“The FBI is warning Zoom video-conferencing platform users to guard against “VTC hijacking” and “Zoom-bombing” by outsiders intent on making threats and offensive displays.
According to the FBI’s Boston Division, two Massachusetts high schools reported separate instances of individuals breaking into online classes in late March being conducted via Zoom teleconferencing software. In one incident, said the FBI, an unidentified individual dialed into a videoconference class, yelled out a profanity and the teacher’s home address. In the other, a school reported an unidentified individual with swastika tattoos dialing into a Zoom videoconference class.
FBI Special Agent Doug Domin told FCW that unauthorized participants are not just an issue on the Zoom platform. “Other providers have similar platforms,” he said, that are just as vulnerable to such intrusion if they’re misused.
“Organizations should have policies for VTC” and its associated software, as well as training on how to use it, said Domin. Individual session passwords should be used, even for audio bridges, he said. “The bigger the group, the bigger the possibilities” for unauthorized entry.
“We take the security of Zoom meetings seriously and we are deeply upset to hear about the incidents involving this type of attack,” a Zoom spokesman told FCW in an email. “For those hosting large, public group meetings, we strongly encourage hosts to review their settings and confirm that only the host can share their screen. For those hosting private meetings, password protections are on by default and we recommend that users keep those protections on to prevent uninvited users from joining,” they said.
The Zoom for Government platform is on the General Services Administration’s buying schedule and also has that agency’s Federal Risk and Authorization Management Program moderate level approval. Zoom was sponsored in the FedRAMP approval process by the Department of Homeland Security, according to the company. The authorization allows federal agencies and contractors to securely use Zoom for government video meetings and API integrations, according to the company.
Typically, government-approved versions of commercial off-the-shelf products to not allow for data collection for marketing purposes.
Zoom’s standard product has many newer users in public school environments, since company CEO Eric Yuan removed time limits on the app for elementary and high schools as the COVID-19 pandemic closed down the facilities across the U.S.
Additionally, a company official told the Intercept in a March 31 report that Zoom does not offer end-to-end encryption as it is commonly understood – that is encrypting data between user end points. The content of a video conference hosted by Zoom is potentially visible to the company itself.
An IT manager FCW spoke with about Zoom said they were confident that with the FedRAMP moderate rating that conforms services to FISMA standards, a federal Authority to Operate, and familiarity with the platform, most federal users could be reasonably confident with the platform’s integrity.”
“They will include for the first time requiring women between the ages of 18 and 25 to register for potential conscription in the event of a prolonged war, as all young men are currently required to do.
Big changes are expected to come to the Selective Service System in coming years, but exactly what is still unclear.Leo Shane III
The idea has gained traction among some women’s rights groups and complaints from some conservative activists in recent years. In the past, courts have ruled against adding women to the draft because certain combat posts were closed to them, but Pentagon officials in recent years have lifted nearly all those restrictions.
In a statement on Tuesday, House Armed Services Committee ranking member Rep. Mac Thornberry, R-Texas, praised the commission’s work and promised to closely consider the findings.
“Opening Selective Service to women is just one of their recommendations,” he said. “I look forward to examining the data and arguments the commission has compiled more closely.
“In the meantime, it is important that my colleagues have an opportunity to hear from the Commission directly. I believe that public hearings in the Armed Services Committee and other relevant committees are essential.”
When those public hearings might be held is unclear. Currently, nearly all congressional hearings have been postponed indefinitely because of the ongoing coronavirus pandemic. President Donald Trump earlier this month recommended keeping any public gatherings to fewer than 10 people in an attempt to slow the spread of the illness.
Legislative proposals have stalled out in Congress, over both concerns with traditional family roles for women and the viability of the Selective Service System itself. The system costs about $23 million a year to maintain.
Congress will have to adopt new legislation in order to make the change of adding women to the draft. Or they could opt to get rid of the Selective Service System altogether.
