Cyber Defense eMagazine December Edition for 2021

More documents

Recommendations

Info

GAO’s decision in L-3 Services, Inc. 3 , demonstrates how a subcontractor’s existing contractual relationships can cause an OCI for a prime contractor. The bid protest involved a contract to consolidate operations and maintenance requirements for networks at seven operating bases. The protester argued that the awardee had an unequal access to information OCI and a biased ground rules OCI because another company affiliated with the awardee’s subcontractor had provided technical guidance for the protested requirement and had access to unredacted copies of contracts, core communications requirements, internal agency information about upgrading communications and IT infrastructure, and proprietary information of other companies. After the protest was filed, the agency argued there was no unequal access to information OCI because (i) the information was not competitively useful and (ii) the information used to develop the solicitation was disclosed to all offerors. GAO rejected these arguments, finding neither the contractor nor the agency had tracked what information the affiliated company had access to over the course of performance. GAO surmised that the affiliated company likely had access to nonpublic information the agency was not aware of and that was never disclosed to offerors. Notably, in overturning the award, GAO did not base its decision on whether or not the prime awardee actually had access to the information. Instead, GAO held that access by an affiliate of a subcontractor was sufficient to create an OCI. GAO also held there was a biased ground rules OCI because although the subcontractor’s affiliate did not draft the specifications, the affiliated company participated in the business/mission case development. GAO also noted the affiliated company’s research became part of the source information used to develop the requirement. GAO sustained the protest, recommended the awardee’s subcontractor be excluded from the completion, and recommended the procuring agency conduct a new OCI investigation and determination. Mitigating an OCI As the cases discussed above illustrate, an OCI can be devastating for a company. However, in many situations, the adverse effects of an OCI can be avoided by proactively implementing an OCI mitigation plan. To be effective, a mitigation plan must be tailored to a specific contract opportunity and the circumstances that give rise to the actual or potential OCI(s). Nonetheless, there are some general principles that may guide the development of a plan: • An unequal access to information OCI is the easiest type of OCI to mitigate. The objective is to limit access to and dissemination of competitively useful nonpublic information. Mitigation techniques include nondisclosure agreements, firewalls, document controls, and restricting personnel assignments. • An impaired objectivity OCI is more difficult to mitigate. A firewall or other types of information controls will not mitigate an impaired objectivity OCI. Using a separate division to perform problematic tasks will not mitigate the OCI. Instead, an impaired objectivity OCI may be mitigated by using a firewalled subcontractor who reports directly to the government or using objective 3 L-3 Services., Inc., B-400134.11, B-400134.12, Sept. 3, 2009, 2009 CPD 171. Cyber Defense eMagazine – December 2021 Edition 90 Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.
assessment criteria for the tasks for the problematic tasks. Recusal may also be an option. All of these techniques require government cooperation. • A biased ground rules OCI is also difficult to mitigate. Firewalls or even using a different division are insufficient because anyone who works for the contractor will be presumed to act in the contractor’s interest. For this reason, recusal or using a firewalled subcontractor are often seen as the only viable strategies. For all of these mitigation strategies, proactive OCI identification, prior to bidding on the contract, is critical. Conclusion In a world where the government is acquiring more and more IT and cybersecurity products and services, the potential for overlapping requirements – and OCIs – increases. Contractors operating in these sectors should be attuned to OCIs and the associated risks. In many cases, if a potential OCI is identified early and handled proactively, its impact on future