Username
Password
	Remember Me
	» Lost your Password?

Archives page

Posts Tagged ‘@GTSCoalition’

DoD Finalizes Cyber Security Threat Sharing Program

On October 22, the Department of Defense (DoD) finalized the details for its DoD-Defense Industrial Base (DIB) Voluntary Cyber Security and Information Assurance (CS/IA) threat sharing program with defense industrial base companies. No changes have been made to the interim final rule published in May 2012.

This final rule responds to public comments regarding the establishment of the DIB CS/IA program, a voluntary cyber security information sharing activity between DoD and eligible DIB companies to enhance and supplement DIB participants’ capabilities to safeguard DoD information that resides on, or transits, DIB unclassified information systems. The program is codified at 32 CFR Part 236 and implements DoD statutory authorities to establish programs and activities to protect DoD information and DoD information systems, including information and information systems operated and maintained by contractors or others in support of DoD activities (see 10 U.S.C. 2224 and the Federal Information Security Management Act (FISMA), codified at 44 U.S.C. 3541 et seq.). It also fulfills important elements of DoD’s critical infrastructure protection responsibilities, as the sector specific agency for the DIB sector see (Presidential Policy Directive 21 (PPD-21), “Critical Infrastructure Security and Resilience”). This program allows eligible DIB companies to receive U.S. Government (USG) threat information and to share information about network intrusions that could compromise DoD programs and missions. In addition, the program permits DIB companies and DoD to assess and reduce damage to DoD programs and missions when DoD information is potentially compromised. Furthermore, the information sharing arrangements between the DoD and each participating DIB company that implement the requirements of this are memorialized in a standardized bilateral agreement, known as a Framework Agreement (FA), signed by the participating DIB company and the Government.

The rule also provides the eligibility requirements for a company to participate in the DIB CS/IA program.
Costs for DIB participants include obtaining access to DoD’s secure voice and data transmission systems supporting the DIB CS/IA program and acquiring DoD approved medium assurance certificates. There also are costs associated with the collection requirements for providing point of contact information and cyber incident reporting. Government costs include onboarding new companies and collecting and analyzing cyber incidents from DIB participants.

A foundational element of this bilateral information sharing model is the recognition that the information being shared between the parties includes extremely sensitive nonpublic information, which must be protected against unauthorized uses and disclosures in order to preserve the integrity of the program.

For additional information regarding the Government’s safeguarding of information received from the DIB companies, with specific focus on PII, see the Privacy Impact Assessment (PIA) for the DIB CS/IA Program.

In addition, this rule and program are intended to be consistent and coordinated with, and updated as necessary to ensure consistency with and support for, other federal activities related to the handling and safeguarding of controlled unclassified information, such as those that are being led by the National Archives and Records Administration pursuant to Executive Order 13556 Controlled Unclassified Information (November 4, 2010).

This rule is not intended to implement the new requirements from section 941 of the National Defense Authorization Act for Fiscal Year 2013.

For more information, read the full final DIB CS/IA rule in the Federal Register.

Dec. 16: Business Development for Emerging Small Companies

Join the Government Technology & Services Coalition (GTSC) and the Emerging Small Business Group on December 16 to learn about best practices for business development for emerging small companies. Our presenter is Tony Sacco who is the former Vice President of SAIC. He over 40 years of experience in business development, IT systems development, integration and operations. Topics will include:

Introduction to the BD lifecycle from a small business perspective
Challenges and opportunities in each phase
Strategies and techniques to be successful at BD

