Business advocates are charging the Defense Department with redlining the government contracting business to the extent that the 2011 Defense Authorization bill would allow DOD officials to secretly blacklist contractors and bar them from doing any business with the federal government.
In particular, they say this “blatant power grab” by agency heads could end up significantly harming small-business contracting because it could lead to the concentration of contracting dollars in the hands of just a small number of big companies.
The American Small Business League (ASBL) recently went public with its concerns in a dispatch from Communications Director Chris Gunn in The Exception magazine.
“Small-business advocates are concerned that DOD’s determination will be shared with each agency where the company competes as a prime contractor or subcontractor,” Gunn writes. “This could lead to the broad-based exclusion of contractors from federal contracting programs without due process.”
That could be a sensitive issue with the new Congress. Government agencies have specific small-business set-aside targets, but small-business advocates consistently complain that agencies are not doing enough to meet those goals. And last year, things came to a head in Congress over charges of fraud in the Small Business Administration’s set-aside programs, which allegedly cost small companies some $100 million worth of business.
According to Gunn, ASBL estimates that more than $100 billion in federal small-business contracts are diverted away from such companies every year, with many large companies — such as Boeing, Lockheed Martin and Northrop Grumman — receiving the contracts instead.
ASBL has legs when it comes to making its concerns known and paid attention to. Earlier in the year, it sued the government for muddling its small-business contracting data, thereby reducing the transparency of government contracting. Groups had used that data to uncover fraud in the past, ASBL said.
And in November, the group sued the Homeland Security Department for refusing to release subcontracting reports on contracts it had awarded to Boeing.
A big part of the beef ASBL and others have with the new Defense bill is that they say it will allow DOD to blacklist companies without notifying those companies. And it protects the blacklist from disclosure requirements that would be part of a Freedom of Information Act request, a protest to the Government Accountability Office or action in federal court.
Posted on Dec 14, 2010 at 9:56 AM3 comments
Are the ducks finally lining up on cybersecurity? The recent memorandum of agreement between the departments of Defense and Homeland Security, who for years have been butting heads on cybersecurity responsibilities, is one positive sign.
If we depart from the cynical view, which would have this as nothing more than window dressing for the public and Congress, then we can expect better coordination and information sharing between the two departments going forward. Hopefully, that ultimately means a much better approach to protecting critical infrastructures.
And none too soon. The Stuxnet worm that reportedly devastated Iran’s energy infrastructure is being seen as the most visible evidence of a trend toward more “professional” coding of malware aimed at country’s infrastructures. Some are calling it the blueprint for a new generation of cyberweapons that will be used in a rapidly developing Cyber War.
A DOD official was quoted as saying the agreement with DHS was needed because the United States doesn’t have either the time or the money to develop cyberdefenses twice over. DHS Secretary Napolitano and DOD Secretary Gates called it the beginning of a new framework for coordination and joint program planning between the departments.
If this all works out as planned then it will be quite few steps on from where the public perception is right now, with a large majority in a recent Narus poll saying government is wildly unprepared to defend against cyberattacks. Industry didn’t fare much better.
How much does this positive outweigh the negatives? Good question. Symantec’s 2010 Critical Information Infrastructure Protection survey reported that more than half of America’s infrastructure providers have experienced politically-motivated cyberattacks. Those were presumably made by the kinds of people who launched Stuxnet, not the relatively unsophisticated hacker stuff that predominated in years past. And it’s likely to only get worse.
Outside of the feds and industry, state and local governments also have a big responsibility for critical infrastructure, of course, and they are getting hammered by the recession. A new study found that nearly four-fifths of state chief information security officers reported stagnant or slashed budgets that pose “a serious problem that stifles their ability to adequately handle growing internal and external threats.”
So which is it? Are we marching forward, falling back, or staggering to a standstill?
Posted on Oct 14, 2010 at 1:34 PM2 comments
In another case of unintended consequences, now come warnings that the Obama administration’s call to Internet service providers and other firms to make it easier for the FBI to tap into online communications could damage attempts to tighten security in the cloud.
Security research firm Securosis says that the proposal, which is aimed at denying terrorists and other groups the advantage of encrypted communications, will create “a single point of security failure within organizations and companies that don’t have the best security track record to begin with.”
Related stories:
Big Brother wants to surf the Net with you
Why cybersecurity experts can never rest
Security washes out cloud savings
Who owns data in the cloud? The answer could get tricky.
The administration’s proposal specifically targets peer-to-peer communications, requiring companies that deliver these types of services to redesign them to allow interception. There’s only a limited number of ways to do that, Securosis says, and each of them creates new opportunities for security failures. Those failures are also likely to be detectable by bad guys with some fairly basic techniques, it says.
ReadWriteWeb, which provided the initial link to the Securosis post, points out that means nothing but trouble for cloud providers. Instead of locking the cloud down tighter, this proposal would create an always-open backdoor into the cloud.
Government clouds are mostly behind the firewall now, but at some point they’ll have to connect to public services if they want to make full use of the cloud. If Securosis is right, the administration’s proposal might serve to throttle the use of the cloud by the feds, who are paranoid about its security, at the same time that the White House is trying to promote it.
Posted on Sep 29, 2010 at 1:17 PM4 comments