GTPAC cybersecurity initiative wins ‘Outstanding Project’ Award

GTPAC received the Outstanding Project Award at APTAC’s annual training conference on Mar. 7, 2018.

GTPAC received the Outstanding Project Award at APTAC’s annual training conference on Mar. 7, 2018.

A Georgia Tech-produced free instructional video that provides step-by-step guidance to government contractors seeking compliance with Department of Defense (DoD) cybersecurity requirements received the Outstanding Project Award from the Association of Procurement Technical Assistance Centers (APTAC).

 

The award, given annually, recognizes an accomplishment that stands out from the day-to-day activities that all PTACs organize and undertake.

 

The Georgia Tech Procurement Assistance Center (GTPAC), which produced the 20-minute video and related template for contractors’ use, accepted the award on March 7, 2018 at APTAC’s spring conference in Jacksonville, Fla. APTAC represents 98 procurement technical assistance centers across the United States and the U.S. territories of Guam and Puerto Rico.

 

GTPAC is an economic development program of Tech’s Enterprise Innovation Institute (EI2). It helps Georgia enterprises identify, compete for, and win government contracts. Funded in part through a cooperative agreement with the U.S. Department of Defense, GTPAC’s services are available at no cost to any Georgia businesses that have an interest and potential to perform work — as a prime contractor or a subcontractor — for federal, state, or local government agencies.

 

The video is accessible at this link: gtpac.org/cybersecurity-training-video. Its accompanying resources include a cybersecurity template for contractors’ use.

 

The video and template were funded through a cooperative agreement with the Defense Logistics Agency, and created with the support of the Georgia Institute of Technology. The content of the video presentation does not necessarily reflect the official views of, or imply endorsement by, the DoD, the Defense Logistics Agency, or Georgia Tech.

 

Members of the GTPAC team proudly show off the national award.

Members of the GTPAC team proudly show off the national award.

Both PTACs, which counsel businesses, and businesses themselves have heralded the video and template as valuable one-stop resources for existing contractors and aspiring DoD contractors alike.  Since the 2017 launch of these training tools, 1,284 persons have viewed the video and downloaded the template 1,508 times.

 

Specifically, the video explains Defense Federal Acquisition Regulation Supplement (DFARS) clause 252.204-7012, including its key definitions and cyber obligations, including its primary requirement that defense contractors which process, store or transmit “covered defense information” must address 110 individual cybersecurity controls outlined in National Institute of Standards and Technology (NIST) Special Publication 800-171.

 

The 20-minute-video not only provides information on these requirements, but also provides specific guidance on how government contractors can achieve compliance with the DFARS clause and the NIST standards.  The video guides government contractors on how they can perform a “self-assessment” of their information system using NIST’s Manufacturing Extension Partnership (MEP) Cybersecurity Self-Assessment Handbook.

 

One of the most creative and innovative aspects of the project is the 127-page cybersecurity template GTPAC created in conjunction with the video. The template provides step-by-step instructions on how government contractors can create a “Systems Security Plan” and “Plan of Action” — documentation necessary to achieve compliance.

 

“The resources we created come just as the DoD’s recent warning that it plans to request and evaluate cybersecurity plans from businesses as a part of the contract award decision-making process,” said GTPAC program manager Joe Beaulieu. “By providing the video and cybersecurity template, GTPAC’s objective is to make the process of achieving compliance much easier, especially for small defense contractors who may not have the resources necessary to develop such plans from scratch.”

 

The template makes the process of drafting the required documentation easier, as contractors merely have to fill in the blanks and answer specific questions, rather than work from a blank slate. While it is ultimately up to the contractor to meet the requirements and to fill in the blanks, GTPAC’s video and template provide contractors with an excellent starting point for assessing, achieving and documenting compliance.

 

In honoring GTPAC with the Outstanding Project Award, APTAC encouraged other PTACs to make use of the video, template, and resource materials. NIST recently provided similar encouragement to its nationwide MEP network — including the Georgia Manufacturing Extension Partnership (GaMEP) — in their work with U.S. manufacturers.

 

GTPAC coordinated the creation of the cybersecurity materials with GaMEP, which is a sister economic development program offered through Tech’s EI2.

 

Tech students to present cybersecurity research for commercialization on April 13

Demo Day FinaleGeorgia Tech students will present their best cybersecurity research before a panel of venture capitalists and business leaders for a chance to win cash in the “Demo Day Finale” on April 13 at the Klaus Advanced Computing Building, KACB #1116 E-W, 266 Ferst Drive, Atlanta, Ga. 30332. (RSVP here: http://cyber.gatech.edu/demo-day ).

 

Five student teams representing the School of Computer Science and School of Electrical Computing and Engineering are polishing their presentations now to deliver TED-style talks before business leaders with tech investment experience in the southeastern Untied States, Europe, and Middle East. Research with the best chance of commercialization or demonstrating the most impact toward resolving an industry need receives a cash prize – up to $7,000.

 

Demo Day Finale judges include Georgia Tech commercialization catalysts Jeff Garbers and Harold Solomon of VentureLab, and Thiago Olson of the Advanced Technology Development Center.

 

Work to be presented includes new cryptographic search methods, a malware detection method for IoT or embedded devices, protections for industrial control systems, spectral profiling for catching malware activity, and a model for software engineering policy requirements.

 

Musheer Ahmed, (left) founder of FraudScope, which won the 2016 Demo Day Finale.

Musheer Ahmed, (left) founder of FraudScope, which won the 2016 Demo Day Finale.

For last year’s inaugural winner – Musheer Ahmed – the event was a springboard to successfully launch FraudScope, a healthcare fraud detection system based upon algorithms he developed as a Ph.D. student.

 

After winning Demo Day Finale, Ahmed went on to collect more than $400,000 in seed funding in less than three months. He won the Atlanta Start-up Battle, the Technology Association of Georgia’s Biz Launch Competition, and more. The quick success allowed him to invest in a better user interface design, hire staff, and begin marketing his product at health and technology industry tradeshows.

 

The Demo Day Finale is hosted by the Institute for Information Security & Privacy (IISP) and aims to give students an early introduction to potential investors as they continue their research or if they are ready to move it to market.

 

“During the course of research, it can be difficult for entrepreneurial students to know how industry may react to a finished project,” said Wenke Lee, co-director of the IISP and a professor in the School of Computer Science who has successfully transferred research to private corporations. “The Demo Day Finale lets students share ideas underway to active investors so they can receive early stage feedback that will inform research directions, the future application of it, or market considerations. This is one way we think the Institute for Information Security & Privacy can help move solutions to market that will improve the security or privacy of our identities, data, and devices.”

While Ahmed was eager to launch his business as soon as possible, ID for Web, last year’s second place winners, used the experience to get an early “gut” reaction from business investors as they try to create a more secure form of identity validation online. ID for Web’s Demo Day presentation led to an invitation from startup accelerator “CyberLaunch,” where they spent summer 2016 discovering the best application of their technology by talking to both potential customers and potential investors.

“The summer at CyberLaunch put us in touch with business leaders from many different industries, and got us a lot of validation to the relevance of our technology; everybody agrees the current authentication mechanisms are a huge pain to both users and service providers,” said postdoctoral researcher Simon Chung. “Their eyes light up when we say we’re trying to get rid of passwords. Also, since our technology can be used to solve many real-world problems, this process helped us find the best use of our technology and focus on developing our first end-to-end prototype system.”

Judges on April 13 will include investors Jeff Garbers and Harold Solomon of Venture Lab, and Thiago Olson of ATDC.