Tag Archives: cyber challenge

Spinning Up Telework Presents Procurement Challenges

Standard
Image: Eztalks.com

FCW

There’s good news and bad news for agencies looking to ramp up telework in the wake of the coronavirus pandemic, according to federal contracting experts.

The good news is federal acquisition contracts are set up for quick acquisition of essential telework equipment, such as laptops or tablets, said acquisition experts FCW spoke with. The bad news could be that online scammers are watching the expanding tele-workforce with great interest.

___________________________________________________________________________

“The emphasis on agency telework is growing, and although most agency employees are already assigned computers, there may be some hardware gaps to fill as workforces move to remote locations.

Federal governmentwide acquisition contracts, such as NASA’s Services for Enterprise-Wide Procurement, the General Services Administration’s ordering schedule and the National Institutes of Health Information Technology Acquisition and Assessment Center (NITAAC) are set up to help quickly fill laptops, tablets and other IT commodity orders, they said.

“In general, SEWP is an agile acquisition vehicle that allows for quick turn-around times for quotes and provides points of contacts for all contract holders to facilitate quick communications,” Joanne Woytek, SEWP manager told FCW. The GWAC, she said, has not seen any specific increase related to teleworking support, so far.

“For laptops, tablets, printers, agencies have purchase cards,” Alan Chvotkin, executive vice president and counsel for the Professional Services Council, told FCW. “Orders placed on SEWP and federal schedules can get responses within 24 hours,” he said, adding that speedier responses could pump up costs.

SEWP posted a warning on its webpage at the beginning of March saying delays in some order could result from stresses on the supply chain.

In an email to FCW on March 11, Woytek again noted that delivery of technology “is limited by the capacity of industry.” She said order delivery “is going to be on a case by case basis and greatly dependent on the complexity, configuration and size of an order.”

However, the demand for laptop and tablet computers from federal agencies during the next few weeks, probably won’t be too steep, said Roger Waldron, president of the Coalition for Government Procurement.

Agencies, however, should be working diligently to “level set” their computer and network needs for the coming weeks, as well as keep informed on their existing IT contracts and how to leverage GWACs, such as SEWP, to back fill last-minute IT and IT commodity needs.

Even though agencies will probably have the resources to get any necessary computers for new telecommuters, another acquisition expert said they face a sneaky obstacle — telework-savvy cyber adversaries.

Bad actors are on the lookout for new teleworkers, as those workers open up a vulnerability to protected networks, said Evan Wolff, a partner at Crowell & Moring, who co-chairs the firm’s Privacy & Cybersecurity Group and is a member its Government Contracts Group.

Targeted phishing emails and other cyber crime techniques could be a challenge for federal IT managers with increasing numbers of telecommuters, Wolff told FCW in an interview.

Federal IT managers, he said, may not have appropriately secure infrastructure in place to lock down all communications. Additionally, simple things, such as shared living space with non-government employee roommates, could also present issues, if the federal teleworker has a sensitive post, he said.

“We’re already seeing a focus on customized phishing” aimed at non-government telecommuters as the coronavirus spreads, said Wolff. That wave of targeted remote worker phishing email is probably coming to new federal telecommuters too.

“Bad actors understand a target’s leadership and the types of appropriate email” that could temp them into taking the bait, he said.”


National Security Agency (NSA) Dares Students To Break Code Then Recruits Them

Standard
Image: http://www.sharethesmile.ca

FEDERAL NEWS NETWORK

“The National Security Agency’s best and brightest cyber security experts are putting their skills to the test by developing a cyber challenge and daring more than 330 schools and 2,600 students to solve it.

“We reach out to these students to figure out what year they are in, how could they come here to do internships or hire them full-time, so we are definitely on that from a hiring and recruitment perspective.”

______________________________________________________________________________

 “Kathy Hutson, the senior strategist for industry and academic engagement at the NSA, said the Codebreaker Challenge has become one of the best ways to attract the next generation of talent to the federal government.

Kathy Hutson is NSA’s Senior Strategist for Academic Engagement.