Recent legislative proposals regarding registration of women have stalled out in Congress, over both concerns with traditional family roles for women and the viability of the Selective Service System itself. The system costs about $23 million a year to maintain, and several studies have questioned how effective it would be if officials needed it to replenish troop levels.
That hasn’t happened in more than 40 years, and Pentagon officials have repeatedly said they prefer the current all-volunteer force to the idea of a mostly conscripted military.
Men between the ages of 18 and 25 who don’t register for the draft face possible fines and jail time, and may be ineligible for benefits like federal student loans. Advocates for adding women to the registration system have argued in the past that levying those penalties only on men is unfair.”
“The Labor Department’s compliance office has waived some contractor affirmative action requirements for three months as the COVID-19 pandemic presses companies and federal agencies to quickly meet demands.
The Labor Department’s Office of Federal Contract Compliance Programs (OFCCP) on March 17 temporarily waived some contractors’ affirmative action requirements under the three statutes it oversees.
The waiver will last until June 17, but it doesn’t put aside requirements for those contractors to enforce other federal, state and local civil rights laws, nor does it stop processing of discrimination complaints.
“Following President Trump’s direction, the Office of Federal Contract Compliance Programs is committed to swiftly responding to COVID-19,” said OFCCP Director Craig Leen, in the statement. “Today’s memorandum helps federal agencies and federal contractors engaged in relief efforts to protect the safety, security and health of the American people.”
“The waiver is not uncommon” in times of big crisis situations, Shirley Wilcher, executive director of the American Association for Access, Equity and Diversity, a Washington D.C.-based equal opportunity advocacy and training group, told FCW on March 23.
Similar contracting actions have been taken in the wake of other major disasters such as catastrophic hurricanes to help speed response, but they’re hardly welcomed with open arms, according to Wilcher. “Equal opportunity shouldn’t take a holiday.”
In 2005, the Labor Department’s Employment Standards Office issued a similar three-month waiver for contractor affirmative action rules to aid in Hurricane Katrina recovery.”
“The Defense Department is concerned that foreign investment will take advantage of small businesses in the defense industrial base reeling from the COVID-19 pandemic.
The defense industrial base, which consists of more than 300,000 companies, is “vulnerable to adversarial capital,” and DOD wants them to “stay in business without losing their technology” or be subject to intellectual property theft.“
“Ellen Lord, DOD’s top acquisition executive: “The foreign investment issue is something that I have been tracking for the last couple years. There is no question that we have adversarial capital coming into our markets through nefarious means,” Lord said.
“So what we are doing, on the defense side, looking at [the Committee on Foreign Investment in the United States], on the offensive side, we’re looking at our Trusted Capital mechanisms.”
DOD has been conducting periodic Trusted Capital Marketplace virtual events to pre-empt CFIUS concerns and ensure companies’ access to “clean capital.”
Lord said the global outbreak of COVID-19 has created instability and uncertainty, especially for small businesses that aren’t sure if government contracts will continue.
“I think it presents a greater attack surface as there is greater uncertainty, especially to small businesses as to whether their contract will continue,” Lord said. “So we want to basically mitigate that uncertainty.”
DOD under the Trump administration has been pushing for more domestic manufacturing and reducing foreign investments, namely with drone production. It has also been adamant about finding U.S.-based solutions for telecommunications services and hardware production, barring the use of Huawei and ZTE products because those companies have ties to the Chinese government and military.
These moves, especially as the global health crisis persists, could have broader implications and shrink direct foreign investment up 15%, according to a United Nations report.
The Defense Department has also created a new task force to synchronize its COVID-19 efforts led by Stacy Cummings, the principal deputy assistant defense secretary and leader of the Acquisition Enablers office.
The Joint Acquisition Task Force will coordinate with military services and agencies’ acquisition resources and field requests from the Federal Emergency Management Agency, the Departments of Health and Human Services and Homeland Security and other federal agencies for medical resources and personal protective equipment.
