Inside the Reporter's Notebook: FedBizOpps contractor admits to hacking

Friday - 5/23/2014, 6:10pm EDT

Jason Miller, executive editor, Federal News Radio

Download mp3

"Inside the Reporter's Notebook" is a biweekly dispatch of news and information you may have missed or that slipped through the cracks at conferences, hearings and the like.

This is not a column nor commentary — it's news tidbits, strongly sourced buzz, and other items of interest that have happened or are happening in the federal IT and acquisition communities.

As always, I encourage you to submit ideas, suggestions and, of course, news to me at jpmiller@federalnewsradio.com.


President of FedBizOpps contractor pleads guilty to hacking

The president and chief technology officer of the government contractor who runs FedBizOpps.gov and two other governmentwide acquisition websites pleaded guilty to criminal hacking charges Wednesday.

Ariel Friedler, president and CEO of Symplicity Corporation, pleaded guilty in federal court May 21 to conspiring to hack into the computer systems of two education sector competitors to improve his company's software development and sales strategy, according to a Justice Department release. Alok Dhir, CTO of Symplicity, also is charged in the crime. He is expected to enter his plea in court in early June.

The Justice Department said maximum penalty for Friedler is five years in prison, $250,000 fine, full restitution and three years of supervised release for violating the federal Computer Fraud and Abuse Act (CFAA). He will be sentenced on Aug. 1 in the Eastern District Court of Virginia.

Under the plea deal, Friedler agreed to pay Maxient $217,097.60.

Emails to Friedler and Friedler's attorney David O'Brien, of Crowell- Moring, seeking comment were not immediately returned.

Symplicity spokeswoman Victoria Chapa said the company "has not been — and will not be — charged in this matter and the company will continue to provide its millions of users with secure, reliable platforms for effective information management without interruption. It is also important to note that this incident related exclusively to Symplicity's business in higher education."

Chapa added none of Symplicity's work with the federal government or any related systems were implicated in the case, and those aspects of Symplicity's business remain completely separate from this matter.

Symplicity also announced Bill Gerety is its new CEO, and Samuel Ramer will be its new general counsel.

Chapa said Friedler and Dhir have resigned from Symplicity, effective immediately.

PandoDaily first reported the Justice Department's conviction.

"We hope that the court recognizes the tremendous damage done here," said Aaron Hark, co-founder of Maxient, a software company providing student conduct applications to the education sector. "It was nice to finally see after multiple years in our industry of him denying this and claiming this was a one-sided allegation and attempt to make corporate gain that in fact, it was his attempt to make corporate gain. It was nice to see that come to light. This is something the federal government needs to take notice of."

The FBI began investigating Symplicity in 2009 and issued a warrant at the company's offices in March 2012 after witnesses came forward alleging Friedler hacked into the computer networks of Maxient and Pave Systems, another education software company.

"This was a sad but inevitable outcome after an FBI investigation that lasted for more than two years. Mr. Friedler's actions and those of his associates were illegal and plain wrong," said Ghassan Nino, president and CEO of Pave Systems Inc. "I hope this sad situation does not sour the higher education community on the market. This market is full of good companies that follow the rule of law and stand for integrity, leadership and innovation."

While Symplicity says this is separate from its government business, there is potential that GSA or another agency could suspend or even consider debarment proceedings.

Under the Federal Acquisition Regulations, an agency could suspend a contractor for the "commission of any other offense indicating a lack of business integrity or business honesty that seriously and directly affects the present responsibility of a government contractor or subcontractor."

In addition to FedBizOpps.gov, Symplicity also runs the electronic subcontracting reporting system and the Catalog of Federal Domestic Assistance. It also recently won a contract from the State Department to provide constituent relationship management system in the cloud.


3 takeaways from not your usual MOC

If you didn't make it down to scenic Cambridge, Maryland, last week for ACT-IAC's annual Management of Change conference, you missed a new approach to conferences. Instead of the standard panel discussion format, ACT-IAC tried something a bit more novel.

