Senators question GSA on response to eOffer security problem

The Senate Government Affairs Committee is questioning the General Services Administration’s slow action in taking down its eOffer system after a vendor discovered a security flaw.In a letter to acting GSA administrator David Bibb, Sens. Susan Collins (R-Maine) and Joseph Lieberman (D-Conn.), the chairwoman and ranking member of the committee, respectively, asked the agency to “help set the record straight about how this security lapse occurred and about GSA’s efforts to prevent a recurrence.”GSA had to shut down eOffer Jan. 11 after a vendor notified the agency about a security flaw that allowed users of the system to change others’ bids once they were logged on to the site. Officials fixed and put the back online Jan. 18. GSA’s inspector general is investigating the incident.The senators said the security flaw undermines confidence in e-government systems such as eOffer, which lets vendors electronically submit their offers for schedule task orders. The lawmakers also said any disclosure of confidential data “may have violated the Procurement Integrity Act” and raised questions regarding GSA’s IT security program.GSA must detail to the committee:A GSA spokesman said a letter is being prepared in response to the correspondence received from Sens. Lieberman and Collins. The questions they pose will be addressed, and include a detailed explanation of the corrective actions taken to boost the security of this site."We can report that GSA has taken immediate action to repair a fault that compromises the integrity of a Web tool the agency provides to make it easy for customers to prepare and submit their electronic GSA schedule offers and schedule contract modifications," the spokesman said. "The agency also launched an intensive search to identify possible irregularities within the other electronic tools GSA provides to its customers. One other application was found to have a similar fault and it too was corrected."