Sole-source woes, Silk Road security flaws and more nominations

Sole-source rules not well understood, says GAO

A recent addition to Federal Acquisition Regulation regarding sole-source awards for contracts worth more than $20 million is poorly understood, according to the Government Accountability Office, and could be reducing the use of such contracts for small businesses.

According to GAO, the new FAR measure, included in the 2010 defense authorization act and implemented in 2011, requires a written justification of 8(a) sole-source awards over $20 million. Previously, no justification had been required.

GAO found that the number and value of such contracts awarded by the Department of Defense through the Small Business Administration's 8(a) Business Development program remained low in fiscal year 2013 after a significant decrease from fiscal years 2009 through 2012. According to the agency, DOD awarded 27 of the contracts, valued at more than $2 billion, in fiscal year 2009, and four contracts, valued at about $221 million, in fiscal year 2013.

Between April 2012 and June 2014, GAO said the Pentagon awarded five 8(a) sole-source contracts valued at more than $20 million. All five contained justifications, it said, but not all of the justifications fully met FAR requirements.

GAO said it had recommended that the administrator of the Office of Federal Procurement Policy clarify the circumstances in which an 8(a) justification is required, to help mitigate confusion. OFPP, it said, generally agreed with GAO's recommendations and has started the process to amend the FAR.

How did the FBI crack Silk Road's anonymity?

The FBI claims it found the physical location of the host server for the online drug emporium Silk Road through a simple security flaw.

Investigators typed in "miscellaneous entries" in the network's login page, and discovered that the CAPTCHA prompt that was used to divert spam traffic was poorly configured, and leaked information despite being connected to the Tor network, which is designed to anonymize web traffic.

But some are asking whether the FBI didn't employ more advanced exploits to get the information, and question whether such a flaw could have gone unnoticed, given the amount of scrutiny Silk Road and Tor generate from security experts.

In a Wired article, two experts following the case speculate that the FBI could have used information about an existing Silk Road flaw that was discussed on Reddit to make the Silk Road's server accept FBI inputs as commands. If such a "remote code execution" technique was used by the FBI, it could complicate prosecution of alleged Silk Road creator Ross Ulbricht, whose trial is approaching.

Deyo, Marti nominations sent to the Senate

The White House has submitted to the Senate its nominations of Russell Deyo to be the Department of Homeland Security's under secretary for management and Daniel Marti to be the Executive Office of the President's intellectual property enforcement coordinator.

If confirmed, Deyo -- a longtime Johnson & Johnson executive -- would replace Rafael Borras, who left DHS in early 2014 and is now with the management consulting group A.T. Kearney. Marti, who is the managing partner at the Washington D.C. office of the law firm Kilpatrick Townsend, would succeed Victoria Espinel. Espinel, who was the first person to hold the intellectual property enforcement coordinator post, is now president and CEO of the Business Software Alliance.

The White House made the official submissions on Sept. 8. The planned nominations had both been announced in late August.