The task force aims to identify weak points in workforce and industrial capability and ultimately reduce companies’ reliance on foreign supply sources. It will also direct use of Defense Production Act authorities, which include being able to use economic incentives and priority-rate defense contracts to best serve the need of troops in the field and team with industry to boost commercial capabilities.”
The COVID-19 battle will continue as a local issue. It is at the local level in which federal funding programs are enacted, grown and made part of the culture.
Small businesses within states or territories may apply for a disaster assistance loan. There will be dramatic roles for small business, not just in medically related fields but also in logistics to geospatial technology fields and others.
See here for the latest Centers for Disease Control and Prevention Coronavirus information.
What is VA doing?
VA has implemented an aggressive public health response to protect and care for Veterans, their families, health care providers, and staff in the face of this emerging health risk. We are working directly with the CDC and other federal partners to monitor the outbreak of the virus.
On March 27, VA shared its COVID-19 response plan. This best-practice guide is a valuable tool, which may be useful nationwide for the medical community.
Any Veteran with symptoms such as fever, cough or shortness of breath should immediately contact their local VA facility. VA urges Veterans to call before visiting – you can find contact information for your closest VA facility.
Alternatively, Veterans can sign into My HealtheVet to send a secure message to VA or use telehealth options to explain their condition and receive a prompt diagnosis.
Upon arriving at VA, all patients will be screened for flu-like symptoms before they enter in order to protect other patients and staff. A VA health care professional will assist you with next steps once this screening process is complete.
At this time, VA is urging all visitors who do not feel well to please postpone their visits to VA facilities.
How to protect yourself
Currently, there is no vaccine to prevent the COVID-19 infection and no medication to treat it. CDC believes symptoms appear 2 to 14 days after exposure. Avoid exposure and avoid exposing others to an infection with these simple steps.
Learn to use VA Video Connect through the VA mobile app store or by contacting your VA care team, before any urgent problems arise.
Wash your hands often with soap and water for at least 20 seconds. An easy way to mark the time is to hum the “Happy Birthday” song from beginning to end twice while scrubbing.
Use an alcohol-based hand sanitizer that contains at least 60% alcohol.
Avoid touching your eyes, nose and mouth with unwashed hands.
Avoid close contact with people who are sick.
Stay home when you are sick or becoming sick.
Cover your cough or sneeze with a tissue (not your hands) and throw the tissue in the trash.
Clean and disinfect frequently touched objects and surfaces.
Getting a flu shot is recommended.
VA COVID-19 Cases
Nationally, as of March 30, 2020, VA is tracking the following Veteran patients with a positive COVID-19 diagnosis. This is a rapidly evolving situation and VA will provide updated information as it becomes available and verified.”
How can firms maintain the 35% HUBZone residency requirement if some employees are college students whose residence hall has closed? SBA recognizes that some HUBZone employees are students who have been called home to locations no longer in a HUBZone, even though they continue to work remotely, impacting firms’ ability to maintain the 35% HUBZone residency requirement. SBA will determine affected firms’ compliance with the 35% HUBZone residency requirement by reviewing documentation showing where the impacted employee lived prior to the COVID-19 response measures being put in place. Accordingly, a firm that has a HUBZone employee that was required to move from student housing to a non-HUBZone location AND continues to work for the HUBZone firm, the firm may continue to count that employee as a HUBZone resident by providing documentation showing: 1) the university/college closed the student’s residence and 2) the employee has been maintained on the payroll. This applies only to students who, at the time of the firm’s application for certification or recertification, were already on payroll and had residency established prior to the university closing student housing.
How can firms maintain compliance with the Principal Office requirement if their employees are required to telework? SBA recognizes that if all of a firm’s employees are required to telework in response to the COVID-19 pandemic, this might impact a firm’s ability to comply with the HUBZone program’s principal office requirement. In response to this concern, SBA will determine affected firms’ compliance with the principal office requirement by reviewing the firm’s compliance prior to the telework measures being put in place. Accordingly, at the time of application for certification or recertification, a firm that has placed its employees on mandatory telework will have to provide documentation showing where its employees performed their work prior to requiring telework. Such an applicant will also be required to provide a signed statement that: the firm put all their employees on telework associated with social distancing in response to the COVID-19 pandemic; the teleworking measure is temporary in nature; and the employees will return to their normal work location once the teleworking measures have been lifted.