In some rooms, presenters and audience members sat around tables to exchange ideas based on a specific topic and the presented to the group. Or in other cases, panelists were on a stage for less than 10 minutes and then joined the audience for a discussion led by a moderator-including our own Francis Rose, who along with other media members caused quite a bit of a stir when the discussion shifted to how the government needs to do a better job talking about success stories, and how too often agency press offices get in the way of celebrating all that is good and right with government.

Here are a couple of key takeaways from MOC:

  • OASIS isn't the only new approach to buying services in government. The General Services Administration is seriously considering consolidating all the schedules that currently provide professional services, including MOBIS, professional engineering, finance and accounting and others, into one mega-schedule. Tiffany Hixson, GSA's Northwest Artic Region commissioner of the Federal Acquisition Service, said consolidating existing professional services contracts would save GSA money, agencies time and vendors hassle. She said GSA could reduce the number of professional services contracts it manages by more than 500, meaning companies on, say MOBIS, PES and FABs, wouldn't have three schedule contracts anymore, only one. To be clear, no one would lose their schedule contracts. Hixson said in some instances GSA must negotiate seven different schedule contracts with the same vendor. She said GSA is hoping to schedule an industry day in June to discuss its plans.

  • Few audience members could get past Patrick Kennedy's, the State Department's undersecretary for management, delivery of his speech Tuesday night. It was not a highlight of the conference by any means. But if you could see the forest through the trees, Kennedy highlighted significant progress by State on several notable IT programs. He said the enterprise data quality initiative is creating standards, including a full glossary and taxonomy. State, for example, had 300 different titles for someone who drove around officials at an overseas post. Kennedy said the EDQI strategy will help ensure officials have accurate and useful information to make decisions. Another program, the Integrated Logistics Management System (ILMS), could save the department more than $100 million by improving how they buy, transport and oversee goods and services. While the program has been around for some time, Kennedy said ILMS is one of the ways State is trying to deal with a 4 percent cut to the foreign service budget. Finally, Kennedy highlighted State's green building program. He said 100 building worldwide are using smart metering technology to adjust the temperature, lighting and other traditional functions that use a lot of electricity. He said in Thailand, the smart metering systems reduced energy consumption by 13 percent and will save State $300,000 this year. State plans to install another 100 meters in buildings around the world this year.

  • An important clarification about comments David Bray, Federal Communications Commission CIO, made at the conference's final plenary session Tuesday. Bray caused quite a buzz among GSA and others when he said lawyers were not letting the agency use GSA schedules because of concerns about anti-deficiency act violations. After doing some research, the real problem, I'm told, is around how the FCC buys software and cloud services. FCC lawyers, it seems, are concerned over the agency entering into contracts where it wasn't getting all the products up front, but on a monthly or yearly basis. Therefore the concern is the government is paying for something it doesn't receive all at once and that could cause an anti-deficiency act violation, in their eyes. Bray said the problem wasn't just with GSA schedules but any cloud or software buy and it would add three to six months to the timeline for the lawyers to alleviate any concerns. But now it seems the issue is getting cleared up pretty quickly as FCC lawyers are getting a crash course on procurement rules.


FITARA's chances in the Senate? TBD

As the Federal Information Technology Acquisition Reform Act (FITARA) gets a second go around in the House's version of the Defense Authorization bill, the bigger question is whether the Senate is ready to play ball.

If you remember last year, the House included FITARA as part of the 2014 NDAA it passed, but the Senate Armed Services Committee worked with lower chamber lawmakers and decided not to move forward with that section of the bill.

Reps. Darrell Issa (R-Calif.) and Gerry Connolly (D-Va.) introduced an updated version of FITARA in February. Issa and Connolly offered the bill as an amendment to the NDAA on May 20 and it was passed along with a block of provisions.

