How the GSA is Protecting the Fed from Cyber Attacks
One of the main objectives of the GSA is to modernize the Federal Governments IT Infrastructure. This involves some fun and exciting projects in the world of AI and Machine Learning. However, this also includes the threat protection and CyberSecurity, and the GSA’s Highly Adaptive Cybersecurity Services (HACS) SIN category 54151HACS is a Federal Agency’s best option to protect their IT systems. The GSA Schedule program took the initiative to develop innovative cybersecurity products, services, and public sector programs.
Major Cyber Attacks on the US Government Over the Years
Similar to other private entities, the US government is also susceptible to cyber attacks over the years. A majority of these incidents involve ransomware that caused significant disruptions in the public sector’s operations and data privacy. Moreover, these incidents brought both financial and irreversible impacts affecting state and local governments throughout the US.
2020: Solarwinds Data Breach That Shook Major US Federal Agencies
One of Microsoft’s software that manages IT infrastructure, Solarwinds, was reported to be under attack since March of 2020. Among many other federal agencies and private companies, the US energy department is one of the latest sectors that confirmed being affected by the data breach. The attack continued until December, affecting critical IT infrastructures and compromising confidential data. The key government departments’ networks, including state, defense, homeland security, treasury, and commerce under Solarwinds, were jeopardized upon downloading the latest update. State-sponsored hacking groups were allegedly responsible for implementing malicious software to the updates. As a result, the affected parties decided to remove SolarWinds from their servers to prevent further problems.
2019: Baltimore Ransomware Attack
The computer systems all over Baltimore were held hostage for over two weeks in May 2019. Ultimately, they found that a type of ransomware called RobinHood compromised the servers. As a result, operations of essential services such as paying bills and parking tickets halted. The unidentified perpetrators demanded a ransom worth 13 bitcoin (roughly $76,280) in exchange for keys to restoring access. They required the city to fulfill their request within four days, or they would increase their demand, and in the next ten days, they would delete all the confidential data.
The former mayor, Bernard Young, stood his ground and refused to pay. His team advised ignoring the ransom, for there was no guarantee they could ever restore the ransomed information. Most of the employees in the city have not accessed their work e-mails since the attack. The incident cost the city about $18.2 million to make up for the lost revenue and restore the systems.
2016: Data Breach During Hilary Clinton’s US presidential campaign
During the 2016 US presidential campaigns, the data of democratic party institutions and their candidate Hilary Clinton got breached. Russian hackers allegedly hacked into the personal email account of the chairman of Clinton’s US presidential campaign John Podesta. They leaked 20,000 confidential emails, resulting in the entire campaign’s derailment and contributed to Clinton losing the election.
2012: US Office of Personnel Management Cyber Attack
Hackers penetrated the US Office of Personnel Management from 2012 to 2015. Two separate attacks launched, resulting in breaching 22 million data such as social security numbers, addresses, and even fingerprint data.
1999: The Teen Hacker That Shook The US
In 1999, 15-year-old Jonathan James hacked into NASA computers, which solidified his place as one of the most notorious hackers of all time. The teenager managed to penetrate the US Department of Defense division’s highly secure network, intercepting thousands of private emails and passwords. After invading the Pentagon weapons computer system without breaking a sweat, James stole a NASA software piece worth $41,000. The breach resulted in a 21-day shutdown of NASA systems. Eventually, the young hacker was arrested and became the youngest person incarcerated for computer-related crimes. Due to his young age, he only received a six-month sentence.
What is SIN 54151HAC?
The Highly Adaptive Cybersecurity Services (HACS) Special Item Number (SIN) is established for the Multiple Award Schedule (MAS) Information Technology Schedules. It allows federal agencies to gain streamlined access to IT systems, solutions, and services. As a result, the public sectors can resolve potential vulnerabilities before they significantly impact the network.
The SIN 54151HAC offers a plethora of cybersecurity services from a wide range of fields. These services include the seven-step Risk Management Framework services, information assurance, virus detection, network management, situational awareness and incident response, secure web hosting, backup, security services, and Security Operations Center (SOC) services.
Subcategories of HACS Vendors
GSA contractors under SIN 54151HAC get segmented into five (5) subcategories:
High-Value Asset (HVA) Assessments
These assessments allow the public sector to detect cyber threats and other vulnerabilities. Whenever the system deviates from the implemented configuration, it automatically measures the extent of the potential risk. It can also provide strategies that help federal agencies mitigate such risks under both operational and non-operational situations.
Risk and Vulnerability Assessment (RVA)
RVA is an extension of HVA. This type of assessment focuses on Network Mapping, Vulnerability Scanning, Phishing Assessment, Wireless Assessment, Web Application Assessment, Operating System Security Assessment (OSSA), Database Assessment, and Penetration Testing.
Cyber Hunt
Cyber hunting responds to urgent situations and mitigates immediate threats. It is facilitated under the known premise that attacks on some organizations can also affect entities within the same umbrella. Alternatively, public sectors utilizing the same system can also be vulnerable to the same threats as their equivalent entities.
Incident Response
Incident response helps federal agencies manage the impacts of cyber attacks. Experts coordinate with the public sector to get a snapshot of the incident and handle the causes of the cybersecurity compromise. They are also responsible for restoring the lost networks and data and establishing a more secure IT infrastructure.
Penetration Testing
Penetration testing refers to a series of tests performed to simulate real cyber attacks. This testing allows federal agencies to pinpoint their vulnerabilities and the features within their systems, which are easy to circumvent.
Advantages of Using the SIN 54151HAC
GSA contractures that are under IT Schedule 70 use the SIN 54151HAC.
Here are some of its advantages for the federal agencies:
- Leveraging this SIN can help the public sector identify GSA contractors that offer the highest quality cybersecurity products and services. This leveraging can also be filtered based on various socioeconomic categories to ease their search.
- Federal agencies have the guarantee that orders are immediately deployable. Fostering rapid order procedures, the lead time for IT solutions procurement can be 25% to 50% faster than purchasing commercially.
- Acquisition documents that can make the process much faster, such as the Statement of Work (SOW) templates, are readily available on GSA’s IT Security page.
- Federal agencies can always consult with cybersecurity specialists and acquisition subject matter experts for any concerns and inquiries regarding their HACS orders.
Citations:
2020: Solarwinds Data Breach That Shook Major US Federal Agencies
2019: Baltimore Ransomware Attack
2016: Data Breach During Hilary Clinton’s US presidential campaign
2012: US Office of Personnel Management Cyber Attack
1999: The Teen Hacker That Shook The US
GSA IT Security page
About the Author
Josh Ladick is the President of GSA Focus, Inc., and has been immersed in GSA Contracts and Government Contracting for over 13 years. I explain the complex GSA and FAR clauses in simple terms that anyone can understand, as well as keep government contractors informed on a broad group of GSA Contract related topics. More about Josh Ladick.