How can firms maintain compliance with the requirement for uninterrupted and continued employment for “Legacy HUBZone employees,” as outlined in the HUBZone regulations at 13 C.F.R. 126.200(d)(ii)(3), if employees are laid off or on extended sick leave? The revised HUBZone regulations, which became effective December 26, 2019, allow firms to count “Legacy” HUBZone resident employees as permanent HUBZone resident employees if they are able to demonstrate that the employee was a HUBZone resident for 180 days prior to and for 180 days following the firm’s HUBZone certification or recertification. In addition, the requirement states, “The certified HUBZone small business concern must maintain records of the employee’s original HUBZone address, as well as records of the individual’s continued and uninterrupted employment by the HUBZone small business concern, for the duration of the concern’s participation in the HUBZone program.” SBA recognizes that many firms have placed employees on extended (unpaid) sick leave status or are contemplating layoffs. SBA will allow HUBZone companies to place an employee in a temporary non-paid status such as FMLA to care for themselves or a sick family member during COVID-19 if the firm attests to their intent to put such individuals back on payroll after the period of extended sick leave. However, there is no such exception for employees that have been laid-off. If a firm lays off an individual, that individual cannot be counted as a “legacy HUBZone employee” for any future HUBZone certification or recertification.
Can the HUBZone Program expedite my application for certification? SBA may expedite the application of any firm that submits a completepackage for certification and indicates that they intend to respond to a specified solicitation that relates to COVID-19.
Can the HUBZone Program waive or reduce the 35% residency requirement? This statutory requirement would necessitate Congressional action to change.
II. HUBZone Program updates related to a change in regulations
When and why did SBA propose new rule changes to the HUBZone program? The SBA proposed new regulations to make it easier for small businesses to participate in the HUBZone program. These changes will make the program more attractive for small businesses to invest in HUBZones and hire HUBZone residents, providing greater impact to communities and making it easier for federal agencies to meet their goal to award 3 percent of contracts to certified HUBZone small businesses. The rule change was published in November 2019 and took effect December 26, 2019.
What are the new rules around recertification? All firms will be required to undergo an annual recertification rather than a triennial recertification, with a full documentation review taking place every three years. Once certified, a firm is eligible for all HUBZone contracts for which the business qualifies as small, for a period of one year from the date of its initial certification or most recent recertification (unless the concern acquires, is acquired by, or merges with another firm during that period). Prior to this change, in order to be eligible for a HUBZone contract, firms had to prove their HUBZone eligibility at both the time of offer and the time of award, lengthening the procurement process for HUBZone firms uniquely among all small businesses—and serving as a disincentive for federal agencies to contract with HUBZone companies.
When and how will annual recertification begin? SBA has experienced a delay in the implementation of our new annual recertification process. Firms which, based on the prior triennial recertification schedule, were due for recertification in 2020 will be contacted automatically by the HUBZone Certification and Tracking System (HCTS) and will be required to recertify on the anniversary date of their initial certification. (For example, if a firm was initially certified on December 1, 2017, the firm will receive a notice from HCTS that it is due to recertify its HUBZone status within 30 days of December 1, 2020.) All other firms (which were not scheduled to recertify in 2020 under the triennial recertification rules) will continue to be considered eligible as of the date of their initial certification or most recent recertification, and must be prepared to prove their eligibility at that time if their HUBZone status is protested in connection with a HUBZone solicitation issued after December 26, 2019. Until such time as we have introduced a fully automated recertification process for all firms, we will also allow firms to voluntarily recertify on the anniversary date of their initial certification, if they choose to do so. We will advise firms within the next two weeks regarding the process for voluntary recertification on their anniversary date.
Are Governors now permitted to ask SBA to designate HUBZones? A new Governor-designated covered areas initiative that became effective on January 1, 2020, represents an opportunity to expand the HUBZone program to reach more distressed rural communities. The new authority allows state governors to petition SBA to designate as HUBZones rural areas with populations under 50,000 and unemployment levels of 120 percent of the U.S. or state average. SBA will provide updates and update the HUBZone maps to reflect newly covered areas.
Are there other changes to the HUBZone maps? SBA has frozen the HUBZone maps through 2021, until the results of the 2020 Census are available. This will provide the program and participating small businesses with an opportunity to transition to a new requirement to update the maps and designations on five-year intervals, starting after the 2020 Census. Five-year HUBZone updates will enable small businesses to plan and invest in their HUBZone communities without fear that their designation may change from one year to the next, thus providing stability for both the community and HUBZone businesses. While the maps are frozen, no new Qualified Non-Metropolitan Counties, Qualified Census Tracts, or Redesignated Areas will be removed from or added to the maps. However, SBA will continue to add locations approved through the new Governor-designated covered areas initiative, qualified base closure areas, qualified disaster areas, and Indian lands, as any new data is received.
How has the definition of the Principal Office changed? A new provision in the HUBZone regulations allows small businesses that invest in HUBZones by purchasing a building or entering a long-term lease (of 10 years or more) to maintain HUBZone eligibility for up to 10 years, even if at some point the office location no longer qualifies as a HUBZone. This provision does not apply to offices located in areas categorized on the HUBZone map as Redesignated areas.
Are there changes to the 35% HUBZone employee residency requirement? The new rule allows HUBZone companies to retain long-term “Legacy” HUBZone resident employees as permanent HUBZone resident employees, under certain circumstances. An employee who resides in a HUBZone for at least six months (180 days) at the time of certification or recertification, and continues to reside in a HUBZone for at least six months (180 days) after such time, may continue to be considered a HUBZone resident so long as they are continuously employed by the firm, even if he/she moves to a non-HUBZone area, or if the area of his/her residence loses HUBZone geographical eligibility. If the firm wants to count such a “Legacy” employee as a HUBZone resident for the duration of the individual’s employment, then at the time of any subsequent recertification, the firm will be required to identify any such employee and provide supporting documentation demonstrating that the individual resided in a HUBZone for 180 days before and after certification and that the individual has been an employee of the firm for the entire period of time since the firm’s certification.
How may I obtain help or learn more about the HUBZone Program? The following resources may be accessed for additional support:
Your SBA District Office can provide local assistance on topics such as government contracting, certifications, financing, general business support, and more. The list of local offices can be found at https:// sba.gov/local-assistance/.
The SBA Answer Desk at 1-800-827-5722 and email@example.com can also answer general questions.
The largest contracts — worth more than $550 million total — went to 21 companies to develop “big bet” technologies. Those companies are Aerial Applications, Analytical Space, Anduril Industries, Applied Minds, Elroy Air, Enview, Edgybees, Essentium, Falkonry, ICON Technology, Orbital Insight, Orbital Sidekick, Pison, Privoro, Shift.org, Swarm Technologies, Tectus Corp., Virtualitics, Wickr, Wafer and one company that the Air Force has not disclosed.
“For all these awardees, you’re on a four-year, fixed-price contract that we believe, if successful, will disrupt part of our mission in a way that will give a huge advantage for our future airmen,” said Will Roper, the Air Force’s acquisition executive.
The value of the contracts awarded by AFWERX may seem small compared to the multibillion awards for major defense programs. However, these awards go a long way in helping technology firms overcome the “valley of death” between technology development and production, when a lot of companies are vulnerable to failure, said Chris Brose, head of strategy for Anduril Industries, which specializes in developing artificial intelligence technologies.
“For a company like ours or companies of that size, It’s quite significant. It allows us to really kind of do more of the good work that we’re doing, to scale and grow and work with new partners, and it makes a huge difference,” Brose said.
Brose declined to detail the precise nature of Anduril’s contract with the Air Force, but said that the general objective is to prove that an unmanned aerial system can deliver a mass of swarming drones capable of performing complex missions. While a human would still be “in the loop” overseeing the network, certain tasks — such as steering the drones, moving their sensors and processing gathered data — would be automated.”
“Lawmakers want federal agencies to publicly post their contingency plans so everyone has a better idea of what to expect as more federal employees move to telework and other alternative operations. Official agency advice is scarce.”
“Some agencies posted some contractor-specific contingency guidance in the last few days ahead of the March 19 letter from Senate lawmakers, but federal contractors FCW has spoken with in the last few days said official agency advice for contractors is scarce.
The Environmental Protection Agency and the U.S. Agency for International Development rolled out guidance for their contractors at the end of last week, telling them to keep in close contact with their agency contracting officers, as well as check their contracts’ language for information on how to move ahead.
In a March 19 letter to the acting directors of OMB and OPM, Sen. Mark R. Warner (D-Va.) and seven other senators called on those agencies to require all federal agencies to post their contingency plans for COVID-19 outbreaks, so the public knows what services to expect and federal contractors have some guidance on how to comply with their contracts.
“Making these [contingency] plans transparent and readily available is key to ensuring that our constituents understand what services are continuing in the midst of the uncertainty and disruption caused by COVID-19. It is also important for federal employees and contractors to understand and properly implement the required mitigation measures and for policymakers to ensure compliance with these measures,” said the letter.
The letter said posting the plans was in line with the way the government handles the plans during a non-Coronavirus related government shutdown.
The Professional Services Council urged Russell Vought, acting OMB director, to extend telework to the contractor workforce where possible.
Many contractors are being sent and home told that “telework is not authorized under the contract,” PSC President and CEO David Berteau wrote in a March 18 letter to Vought.
“Sending contractors home without authorizing telework effectively ends the important work being done for the government by those contractors,” Berteau wrote. He said the lack of guidance also undermines the intent of the President when OMB told federal agencies to allow government workers the “maximum telework flexibilities.”
Additionally, the National Defense Industrial Association, the U.S. Chamber of Congress, PSC and other trade groups are urging Congress to include contractor telework and assistance for contractors who can’t work because of closed federal facilities in coming pandemic relief legislation.
EPA and USAID rolled out guidance for their contractors on March 13 and March 12 respectively, telling the businesses to keep in close contact with their agency contracting officers, as well as check their contracts’ language for information on how to move ahead.
USAID told contractors in its notice that contractors shouldn’t begin any new work or change work plans without getting written approvals from agency contracting officers and managers.
It told contractors not to begin any new work or change approved work plans.
The agency also said it is considering setting up an expedited procedures package for disease emergency response.
USAID contracting officers, said the agency, will get in touch with contractors if it needs to redirect resources. It said it said it would consider additional contract implementation expenses due to the virus on a “case-by-case basis.”
USAID advised contractors with workers infected by the virus and temporarily unable to work to “continue to incur operating costs–to be able to restart activities immediately if circumstances or instructions change.”
On March 13, the EPA posted a Coronavirus FAQ for small businesses that answered some basic questions about how they should proceed. The guidance advised contractors to review their contracts to see how, and if, those documents offer any latitude for delays. It advised small business contract holders to look to the Federal Acquisition Regulation for further information on how federal contract performance is handled under extreme circumstances, including pandemics. It warned that “force majeure” clauses common in the language of many commercial contracts, are not the same under the FAR.
Contractors that have “Excusable Delays” provisions in their contracts that cover contingencies including epidemics.
EPA advised contractors to consult with customer agencies closely on whether specific federal workers or sites would be available or open for work. It said contractors might also get wind-down and startup costs covered if work can’t be done because of absent workers or closed sites.”