About Mr. Sacco

Mr. Sacco has over 40 years professional and management experience in the fields of Business Development, IT Systems development, integration and operations. A majority of his experience was and is involved in the management of significant, fixed price, software intensive, development, systems integration and O&M programs for the federal government. His last responsibility, before retiring, was the SAIC program manager for the Department of Homeland Security (DHS) EAGLE $1.25B IDIQ program which included winning and executing over 40 competitive Task Orders. His previous assignment includes more than 7 years of IT program management on DHS and predecessor agency contracts, leading a $400 million IT engineering services program. Mr. Sacco is a PMI-certified PMP and an experienced earned value methodology (EVM) instructor with real-world ability in implementing solu¬tions for large federal programs. As program manager on a major IT services contract, Mr. Sacco oversaw critical projects for DHS, including the design and build of the DHS network backbone for OneNetwork, design and imple¬mentation of the Public Key Infrastructure (PKI) facility, and design and implementation of the DHS enterprise architecture (EA). In part, the work that Mr. Sacco led for SAIC re-sulted in SAIC’s selection by Frost and Sulli¬van as the 2005 Homeland Security Company of the Year. He also was the program manager for the development and worldwide deployment of the Navy War Gaming System (NWGS). He holds a BSEE from Polytechnic Inst of NY; a MSOR from New York University and a MBA from Rider University. He is a member of the Program Management Institute (PMP) and a IEEE Life Member He is certified to teach EVM and courses in Business Development, PM and Quality Management.

elaine kap

About the Emerging Small Business Group

The Emerging Small Business Group is open to GTSC members with revenue <$2.5 million. It will focus on understanding the numerous challenges of starting/growing a small business in the Federal space and marshaling GTSC’s vast resources of peers, owners, mentors, subject matter experts and online virtual tools to provide our emerging small business members the knowledge and techniques they need to meet the challenges of growing a business.

Emerging Small Businss Group Chair: Elaine Kapetanakis

Nov. 12: Will you Enter the Lion’s Den?

Calling All IEEE CEO’s…Are you ready to enter the Lion’s Den? IEEE and the Government Technology & Services Coalition invite you to enter the Lion’s Den at a newly designed plenary session at the IEEE Homeland Security Conference this year! Come before the “Lion’s” — to learn how prepared you are to succeed in today’s competitive market. Modeled after the popular television program, “Shark Tank,” the Lion’s Den invites CEOs of small businesses in front of several investors. Those investors will then ask pointed questions about the money making side of the business and uncover whether that company is really prepared, business savvy and ready to take their company to the next level.

Need more information? Contact Kristina Tanasichuk: 703-201-7198 or [email protected].

Register for the IEEE Homeland Security Conference in Boston: https://ieeeboston.org/forms/hst_regpay/hst_frm_pg/hst_regpay.php

Download the PDF flyer and forward to a friend: GTSC Lions Den Flyer IEEE Conference

Nov. 7: Ask the Expert with IACCM

Join IACCM for its Ask the Expert – Trends in Homeland and National Security Funding on Thursday, November 7, 2013 – 4:00 PM London, 11:00 AM New York, 11:00 PM Singapore.

Are you wondering how to obtain funding for national security projects during these days of strife on Capitol Hill? Kristina Tanasichuk, CEO of the Government Technology & Services Coalition, will share her insights on the federal homeland security market along with other trends affecting the financing of important homeland security programs.

The International Association for Contract & Commercial Management enables both public and private sector organizations and professionals to achieve world-class standards in their contracting and relationship management process and skills. It provides executives and practitioners with advisory, research and benchmarking services, and worldwide training and certification for contracts, commercial and relationship management professionals. IACCM is a non-profit membership organization that supports innovation and collaboration in meeting the demands of today’s global trading relationships and practices. Through our worldwide presence and networked technology, IACCM members gain access to the thought leadership and practical tools that are essential for competitiveness in today’s fiercely contested global markets. We provide insight to the leading-edge contracting and commercial skills, policies, procedures and methods that are fundamental to managing enterprise and individual risks. This insight equips professionals and their leaders to implement best practice governance of contractual commitments and trading relationships. >>Learn more

Cyber Security Survey

Last fall, the InfraGard National Capital Region Members Alliance (INCRMA), FBI-Washington Field Office, and the Government Technology & Services Coalition (GTSC) co-hosted a cyber security program at which we announced our intention to develop a survey for companies to share their experience with cyber security “incidents,” hacking, viruses, spear phishing, malware, and other suspicious activity, in addition to asking about what kinds of tools and resources could be most valuable to help industry be more prepared.