As the bill now goes back to the Senate, all eyes point to Sens. Tom Carper (D-Del.) and Tom Coburn (R-Okla.), chairman and ranking member of the Homeland Security and Governmental Affairs Committee.

If Carper and Coburn find enough they like about the bill and the administration decides not to make too much of a stink about it, then there's a pretty good chance of FITARA becoming law as part of the NDAA.

As of now, that doesn't seem likely-at least for FITARA as the House passed it.

At the recent committee hearing on IT acquisition, both Carper and Coburn asked witnesses about FITARA and IT reforms.

"While we appreciate their hard work on the legislation and share many of their same goals, based on these charts it's not clear how many of these success factors could be encapsulated in legislation," Carper said referring to a chart showing nine success factors for federal IT programs.

Federal CIO Steven VanRoekel said many of the best practices are about comprehensive management and it's hard to legislate those actions.

"A starting point if you look at a proposed bill like FITARA, I think there is a disconnect between appropriators and authorizers. There is a money aspect here as much as there is an authorization aspect, and thinking about that duality in the work that is being done," he said. "I think we have an opportunity in incentives and thinking about what outcomes we want to see. I also fear a lot of what we see in legislation that looks at technology is technology is moving so quickly. If we were sitting here 15 years ago, the notion of doing agile approaches or even Internet approaches in government weren't as self-apparent as they are today. So looking at how do we think about what outcomes we are trying to drive versus what are the tactical ways we will get there is essential because we are moving so far. We are moving so fast. We are moving fast enough that our procurement system can't keep up with it and we need to think about modern approaches to get there."

To translate for VanRoekel, the White House still doesn't see the need for FITARA.

Dan Tangherlini, GSA administrator, toed the party line by saying he didn't think legislation is the answer for ensuring senior leadership attention to IT projects.

"You can require it, but it won't necessarily result in it," he said. "What we need to do is continue to work as we have been closely with Steve to bring these best practices into our agencies and we need to make sure there is transparency and as a result accountability through strong oversight from Congress, seeing how we are performing and getting the work we say we will get done, done."

But isn't that the point of the legislation? If the law is updated to reflect changes in the importance and need for oversight of IT, Congress will pay attention, ask for reports, write letters of concern and hold hearings-which is exactly what Tangherlini just said was needed.

The Government Accountability Office's David Powner seemed to agree that changing the law to require more oversight and attention would be good. He said legislation is important in two areas: data center consolidation and IT dashboard reporting. Both of these would hold agencies more accountable for their reporting of data and progress.

Again even GAO's focus is not about management responsibilities, but changes to how agencies manage IT and how Congress expects oversight to be exacted.

Coburn countered VanRoekel and Tangherlini's arguments by saying one of the points of the new law called the DATA Act is so agencies can get the information to better manage their projects. Coburn said they don't have it currently.

"I really appreciate Steve what you are doing, implementing a management capability. That's been the real problem. It's not that we don't have great employees," he said. "It's that we have a skill set that hadn't been up to the task. So what you are doing is very important in that regard."

The committee passed on May 6 one piece of FITARA, the Federal Data Center Consolidation Act.

Carper said he may try to get it pushed through the full Senate and have it passed under unanimous consent.

IT Job of the Week

A best of both worlds situation for an aspiring intel techie. The Defense Department's Defense Security Service seeks a senior adviser for IT and CIO. This looks to be an in-the-weeds senior IT job that requires the candidate to be able to establish short and long term IT visions including an architectural roadmap, while also maintaining the enterprise security system and all applications supporting the National Industrial Security Program, Counterintelligence, Center for Development of Security Excellence and headquarters elements. A top secret security clearance is required. Applications are due June 6.

RELATED STORIES:

May 9 -- Inside the Reporter's Notebook: GSA takes 18F on a magical mystery tour

April 28 -- Inside the Reporter's Notebook: The funny side of strategic sourcing; NSTIC turns 3

April 11 -- Inside the Reporter's Notebook: OMB not a farm team, Strategic sourcing on steroids