opportunities can be mitigated or negated. To take critical proactive actions, the contractor must understand what an OCI is and how an OCI arises. Armed with this information, a contractor may retain hard-won contracts and avoid exclusion because of OCIs. About the Author Michelle Litteken is Of Counsel with the Government Contracts Practice Group in Morris, Manning & Martin LLP’s Washington, D.C. office. She helps clients understand and successfully navigate all aspects of government contracts by using creative and practical measures. Ms. Litteken regularly advises her clients at every stage of the process, from understanding the requirements and securing the contract, to defending the bid, as well as assisting with potential issues that may arise during contract performance. She can be reached at mlitteken@mmmlaw.com. Cyber Defense eMagazine – December 2021 Edition 91 Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.
Page 1 and 2:
9 Ways Social Media Sabotages Your
Page 3 and 4:
How Do You Secure the Modern Supply
Page 5 and 6:
@CYBERDEFENSEMAG CYBER DEFENSE eMAG
Page 7 and 8:
Cyber Defense eMagazine - December
Page 9 and 10:
Page 11 and 12:
Page 13 and 14:
Page 15 and 16:
Page 17 and 18:
Page 19 and 20:
Page 21 and 22:
Page 23 and 24:
Page 25 and 26:
Page 27 and 28:
Page 29 and 30:
Page 31 and 32:
Page 33 and 34:
Page 35 and 36:
Page 37 and 38:
Page 39 and 40: With over 4 billion users, social m
Page 41 and 42: Unsecure Mobile Networks When using
Page 43 and 44: However, as concerning as these pra
Page 45 and 46: Danny Lopez, CEO, Glasswall “Duri
Page 47 and 48: estoring data. Modern organizations
Page 49 and 50: When Diplomacy, Finance and Tech Co
Page 51 and 52: Another way leaders can take initia
Page 53 and 54: How Covid-19 Changed Advertising Fo
Page 55 and 56: However, this shift might not be su
Page 57 and 58: Why MFA Alone Isn’t Enough for Tr
Page 59 and 60: just highlights how vulnerable most
Page 61 and 62: on channels like email. This starts
Page 63 and 64: 3 Best Practices to Avoid Inevitabl
Page 65 and 66: For example, an employee may become
Page 67 and 68: and outcomes is essential for proje
Page 69 and 70: Electric Vehicle Charging: The Next
Page 71 and 72: Going forward, EV dealers, charging
Page 73 and 74: How does this relate to MFA? Well,
Page 75 and 76: constant exposure of countries to a
Page 77 and 78: Why do you need a malware sandbox?
Page 79 and 80: Multi-Cloud Security and Compliance
Page 81 and 82: If security controls are not consol
Page 83 and 84: How Do You Secure the Modern Supply
Page 85 and 86: The case for isolation Supply chain
Page 87 and 88: Don’t Take Yourself Out of The Ga
Page 89: The U.S. Government Accountability
Page 93 and 94: the file. This was a great techniqu
Page 95 and 96: the wake of the pandemic where the
Page 97 and 98: Certain communications are protecte
Page 99 and 100: At Salt Communications we work with
Page 101 and 102: And it’s only getting worse. If y
Page 103 and 104: The benefits are great When HDOs ha
Page 105 and 106: 4 Pillars of Privacy-Preserving AI
Page 107 and 108: concern and a desire to be cautious
Page 109 and 110: and stay safe online. That’s why
Page 111 and 112: 2. Enabling over-the-horizon threat
Page 113 and 114: Techniques Used by Hackers to Bypas
Page 115 and 116: Phishing scams avoid email security
Page 117 and 118: ATO Detection Account takeover bene
Page 119 and 120: How To Protect Your Digital Legacy
Page 121 and 122: I worked with cybersecurity experts
Page 123 and 124: Sextortion Email Scams What to Do a
Page 125 and 126: Sextortion attacks are a type of cy
Page 127 and 128: How to respond to a sextortion emai
Page 129 and 130: Example 2:'You've been hacked' emai
Page 131 and 132: How can this strategy be implemente
Page 133 and 134: Surviving The New Era of Terabit-Cl
Page 135 and 136: accompanying shift toward more digi
Page 137 and 138: Survey results show businesses are
Page 139 and 140: Enterprises Cannot Achieve Zero Tru
Page 141 and 142:
Capital One breach back in 2019. Ad
Page 143 and 144:
Page 145 and 146:
Page 147 and 148:
Page 149 and 150:
Page 151 and 152:
Page 153 and 154:
Page 155 and 156:
Page 157 and 158:
Page 159 and 160:
Page 161 and 162:
CyberDefense.TV now has 200 hotseat
Page 163 and 164:
Books by our Publisher: https://www
Page 165 and 166:
Page 167 and 168:
show all

Cyber Defense eMagazine December Edition for 2021

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?