NIST looks to reengineer thinking about cyber

The National Institute of Standards and Technology is set to release an overhauled systems security engineering document it hopes will change the way software and computer designers think about cybersecurity.

An updated draft of NIST’s 800-160 document will be released for public comment on May 4. According to its lead author, Dr. Ron Ross, the new 800-160 will kick off a difficult discussion over not only how federal agencies approach cybersecurity, but also how U.S. business and general population should think about it — not just as an add-on, but as an foundational component of any technology that touches the Internet.

Continue reading:

311 app works across jurisdictions

A new mobile app lets users lodge complaints or submit service requests to local governments — even as they move across municipalities.

The main feature of Public Service Request’s app, released March 30, is multijurisdiction functionality. It means that as people travel from city to city, county to county and state to state, they can use the same app to contact multiple government organizations — as long as those governments are customers of PSR’s customer relationship management and work management system.

“If I’m in Madison, [Wis.], it knows I’m in Madison,” PSR Managing Partner Dave Robbins said. “If Madison wants it to be branded, then the app’s going to have Madison branding – whatever colors, their Madison logo or seal. … If I drive or I walk into [the city of] Fitchburg, that changes to Fitchburg. If I walk out of Fitchburg and I’m not in city limits and I’m in the county, it will change to the county.”

Continue reading:

Feds Prep for Cybersecurity Buying Spree

The U.S. government’s objectives for improving cybersecurity are taking shape in updated contracting procedures, contracts and projected increases in spending. Several recent developments have underscored the federal commitment to bolstering the protection of IT resources.

On the contracting front, the General Services Administration has asked vendors to respond by Wednesday to a research survey on what it should do to expedite federal acquisition of cybersecurity products and services. The quick-turnaround survey was released earlier this month.

Information from the survey will be used to develop contracting vehicles to help federal agencies “procure both proactive and reactive cybersecurity services, such as penetration testing, incident response and security engineering to include post-incident or post-assessment remediation,” said Shon Lyublanovits, acting director of the Federal Acquisition Service for Strategic Solutions and Security Services. FAS is a unit of GSA.

Continue reading:

Lawmakers concerned about aftermath of an electrical grid cyberattack

Lawmakers want to know what contingency plans are in place in the event of a large-scale cyberattack on critical electrical grid infrastructure. At an April 14 House hearing on the subject, they were especially interested in how federal agencies would work with local and state officials in such an emergency.

“The federal government does not have this basic planning scenario for a cyber threat to the power system,” Rep. Lou Barletta (R-Pa.) said at the hearing, which was held by the House Transportation and Infrastructure Committee’s Subcommittee on Economic Development, Public Buildings and Emergency Management. “[T]here is a huge disparity in what different groups think is a potential scenario for which states and local governments should prepare.”

Barletta, who chairs the subcommittee, and several other members pressed the witnesses on what the consequences would be if power was out for weeks or even months because of a cyberattack. Oregon Rep. Peter A. DeFazio, the panel’s ranking Democrat, voiced concerned about the loss of transformers and what the federal government can do to prepare, since it can take months for a replacement transformer to be ordered, built, delivered and installed.

Continue reading:

Small businesses: Don’t overlook your digital marketing strategy

Recently I have had the opportunity to speak at two business to government events focused on small business issues. At each of these events I spoke with several small business owners who had common issues, to wit: I don’t need marketing, I need more (fill in the blank with: sales, contracts, task orders or sub-contracts).

This has been a common complaint since I started my company in 1985. Marketing, it seems, is superfluous and is not required to win more business, get contracts or sub-contracting agreements, or to drive sales. Apparently all you need to do is be in business and customers will appear.

There is a significant disconnect here that must be addressed.

Continue reading:

Cyber criminals target Wisconsin manufacturers for secrets, harm

Eric Isbister learned, in an unusual way, that his company’s website was vulnerable to an attack when it was hijacked by someone selling leather jackets.

Isbister is president of GenMet, a Mequon metal fabrication company that’s not in the leather apparel business, yet someone was using the GenMet site for that purpose.

“I don’t know exactly how he did that, but he can’t do it anymore,” Isbister said about putting a stop to the shenanigans.

Continue reading:

Federal Contract Spending Shows Signs of a Possible Rebound

Agency spending on top contractors dipped by 2 percent in fiscal 2015, its smallest annual decline in four years, according to the 2016 Federal Scorecard released April 15 by the Arlington, Va.-based business data intelligence firm Govini.

The fact that half of all agencies—notably the Navy—boosted contract spending is a sign of a “rebound, or spending stabilization, as agency funding solidified,” said Govini founder and CEO Eric Gillespie.

The scorecard reports on 277 vendors working for 24 agencies and is available as a table-tent hard copy. It offers a unique measure of contractor performance and agency spending using the company’s proprietary metrics. “This is a big data approach to reveal market insights,” Gillespie said. “While budget data shows where the government claims it will spend, the scorecard shows what was actually spent and indicates future spending trends.”

Continue reading:

Implications of Cyber Clauses in Contracts

On August 26 and December 30, the Department of Defense issued interim rules that greatly expanded the obligations imposed on defense contractors for safeguarding covered defense information and for reporting cybersecurity incidents.

It is especially important for contractors to address compliance now because a government-wide federal acquisition rule is expected later this year and similar requirements are likely to be imposed outside of the Defense Department.

Continue reading:

Senator: How is OMB helping agencies buy cybersecurity tools?

The federal contracting process is often a quagmire. But when it comes to cybersecurity — a space where the technology advances daily and the adversary adapts even faster — time is of the essence.

To find out how agencies are addressing this problem, Sen. Tom Carper, D-Del., ranking member of the Senate Homeland Security and Governmental Affairs Committee, drafted a letter to Office of Management and Budget Director Shaun Donovan asking specific questions about the acquisition process and the government’s ability to work around roadblocks.

Continue reading:

Governments Struggle to Root Out Fake Minority Contractors

Margie Sollinger knew something wasn’t right about the companies doing business with Portland, Ore. As the city’s ombudsman, Sollinger had for some time been hearing from business owners about fraud in the city’s minority- and women-owned contracting program. But it wasn’t until she received a specific complaint in 2013 — about a certified minority-owned construction firm doing work for Portland’s housing authority — that she decided to take action. According to the complaint, the firm was merely acting as a pass-through, winning valuable city contracts and then subcontracting the work out to nonminority companies.

Like many cities and states, Portland has a program allowing it to give special consideration to women- and minority-owned companies when handing out government contracts. The goal, of course, is to help support traditionally disadvantaged companies by giving them a leg up. But as Sollinger began to discover, the city wasn’t necessarily helping the firms it thought it was.

Continue reading: