Executive
Waste of the Day: Fed. Software Costing $14 Million at Risk of Attack
The Small Business Administration bought software for $14.2 million dollars, but the contractors delivered a vulnerable product.
Topline: The Small Business Administration has spent $14.2 million on its new software for managing contractor applications, but the agency has not been following “leading practices for risk management, cybersecurity, and schedule and cost estimation,” according to a new report from the Government Accountability Office.
Multi-million-dollar software vulnerable to attack
Key facts: The SBA’s Unified Certification Platform is a new online program that helps small businesses get certified to work as a government contractor. It consolidated several existing websites that were redundant and were making the application process difficult.
The platform launched in October, but “risks remain” to make the software functional and safe, according to the GAO.
The SBA’s written plan for developing the platform was missing key details on how it planned to protect personal information from hackers.
The SBA also hired third parties to review applications from small businesses. Since the third parties will have access to sensitive information, they should have been selected by security experts. That didn’t happen, and there is no written plan for making sure they do not steal data.
These mistakes “increase the likelihood of a successful cyberattack,” auditors wrote.
Search all federal, state and local government salaries and vendor spending with the AI search bot, Benjamin, at OpenTheBooks.com.
Background: The platform was supposed to be released in September, meaning small businesses would not be able to apply for certificates during the month of August while the system was being updated.
The GAO and two Senators warned about this
The GAO warned the SBA to follow a different schedule. If the release was delayed for some reason, applications would be unavailable during September, the end of the fiscal year when many government contracts are awarded.
That’s exactly what happened. The SBA used a vague “road map” instead of an actual schedule for project development, which caused the project’s timeline and cost estimates to be “unreliable,” auditors said. The platform wasn’t released until Oct. 18, a month too late.
Critical quote: Sen. Joni Ernst (R-Iowa) and Rep. Roger Williams (R-Texas) also warned the SBA not to risk closing applications during September, but their cries fell on deaf ears.
“Once again, the SBA is putting small businesses last and forcing them to navigate a bureaucratic mess,” Ernst and Williams told FedScoop in July. “Shutting down the certification portal right before the end of the fiscal year, the busiest time for applications, without a clear timeframe for reopening is completely unacceptable and shows Biden’s agency is out of touch with hardworking Americans.”
Summary: Optional improvements to the Unified Certification Platform could cost an additional $4.9 million by March 2026. It appears the extra work will be needed.
The #WasteOfTheDay is brought to you by the forensic auditors at OpenTheBooks.com.
This article was originally published by RCI and made available via RealClearWire.
Jeremy Portnoy, former reporting intern at Open the Books, is now a full-fledged investigative journalist at that organization. With the death of founder Adam Andrzejewki, he has taken over the Waste of the Day column.
-
Civilization4 days ago
FBI hunters are the hunted
-
Civilization4 days ago
Reining In the Rogue ICC
-
Civilization4 days ago
The Real Climate Crisis Is About Power, Not Just Energy
-
Civilization4 days ago
Trump’s Wild Bunch Is Ready for Action
-
Family3 days ago
Are women opting for sterilization?
-
Constitution2 days ago
The efficiency experts are coming!
-
Civilization3 days ago
Yes, the President Can Deploy Troops To Enforce Immigration Law
-
Constitution20 hours ago
Transgender movement shows weakness