“We are doing the high touch and personal approach to educate and attract students. Through the Codebreaker Challenges, we are using a non-traditional approach, which also teaches good fundamental skills for NSA as well as the nation,” Hutson said on Ask the CIO. “In our new employee orientation class, we started to poll all of our new employees as far as how they became interested in NSA. Among the new employees at a recent orientation class, one woman identified that she came to NSA through the GenCyber camps, which NSA hosts, and what sealed the deal for her was participating in the Codebreaker Challenge.”

NSA launched the Codebreaker Challenge in 2013 as a way to further connect with students and professors, who are focused on technology and cyber issues.

Over the last six years, the annual initiative has become a much-anticipated challenge with professors making it a part of their classes and students testing their mettle against NSA’s cyber experts.

“There is quite a bit of enthusiasm and excitement when I go to campus. In the early fall I gave a tech talk where I walk through the previous year’s challenge and new one that’s coming up. The crowd seems to grow each year,” said Eric Bryant, a technical director in the crypto analysis organization at the NSA. “We’ve also seen the emergence of additional groups like student clubs, which focus on these types of smaller, capture the flag challenges.”

2018 challenge focused on blockchain

The initiative provides students, professors and anyone else who is interested “with a hands-on opportunity to develop their reverse-engineering /low-level code analysis skills while working on a realistic problem set centered around the NSA’s mission.”

The 2018 challenge focused on ransomware and blockchain, requiring participants to solve eight separate, but related challenges.

“We structure the challenge so that the beginning tasks are easier and more accessible to the students. Most students don’t have prior experience in areas like reverse engineering, vulnerability analysis and crypto-analysis,” Bryant said. “We structure the problem so there is a progression of tasks and they are working toward an ultimate goal. In the case of the most recent challenge, ultimately they were trying to unlock the ransomware without having to pay the ransom and go a step further to recover all the funds victims had paid in and pay them back by exploiting the logic in the attacker’s contract.”

Bryant said a group of NSA cyber experts develop the challenge each year on top of their regular duties. He said they try to focus on areas that are either up-and-coming or current cyber threats and attack vectors.

For the 2019 Codebreaker Challenge, Bryant said it likely will focus on mobile security threats, probably using an Android operating system.

1 of the 20 to solve the challenge

Adam Merrill, a computer science student at the New Mexico Institute of Mining and Technology, participated in the 2018 Codebreaker Challenge. He said the experience of solving the challenge gave him the confidence to make cybersecurity a main focus area of his major.

“I’ve done similar things like the Codebreaker Challenge before but not to that scale. I figured I’d give it a shot and see what’s it all about,” he said. “It was a very steep learning curve. I am a computer science major and I know how to research topics to learn and try them out.”

Merrill said he spent about 80 hours over three or four months, and he estimates one-third to one-half of that time was spent researching online to understand how things like blockchain or distributed ledger works.

“Going into this, I had no intentions of finishing this. My initial goal was just get to task three or four, but after I finished tasks three and four and I got to the blockchain part, I took a  break and then one day I had some free time and looked into it,” he said. “I was able to get enough information and figured it was feasible. I spent a lot of time on task six. I came up with what I thought was a reasonable approach to solve that part of the challenge, but I realized it didn’t solve the task. That bummed me out. But later when I was sharing that approach with a friend, it turned out I was missing some small detail and once I added that in, it gave me a boost to finish.”

Bryant said NSA keeps a leader board showing the rankings of the schools. Oregon State University had over 100 students participating, and there were 20 other students, including for the first time ever a freshman in college, who made it through all eight tasks.

“There is one person who is a PhD student who has been involved in all the Codebreaker Challenges and he is usually one of the first to solve. He was first again this year, pretty shortly after the competition began. We had people who were working up to the end, including submissions on New Year’s Eve. Even now after the competition ended, we’ve left the site up and there are people who are working and submitting solutions.”

Bryant said he reaches out to all of the students who solve the challenge and NSA sends them letters of recognition and a memento for participating.

As for Merrill, the Codebreaker Challenge success led him down the path of applying for and being accepted into the Cybersecurity Scholarship for Service program, which provides up to three years of scholarships in exchange for working for the government after they are finished with school. “