The survey collects data on the type and frequency of computer security incidents in which a computer was used as the means of committing a crime against the company or as a conduit through which other intrusion and/or criminal activity was perpetrated. It also collects data about the type and size of the company, cyber security practices, and computer infrastructure.

The results will provide the basis for enhancing or initiating efforts to strengthen the information sharing and awareness to inform our public private partnerships and create meaningful programming and tools to combat the cyber threat.

Initial results will be reviewed at our Cyber Security Awareness Month program on October 23 with Dr. Phyllis Schneck, the new Deputy Under Secretary of Cyber Security at DHS. The full results will be released this fall. The questions have been developed by GTSC from a previously issued DOJ survey, in combination with input from FBI-WFO’s Cyber Branch and the INCRMA’s Cyber Special Interest Group. Please feel free to share the link with others who you believe would be appropriate respondents.

Pentagon Attorney Jeh Johnson nominated as next DHS Secretary

News leaked Thursday that the Obama Administration would put forward Jeh Johnson, a top Pentagon lawyer, for the next Secretary of the Department of Homeland Security.

Assessed by many as one who does not stray from the “tough” issues, Jeh Charles Johnson was appointed General Counsel of the Department of Defense on February 10, 2009, following nomination and confirmation by the U. S. Senate. In this capacity, he serves as the chief legal officer of the Department of Defense and the legal adviser to the Secretary of Defense. Mr. Johnson’s legal career has been a mixture of private practice and distinguished public service. Mr. Johnson began his career in public service as an Assistant United States Attorney in the Southern District of New York, where he prosecuted public corruption cases. From, 1989-1991, as a federal prosecutor, Mr. Johnson tried 12 cases and argued 11 appeals.

Mr. Johnson built upon his early career as an Assistant United States Attorney to become a successful trial lawyer in private practice at the New York City-based law firm of Paul, Weiss, Rifkind, Wharton & Garrison, LLP. While at Paul Weiss, he personally tried some of the highest stakes commercial cases of modern times, for corporate clients such as Armstrong World Industries, Citigroup and Salomon Smith Barney. In 2004, Mr. Johnson was elected a Fellow in the prestigiousAmerican College of Trial Lawyers. In October 1998, President Clinton appointed Mr. Johnson to be General Counsel of the Department of the Air Force following nomination and confirmation by the Senate. He served in that position for 27 months and returned to private law practice at Paul Weiss in January 2001. While in private practice, Mr. Johnson was active in numerous civil and professional activities. From 2001-2004, he chaired the Judiciary Committee of the New York City Bar Association, which rates and approves all the federal, state and local judges in New York City. Mr. Johnson is also a member of the Council on Foreign Relations, and was a director or trustee of Adelphi University, the Federal Bar Council, the New York Community Trust, the Fund for Modern Courts, the Legal Aid Society, the Lawyers Committee for Civil Rights Under Law, the New York City Bar Fund, Inc., the Vera Institute, the New York Hall of Science and the Film Society of Lincoln Theater. He was also on the Board of Governors of the Franklin & Eleanor Roosevelt Institute.

Following the 2008 election, Mr. Johnson served on President-Elect Obama’s transition team, and was then publicly designated by the President-Elect for nomination to the position of General Counsel of the Department of Defense on January 8, 2009, followed by formal nomination on January 20, 2009, and confirmation by the Senate on February 9, 2009. Mr. Johnson is a member in good standing of the Bars of New York State and the District of Columbia. (Bio information from the DOD website: http://www.defense.gov/bios/biographydetail.aspx?biographyid=173

Useful commentary and links:

Wikipedia: http://en.wikipedia.org/wiki/Jeh_Johnson

Fun facts: http://www.washingtonpost.com/blogs/in-the-loop/wp/2013/10/18/eight-facts-you-didnt-know-about-jeh-johnson/

GTSC Member insight: David Olive http://securitydebrief.com/2013/10/18/johnson-nominated-for-dhs-secretary-what-does-that-tell-us/#axzz2i6lpmq3D

Who is Jeh Johnson: http://securitydebrief.com/2013/10/18/who-is-jeh-johnson/#axzz2i6lpmq3D

Deciding to Pursue 8(a) Certification

As part of the strategic planning process at PReSafe Technologies, we regularly consider market opportunities and industry sectors that present sound, viable avenues for sustained revenue and growth that are aligned with our aim of protecting global digital assets. With the Federal government’s mission to protect the people, infrastructure and economy of our nation; its increasing emphasis on cyber security; and its position as one of the largest purchasers of goods and services in our economy, our decision to enter the Federal marketplace was clear.

Entering a new market is a formidable and demanding endeavor, particularly for an emerging business in a recovering economy. It includes building new relationships and alliances and fundamentally understanding how business is conducted in order to be competitive and win business. As an emerging business, it is crucial to remain efficient and effective during each step. Our due diligence led us to the U.S. Small Business Administration (SBA) 8(a) program as an efficient and effective approach for entering the Federal marketplace.

PReSafe Technologies became aware of the SBA 8(a) program through online research, dialogue with colleagues and participation at meetings hosted by the Government Technology & Services Coalition (GTSC). The SBA 8(a) program is well suited for emerging businesses, particularly socially and economically disadvantaged entrepreneurs that aspire to gain a foothold in government contracting.

The SBA 8(a) application process is much more comprehensive (and lengthy) than most state programs with a similar focus on emerging, disadvantaged businesses. PReSafe Technologies found it was well worth the effort because of the significantly greater market opportunity, structured business development (annual reviews, business planning, systematic, evaluations) and executive leadership development opportunities. Moreover, we believe that demonstrating success in the Federal marketplace may readily lead to increased opportunities in other private sector marketplaces.

PReSafe Technologies recently initiated the SBA 8(a) application process, and we expect that it will take some time before the anticipated successful outcome. Our aim is to protect global digital assets and support the Federal government’s mission of securing the U.S. homeland. We seek to collaborate and remain optimistic about the opportunity to bring additional innovation, agility and high-quality solutions to the Federal marketplace through the SBA 8(a) certification process.

Learn more about the SBA 8(a) application process here.

Robert V. Jones
President & CEO
PReSafe Technologies LLC

Robert V. Jones is the President & CEO of PReSafe Technologies LLC. PReSafe Technologies LLC is a professional consulting, advisory and solution delivery company dedicated to protecting global digital information assets by identifying and eradicating cybersecurity threats thus enabling companies to do business with confidence in today’s global interconnected electronic marketplace.

Cyber Security Insurance: Does Your Company Need It?

“Cybersecurity – A Special Report”…with newspaper headlines like this in the The Washington Post, cyber security is THE hot topic. If your company uses a computer, credit card, checking account, files a tax return, employs smart phones, or uses iPads, your business is a target for losing intellectual property or becoming the vehicle for a cyber attack — with a huge financial loss as the result.

For individuals the theft or misuse of private information occurs daily. Signals stolen while using public internet, misplaced cell phones, fishing attacks on home computers, and theft of personal computers happen throughout our society and result in long-term financial crisis.

Small Business owners face even greater obstacles from cyber attacks. A recent National Small Business Association reported 44% of their 800 surveyed members had fallen victim to a digital break-in. What are the steps we can take to help thwart these information criminals? Solutions for both companies and individual citizens are very similar.

