The General Services Administration has launched a full review of its key online procurement system, after discovering a security vulnerability that may have exposed users’ sensitive data.
The security flaw was reported to GSA on March 8, and the agency has since issued a software patch on the system and is investigating potential impacts to vendors registered in GSA’s System for Award Management (SAM).
“When we got the word that this might be the case, we got right on it,” GSA Acting Administrator Dan Tangherlini told reporters Tuesday following a congressional hearing. “And there is nothing that we won’t do, there’s no step we’re not going to take to ensure the safety and the security of people’s data within that system.”
Tangherlini said GSA is testing changes to the system and will continue to keep users informed. “I am incredibly concerned about it, and the good news is that everyone in the organization is incredibly concerned,” he said of the system’s known security flaw.
The vulnerability could have compromised sensitive information, including Social Security numbers, of individuals registered in the system, according to GSA.gov. Contractors that use Social Security numbers instead of taxpayer identification numbers could be at greater risk, and those individuals will receive credit monitoring.
The vision for the SAM system is to serve as a single access point for nine procurement systems, but GSA has yet to accomplish that goal. To date, the SAM system includes four of the nine systems and provides access to contractors’ business information, their certifications required to receive federal contractors and grants and which contractors have been suspended and debarred.
In 2008, GSA began consolidating its systems in a effort to reduce costs, eliminate redundancies and improve efficiency.
A March 2012 Government Accountability Office report found that “while GSA has taken some steps to reduce costs, it has not reevaluated the business case for SAM or determined whether it is the most cost-effective alternative.”
The Federal Acquisition Service and Office of the Chief Information Officer are now providing program oversight, following an internal review of all GSA operations last year. Tangherlini has also called for the development, reporting and monitoring of key metrics for the SAM project.
Now more than ever, federal managers should be creating an environment where employees are compelled to collaborate and share innovative ideas, a senior administration official said Tuesday.
“We’re going to need to have strategies as managers,” said Dan Tangherlini, acting administrator at the General Services Administration. Speaking at the Federal Managers Association’s national convention in Washington, Tangherlini challenged managers to use existing resources, such as people and technology, to improve productivity and drive down costs.
“We are contending with a situation, which in my 22 years of service…is unique,” he said of the wide gap between federal spending and revenue, which has led to automatic budget cuts known as the sequester.
Tangherlini highlighted GSA’s Great Ideas Hunt as a means to pull innovative ideas from across the agency and engage employees at all levels. GSA generated more than 600 ideas last summer on improving agency efficiency, and more than 20,000 people commented on those ideas.
So far, five of those ideas have yielded $6 million in savings, including one to eliminate redundant surveys.
“We have to find ways to push people together and then find ways to get them to share their ideas,” he said. “And we can’t just do it episodically with something like the Great Ideas Hunt. Everyday should be a Great Ideas Hunt. Every office should be running a continual Great Ideas Hunt.”
The initiative coincided with an agencywide review, following revelations of lavish overspending at a 2010 conference inLas Vegas. Several GSA leaders, including the former administrator, were ousted.
Tangherlini said some employees initially feared consequences for pointing out areas of wasteful spending. Instead, those employees were praised for rooting out waste, he said.
“The other thing we said is this can’t be about monetary rewards,” he said. ”We should create an environment where people aren’t saving their great ideas for a cash transfer.”
For now, the administration has instructed agencies to stop giving out employee bonuses. As a result of the sequester, the Office of Management and Budget last week issued a memo telling agencies to only give out discretionary cash awards if they are legally required.
When asked by a federal manger about the use of monetary rewards to compensate employees, Tangherlini acknowledged that all managers would like to have those types of flexibilities but generating good ideas has to be focused more on the outcome rather than the reward.
At GSA, employees became convinced that sharing good ideas would lead to more efficient work, a restored reputation for GSA and more business. “We tapped into a well of frustration at GSA,” Tangherlini said.
Acting General Services Administration head Dan Tangherlini just posted a YouTube video addressing the burgeoning conference spending scandal — and he is not happy. The infamous 2010 Western Regions Conference didn’t just violate travel, acquisition and good conduct rules, he said: It undermined GSA’s entire purpose.
Just as importantly, those responsible violated rules of common sense, the spirit of public service, and the trust that America’s taxpayers have placed in all of us. Among other things, GSA creates and manages the rules and regulations governing travel and conferences. As a result, the actions of those responsible for the Western Regions Conference cut to the heart of what we do and who we are. They undermine both our mission and the trust we have developed with our customers — including the most important customer of all, the American public.
This will “never happen again,” Tangherlini said. He went on to outline some steps that have been taken in response to the revelations, such as an agency-wide review of all conferences and events and the suspension of GSA’s troubled Hats Off awards program, pending a “top-down review.” And in his most stinging rebuke, Tangherlini said:
Serving our customers well is reward enough. It is a signal that our commitment is to our service, our duty and our nation, and not to conferences, awards or parties.
It’s clear that Tangherlini understands just how damaging these revelations have been to GSA — and that he doesn’t want to hear anybody around him say the conference was no big deal. One of his first comments in this damage-control video is, “If you haven’t already, I urge you to read the report. When you do, you’ll see that what took place was completely unacceptable. [...] I speak for the overwhelming majority of GSA staff when I say we are shocked and deeply disappointed by these indefensible actions.”