Watchdog dings Public Buildings Service for bumpy cloud shift

laptop in front of view of city (TaMaNKunG/Shutterstock.com) 

Efforts by the General Services Administration to protect data gathered by its building lease support services providers got tangled in internal contracting rules, according to an inspector general report.

In 2017, data on building rental rates and federal tenants collected by GSA lease support brokers for GSA's Public Building Services was transferred to the agency's virtual desktop interface accounts that are used with GSA Google accounts, the GSA IG said in a report issued March 22.

GSA IT, which is information security manager for the lease support brokers, made the move because it saw some of the six contractors struggling with security requirements. Contractor support services include market surveys, site visits, document preparation and lease negotiations. The shifts were made after the contracts were awarded.

About half of the federal workforce is housed in leased buildings. At the end of fiscal year 2017, the Public Buildings Service had 187.6 million rentable square feet under lease nationwide, with a total annual rental of space expense of $5.5 billion.

A hotline complaint in May 2017, according to the report, alleged GSA changed the IT security requirements of the lease support contracts without putting out corresponding contract modifications. The contracts, the report said, contain "extensive IT security requirements" aimed at guarding vital data such as government market surveys on rental rates, data about federal employees as well as the floor plans for federal offices in the buildings.

After GSA awarded the contract, the report said the agency gave contractors an option to use GSA-managed systems to access and store the leasing data. That offer, said the GSA IG, "materially transferred" the contractors' security responsibilities to GSA and changed the scope of the competition for such contracts in contravention with federal acquisition rules. The IG also said the agency also didn't issue contract modifications on the security changes for almost a year, leaving contractors' security requirements unclear.

The GSA IG recommended the Public Buildings Service commissioner coordinate with GSA IT on security requirements for lease support contractors.

The IG also recommended that other contracts that use GSA internal cloud systems to host data spell out data security responsibilities.

In a March 8 letter to the GSA IG's property and finance office, Public Buildings Service Commissioner Daniel Mathews concurred with both recommendations. However, he also asked the GSA IG for advice and guidance on the huge job of reviewing current lease contracts, saying such a review could have "significant resourcing implications."

About the Author

Mark Rockwell is a senior staff writer at FCW, whose beat focuses on acquisition, the Department of Homeland Security and the Department of Energy.

Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, tele.com magazine and Wireless Week.

Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.

Click here for previous articles by Rockwell. Contact him at mrockwell@fcw.com or follow him on Twitter at @MRockwell4.


  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.