Senators Seek Answers on eOffer Security Leaders of the Senate Governmental Affairs Committee have asked GSA to explain a security flaw that forced the temporary shutdown of its eOffer online bidding site. The vulnerability, discovered by a Dallas computer consultant, allowed users to alter any registered company’s information, including its bids. GSA said it had fixed the problem when it put the website back online Jan. 18, but the consultant, Aaron Greenspan, said the security hole still exists. (SAA, 1/27) In a Jan 31 letter, committee Chairman Susan Collins (R-ME) and the ranking Democrat, Joseph Lieberman (CT), asked acting GSA Administrator David Bibb to “help set the record straight about how this security lapse occurred and about GSA’s efforts to prevent a recurrence.” In a statement last month, GSA said it did not believe any data had been tampered with. The senators wrote, “The basis for that assessment is unclear, as the web site had been in operation for more than 18 months before the flaw was discovered.” They asked if GSA is taking any steps to confirm the integrity of eOffer and its other electronic tools. “But even assuming that no individual user of eOffer was injured by the disclosure of sensitive material, this incident raises troubling questions about GSA’s information technology security program that may contribute to the reluctance of private-sector entities to entrust sensitive information to federal agencies generally,” they wrote. A GSA spokeswoman has not returned several phone calls requesting comment. Greenspan, CEO of Think Computer in Dallas, said he reported the security gap to GSA in December, but the site was not shut down until three weeks later. He said the flaw allows any registered user of eOffer to adopt the identity of another company, access that company’s information in the database, and change it. After GSA put the site back online, he told Set-Aside Alert the agency had done “some minor revisions,” but had not plugged the hole. Contractor groups said the security lapse was likely to scare some companies away from the online bidding tool because their proprietary information might be at risk. GSA officials have touted eOffer and its companion, eMod, as keys to a future of electronic procurement. With eOffer, GSA can post solicitations for task or delivery orders on its schedules and bidders can submit offers electronically. The eMod tool allows schedule vendors to submit requests for contract modifications electronically. Senators Collins and Lieberman wrote: “E-Government initiatives in procurement and many other areas can only realize their potential for improved efficiency and customer service if companies are convinced that when they submit confidential data electronically, it will be safe from disclosure or tampering. Our homeland security efforts depend on critical infrastructure facilities sharing highly sensitive information with government agencies that use the information to counter terrorist and other threats, and to reduce vulnerabilities. Insofar as this incident at GSA will contribute to companies’ resistance to sharing information with other agencies for fear that the government cannot secure it, the nation’s security efforts may suffer.”