It’s easy to forget that roughly a year ago, Equifax was hacked, which compromised the personal information of roughly 145.5 million individuals. The scope of the breach was concerning for a number of reasons, not the least of which was the fact that Equifax was providing identity verification services for three federal agencies at the time it was attacked.
In a recent report, GAO reviewed how these agencies responded to the attack. While not making any specific recommendations at this time, GAO’s report does highlight the extent to which federal agencies were not fully prepared for cyberattacks on private contractors.
Because of a recent cyber attack on the System for Award Management, the Federal Service Desk is requiring new contractors to submit a signed notarized letter in order to be registered. Later this month, existing registrants seeking to update or renew profiles will have to do the same.
This move comes after the General Services Administration acknowledged on March 22 that the inspector general is looking into a hack of the SAM.gov database, in which the hackers changed the banking information for “a limited number” of contractors.
Whether you are an active small business federal contractor, or an entrepreneur still getting your business off the ground, you are going to need a cybersecurity plan. Many DoD contractors, in particular, face a pending deadline to comply with NIST 800-171, as mandated by DFARS 252.204-7012.
The Kansas SBDC Cybersecurity Center for Small Business wants to help.
I am headed back to Kansas after a great trip out west to speak at the 2017 Alliance Northwest Procurement Conference in Puyallup, WA. It was great seeing many familiar faces and meeting many other new ones. But I won’t be home long: I will be off to fabulous Las Vegas for the National RES Conference, where I’ll be presenting on Monday. If you will be at RES, please be sure to connect.
Even with all of this travel, I’ve been keeping a close eye on government contracting news–and that means that it’s time for the SmallGovCon Week In Review. In this week’s edition, scammers are using the HHS OIG telephone number in a spoofing ploy, the GAO releases a report on developments in the HUBZone program, a Coast Guard employee makes a funny FedBizOpps post (no, really!) and more.
By the middle of this year, the U.S. Small Business Administration should have a strategy in place to assist small businesses with cybersecurity.
The 2017 National Defense Authorization Act is chock full of interesting legal changes for government contractors, and although we have chronicled it in depth, that does not mean there is not necessarily more to be mined from the whopping 1,587-page legislation.