Senators question GSA on response to eOffer security problem
|Originally posted Feb. 6 at 5:11 p.m. and updated Feb. 7 at 2 p.m.|
The Senate Government Affairs Committee is questioning the General Services Administration’s slow action in taking down its eOffer system after a vendor discovered a security flaw.
In a letter to acting GSA administrator David Bibb, Sens. Susan Collins (R-Maine) and Joseph Lieberman (D-Conn.), the chairwoman and ranking member of the committee, respectively, asked the agency to “help set the record straight about how this security lapse occurred and about GSA’s efforts to prevent a recurrence.”
GSA had to shut down eOffer Jan. 11 after a vendor notified the agency about a security flaw that allowed users of the system to change others’ bids once they were logged on to the site. Officials fixed and put the system
back online Jan. 18. GSA’s inspector general is investigating the incident.
The senators said the security flaw undermines confidence in e-government systems such as eOffer, which lets vendors electronically submit their offers for schedule task orders. The lawmakers also said any disclosure of confidential data “may have violated the Procurement Integrity Act” and raised questions regarding GSA’s IT security program.
GSA must detail to the committee:
- Why it took from Dec. 22, when GSA was first told of the security flaw, to Jan. 11 to shut down eOffer, as well as whether this 20-day delay was appropriate or whether eOffer should have been taken down sooner
- Why GSA believes that eOffer hasn’t hurt any users, what GSA can do to confirm that users’ data has not been harmed and when such an inquiry will be completed
- What GSA is doing to identify possible security flaws in other electronic tools it provides vendors and customers, and when this review be done
- Why GSA’s certification and accreditation process under the Federal Information Security Management Act did not prevent this security flaw. The senators also want to know whether the C&A process was properly established and implemented, as well as if there are changes GSA should make to prevent something like this from happening again.
A GSA spokesman said a letter is being prepared in response to the correspondence received from Sens. Lieberman and Collins. The questions they pose will be addressed, and include a detailed explanation of the corrective actions taken to boost the security of this site.
"We can report that GSA has taken immediate action to repair a fault that compromises the integrity of a Web tool the agency provides to make it easy for customers to prepare and submit their electronic GSA schedule offers and schedule contract modifications," the spokesman said. "The agency also launched an intensive search to identify possible irregularities within the other electronic tools GSA provides to its customers. One other application was found to have a similar fault and it too was corrected."
Connect with the GCN staff on Twitter @GCNtech.