Waste of the Day: Fed. Software Costing $14 Million at Risk of Attack

Topline: The Small Business Administration has spent $14.2 million on its new software for managing contractor applications, but the agency has not been following “leading practices for risk management, cybersecurity, and schedule and cost estimation,” according to a new report from the Government Accountability Office.

Multi-million-dollar software vulnerable to attack

Key facts: The SBA’s Unified Certification Platform is a new online program that helps small businesses get certified to work as a government contractor. It consolidated several existing websites that were redundant and were making the application process difficult.

The platform launched in October, but “risks remain” to make the software functional and safe, according to the GAO. 

The SBA’s written plan for developing the platform was missing key details on how it planned to protect personal information from hackers. 

The SBA also hired third parties to review applications from small businesses. Since the third parties will have access to sensitive information, they should have been selected by security experts. That didn’t happen, and there is no written plan for making sure they do not steal data.

These mistakes “increase the likelihood of a successful cyberattack,” auditors wrote.

Search all federal, state and local government salaries and vendor spending with the AI search bot, Benjamin, at OpenTheBooks.com. 

Background: The platform was supposed to be released in September, meaning small businesses would not be able to apply for certificates during the month of August while the system was being updated. 

The GAO and two Senators warned about this

The GAO warned the SBA to follow a different schedule. If the release was delayed for some reason, applications would be unavailable during September, the end of the fiscal year when many government contracts are awarded.

That’s exactly what happened. The SBA used a vague “road map” instead of an actual schedule for project development, which caused the project’s timeline and cost estimates to be “unreliable,” auditors said. The platform wasn’t released until Oct. 18, a month too late.

Critical quote: Sen. Joni Ernst (R-Iowa) and Rep. Roger Williams (R-Texas) also warned the SBA not to risk closing applications during September, but their cries fell on deaf ears.

“Once again, the SBA is putting small businesses last and forcing them to navigate a bureaucratic mess,” Ernst and Williams told FedScoop in July. “Shutting down the certification portal right before the end of the fiscal year, the busiest time for applications, without a clear timeframe for reopening is completely unacceptable and shows Biden’s agency is out of touch with hardworking Americans.”

Summary: Optional improvements to the Unified Certification Platform could cost an additional $4.9 million by March 2026. It appears the extra work will be needed.

The #WasteOfTheDay is brought to you by the forensic auditors at OpenTheBooks.com.

This article was originally published by RCI and made available via RealClearWire.