A Web site for U.S. government contractors had to be shut down earlier this month after the General Services Administration revealed that anyone using the resource could gain access to confidential documents of the other users.
The incident gained greater resonance when it became clear that the site's users include some of America's largest corporations. Any disclosure of the details of their business with the U.S. government could lead to an explosion of deals worth hundreds of millions or even several billions of dollars. It would have made it possible, for example, to unleash a bitter corporate war between the likes of Boeing and Lockheed Martin, or Dell and Gateway.
Initial reports of the potential for leaks of secret information from the Web site appeared on Dec. 22, 2005, although it took three weeks to confirm them and shut down the Web site. Because the critical nature of such a leak is obvious, the delay can probably be put down to the level of bureaucracy at the GSA, a federal agency responsible for multi-million-dollar contracts to buy equipment and services for federal bodies ensuring their basic functioning, including in the spheres of IT and information security. The details of such large-scale contracts are considered highly confidential and the result of a leak could range from an isolated incident of industrial espionage to the complete bankruptcy of a company.
The GSA itself is responsible for the safety of the confidential documents used in its work, but the agency has no idea exactly how long the users of the Web site were able to read the sensitive data related to the work of other contractors. Staff at the agency can only hope that nobody actually managed to make use of the breach in security.
The eOffer Web site was launched in May 2004 to make the work of government contractors easier and allow them to send their proposals and contracts by e-mail. The GSA is now faced with the unenviable task of convincing all those with confidential documents of the site's integrity; after all an interested party could make use of any available details for its own benefit.
To all appearances, the breach was discovered by accident when a worker tried to register his firm as a government contractor. As the employee was entering his company's details he found that he could access randomly chosen documents. After a short experiment it became clear that it was possible to gain access to records of other contractors dating back nine years.
The creation of the Web site stemmed from a call by President George W. Bush for greater efficiency in the work of government. It was thought up as a way of saving time and money, as well as cutting back on paper and red tape during contract tenders. However, the Web site has actually jeopardized the work of the whole agency.
GSA representatives said the three-week delay in closing down the site was due to vulnerability checks carried out on agency staff. Nevertheless, the sheer size of the workload of the site, which services tens of thousands of contractors, meant it had gone back online within a few days of its closure.
“The details of government contracts and commercial proposals from contractors have to be very well protected. On the basis of the technical specifications and prices entered into those electronic documents, civil servants decide who they will buy this or that equipment from, and who will not get government contracts. With such information an unscrupulous company could not only spark a war between industry giants but also fraudulently win a contract worth hundreds of millions, or even billions of dollars," believes Denis Zenkin, marketing director at InfoWatch.
Source: The New York Times