s determination will be shared with each agency where the company competes as a prime contractor or subcontractor,” Gunn writes. “This could lead to the broad-based exclusion of contractors from federal contracting programs without due process.”

That could be a sensitive issue with the new Congress. Government agencies have specific small-business set-aside targets, but small-business advocates consistently complain that agencies are not doing enough to meet those goals. And last year, things came to a head in Congress over charges of fraud in the Small Business Administration’s set-aside programs, which allegedly cost small companies some $100 million worth of business.

According to Gunn, ASBL estimates that more than $100 billion in federal small-business contracts are diverted away from such companies every year, with many large companies — such as Boeing, Lockheed Martin and Northrop Grumman — receiving the contracts instead.

ASBL has legs when it comes to making its concerns known and paid attention to. Earlier in the year, it sued the government for muddling its small-business contracting data, thereby reducing the transparency of government contracting. Groups had used that data to uncover fraud in the past, ASBL said.

And in November, the group sued the Homeland Security Department for refusing to release subcontracting reports on contracts it had awarded to Boeing.

A big part of the beef ASBL and others have with the new Defense bill is that they say it will allow DOD to blacklist companies without notifying those companies. And it protects the blacklist from disclosure requirements that would be part of a Freedom of Information Act request, a protest to the Government Accountability Office or action in federal court.

Posted on Dec 14, 2010 at 7:27 PM3 comments


Teetering on the brink of critical infrastructure protection

Are the ducks finally lining up on cybersecurity? The recent memorandum of agreement between the departments of Defense and Homeland Security, who for years have been butting heads on cybersecurity responsibilities, is one positive sign.

If we depart from the cynical view, which would have this as nothing more than window dressing for the public and Congress, then we can expect better coordination and information sharing between the two departments going forward. Hopefully, that ultimately means a much better approach to protecting critical infrastructures.

And none too soon. The Stuxnet worm that reportedly devastated Iran’s energy infrastructure is being seen as the most visible evidence of a trend toward more “professional” coding of malware aimed at country’s infrastructures. Some are calling it the blueprint for a new generation of cyberweapons that will be used in a rapidly developing Cyber War.

A DOD official was quoted as saying the agreement with DHS was needed because the United States doesn’t have either the time or the money to develop cyberdefenses twice over. DHS Secretary Napolitano and DOD Secretary Gates called it the beginning of a new framework for coordination and joint program planning between the departments.

If this all works out as planned then it will be quite few steps on from where the public perception is right now, with a large majority in a recent Narus poll saying government is wildly unprepared to defend against cyberattacks. Industry didn’t fare much better.

How much does this positive outweigh the negatives? Good question. Symantec’s 2010 Critical Information Infrastructure Protection survey reported that more than half of America’s infrastructure providers have experienced politically-motivated cyberattacks. Those were presumably made by the kinds of people who launched Stuxnet, not the relatively unsophisticated hacker stuff that predominated in years past. And it’s likely to only get worse.

Outside of the feds and industry, state and local governments also have a big responsibility for critical infrastructure, of course, and they are getting hammered by the recession. A new study found that nearly four-fifths of state chief information security officers reported stagnant or slashed budgets that pose “a serious problem that stifles their ability to adequately handle growing internal and external threats.”

So which is it? Are we marching forward, falling back, or staggering to a standstill?

Posted on Oct 14, 2010 at 7:27 PM2 comments


Administration's wiretapping push could damage cloud security

In another case of unintended consequences, now come warnings that the Obama administration’s call to Internet service providers and other firms to make it easier for the FBI to tap into online communications could damage attempts to tighten security in the cloud.

Security research firm Securosis says that the proposal, which is aimed at denying terrorists and other groups the advantage of encrypted communications, will create “a single point of security failure within organizations and companies that don’t have the best security track record to begin with.”


Related stories:

Big Brother wants to surf the Net with you

Why cybersecurity experts can never rest

Security washes out cloud savings

Who owns data in the cloud? The answer could get tricky.


The administration’s proposal specifically targets peer-to-peer communications, requiring companies that deliver these types of services to redesign them to allow interception. There’s only a limited number of ways to do that, Securosis says, and each of them creates new opportunities for security failures. Those failures are also likely to be detectable by bad guys with some fairly basic techniques, it says.

ReadWriteWeb, which provided the initial link to the Securosis post, points out that means nothing but trouble for cloud providers. Instead of locking the cloud down tighter, this proposal would create an always-open backdoor into the cloud.

Government clouds are mostly behind the firewall now, but at some point they’ll have to connect to public services if they want to make full use of the cloud. If Securosis is right, the administration’s proposal might serve to throttle the use of the cloud by the feds, who are paranoid about its security, at the same time that the White House is trying to promote it.

 

Posted on Sep 29, 2010 at 7:27 PM4 comments


What is your e-mail address?

My e-mail address is:

Do you have a password?

Forgot your password? Click here
close
SEARCH
contracts DB

Trending

  • Dive into our Contract Award database

    In an exclusive for WT Insider members, we are collecting all of the contract awards we cover into a database that you can sort by contractor, agency, value and other parameters. You can also download it into a spreadsheet. Read More

  • Is SBA MIA on contractor fraud? Nick Wakeman

    Editor Nick Wakeman explores the puzzle of why SBA has been so silent on the latest contractor fraud scandal when it has been so quick to act in other cases. Read More

Webcasts

  • How Do You Support the Project Lifecycle?

    How do best-in-class project-based companies create and actively mature successful organizations? They find the right mix of people, processes and tools that enable them to effectively manage the project lifecycle. REGISTER for this webinar to hear how properly managing the cycle of capture, bid, accounting, execution, IPM and analysis will allow you to better manage your programs to stay on scope, schedule and budget. Learn More!

  • Sequestration, LPTA and the Top 100

    Join Washington Technology’s Editor-in-Chief Nick Wakeman as he analyzes the annual Top 100 list and reveals critical insights into how market trends have impacted its composition. You'll learn what movements of individual companies means and how the market overall is being impacted by the current budget environment, how the Top 100 rankings reflect the major trends in the market today and how the biggest companies in the market are adapting to today’s competitive environment. Learn More!