All business firms using the internet must have a strong risk management plan established and adhere to the rules in order to lessen the impact of cyber theft. With the growth of cloud computing, use of smart phones and tablets, employees telecommuting, and digital information flowing outside the office, cyber attackers have many more access points. The Federal Communication Commission (FCC) lays out guidelines to prevent cyber attacks. Among their suggestions are:

Train employees in security principles. Use strong passwords with expiration dates.
Protect information, computers and networks from cyber attacks. Install fire wall security, the latest security software and web browsers.
Create a mobile device action plan. Password protect devices, encrypt data, and install security apps and how to report lost or stolen equipment.
Make copies of all important data. Store offsite or in the cloud.
Passwords and authentication. Require unique passwords and change every three months.

Many businesses have the additional exposure of outsourcing data. Many businesses share customer information with third parties who provide billing, payroll, and employee benefits. Additionally, web hosting, HR services, and information technology services are frequently outsourced. Despite this outsourcing exposure many businesses do not require third parties to cover costs associated with data breach in their contacts. When using outside partners, what is the risk-management strategy they use to protect you against financial loss and reputation harm?

Because of the explosion in internet usage many companies are seeking contractual risk transfer and indemnification through insurance. Starting in the early 1990’s insurance has changed to provide protection for cyber growth. Today numerous insurance companies either provide stand-alone policies or add the protection with other coverages, such as Directors & Officers policies (D&O), Errors & Omission Policies (E&O), and Fiduciary Liability policies. An E&O policy is a type of professional liability typically issued to companies setting standards for them selves or other clients. D&O liability coverage is designed to protect companies against their management decisions and covers directors, officers, staff and the organization itself.

Cyber Liability Policies should provide protection for both First Party and Third Party Claims.

First Party coverage includes:

Network and Information Security Liability
Communication and Media Liability
Regulatory Defense Exposure

Third Party coverage includes:

Crisis Management Event Exposures
Security Breach Remediation and Notification Expenses
Computer Program and Electronic Data Restoration Expenses
Computer Fraud
Funds Transfer Fraud
E-Commerce Extortion
Business Interruption and Additional Expenses

Cyber Insurance helps before the loss occurs by going through a thorough underwriting process to help highlight the potential risk exposures to be addressed. Nevertheless, should the loss occur these policies help in determining the data leak, PR crisis, IT crisis, and the financial crisis.

The recommendation to combat today’s cyber threat involves risk management planning, assistance from third party partners, and insurance coverage to assist should a loss occur. For more cyber security tips, visit www.US-CERT.com. Learn about the FCC’s Small Business Cyber Planner here.

Mary Jordan, “CYBERSECURITY – A Special Report,” The Washington Post, Thursday, October 10, 2013

P. Allen Haney, President, P. Allen Haney Company

Mr. P. Allen Haney is a Strategic Advisor to the Government Technology & Services Coalition. He is also a trusted advisor to business owners and nonprofit executives, Allen Haney is best known for solving problems. His consul on employee benefits, executive compensation, and retirement planning routinely vitalizes the health and sustainability of closely held businesses and associations.

He is most appreciated for his all-inclusive, uncompromising commitment to expand client capacity by uncovering risks and opportunities hidden in blind spots. Read more about Mr. Haney here.

Certify Your Small Business as a Federal Contractor

The Small Business Administration (SBA) shared these resources for how to certify your small business as a federal contractor. It can be a complicated road, but this is a great place to start!

If you’re a small business owner interested in making the federal government one of your next customers, you can benefit greatly from certifying your business first. Many government agencies require that a certain percentage of its work is set aside for small businesses (and woman-owned, veteran-owned and more), so certifying your business can help you successfully compete for government contracts. These resources can help:

When and How to Register Your Business as a “Small Business” – Get the scoop on small business certification from this blog post.
Am I a Small Business? – Make sure you meet the qualifications for “small” before you certify and register your business.
Register for Government Contracting – As you register for government contracting, you’ll also be “self-certifying” your business as small.

You can also read up on additional certifications that can give your small business a competitive edge when pursuing government work. These include programs designed to help small businesses in historically underutilized rural and urban areas (HUBZone Program), socially and economically disadvantaged businesses (8(a) Business Development Program), as well as Woman-Owned or Service-Disabled Veteran-Owned businesses. Learn more here.