State/OIG Reviews IRM’s Vendor Management Office’s Role in Vanguard’s $3.5.B Contract

Posted: 12:11  am EDT

This is an excerpt from the State/OIG report on IRM’s new Vendor Management Office (VMO):

In a March 2013 action memorandum, the Chief Information Officer (CIO) established the Vendor Management Office (VMO) in the Bureau of Information Resource Management (IRM), Operations, to support the Vanguard Acquisition Strategy. The CIO created the VMO after determining that he needed dedicated staff to monitor the Vanguard contract and assist with the formulation of well-defined performance metrics. The Vanguard Acquisition Strategy, a Department initiative, consolidated existing IRM contracts under the umbrella of one performance-based contract with multiple firm fixed price1 task orders to provide better coordination and improve service delivery. The total Vanguard contract award was $3.5 billion over a period of 10 years and comprised 90 to 95 percent of IRM-wide contracting activity; IRM also has 50 contracts totaling $74 million that do not fall under the VMO or Vanguard.

Three functional support units comprise the VMO: Contract Management, Service Performance Management, and Enterprise Project Lifecycle Management. The VMO is separate from the Bureau of Administration, Office of Logistics Management, Office of Acquisitions Management (AQM), which is responsible for executing the Vanguard contract.
Since the VMO’s establishment, the CIO has tasked it with coordinating several priority projects that include Public Key Infrastructure deployment, the Virtual Desktop Initiative, the Foreign Affairs Network, and Cyber Security. These are listed objectives in the Department’s IT Strategic Plan. This has led to increased responsibilities for the VMO and the resources needed to support them.

Where is this on the FAM, again?

The language in 1 Foreign Affairs Manual (FAM), 270 Organizations and Functions for the VMO, drafted in August 2014, was still in the clearance process at the time of the inspection.

The VMO operates without authority to require compliance with its procedures. The Department has no guidelines on the operation of a vendor management office in the FAM, which defines authorities and responsibilities for each major component of the Department.

To date, the VMO has operated without a 1 FAM entry or IRM policy or guidance that specifies the office’s authority. On April 13, 2015, IRM circulated a draft 1 FAM, outlining the proposed role and responsibilities of the VMO. In the interim, the VMO has no mechanism beyond consensus building to enforce adherence to its policies, procedures, and processes.

More contractors than direct-hire employees?

At the start of the inspection, the VMO staff consisted of 9 full-time employees, 1 student- trainee, and 16 contract positions. During the inspection, the number of contract positions increased to 24. FY 2014 funding for VMO activities is $1.5 million from diplomatic and consular program funding. As of May 2015, the amount for FY 2015 had increased to $3.9 million because of resources needed to manage new projects.

$376K Performance Incentive Fees to Contractors

The VMO Service Performance Management unit has implemented performance metrics to review and analyze information generated through contractor performance assessments. The CORs and GTMs are required to review and validate performance metrics on a monthly basis. However, between April 2014 and March 2015, the OIG team found that Vanguard GTMs failed to validate, on average, 25 of the 268 performance metrics each month because of other priorities. Despite the lack of review and validation, the CORs and GTMs certify to the contracting officer that the contractor has provided all services as specified in the contract and met all the performance metrics and that the Department can pay contractors their incentive fees. For example, in January and February 2015, the Department paid $376,595 in incentive fees to contractors for superior performance without a review or verification of 20 performance metrics, which could lead to the Department paying for services that it did not receive.

The system the VMO uses to process performance metric data for contracts is inadequate for mission requirements. The unit currently uses Excel spreadsheets to track, monitor, and analyze contractor compliance with 475 active performance metrics.

What about iSchedule?

The Enterprise Lifecycle Project Management unit created the iSchedule Management System (iSchedule), which provides the framework for integrating information technology project schedules to enable IRM to assign and manage work, monitor and control progress toward milestones, and understand the relationships and dependencies among the information technology projects.
Despite the VMO’s deployment of the iSchedule application in September 2014, IRM directorates do not use iSchedule on a consistent basis because IRM has not yet made use of the system mandatory. This inconsistent use of iSchedule has resulted in inadequate bureau coordination and incomplete project data and limits visibility on projects, activities, and risk. According to 5 FAH-5 H212, projects may require the formal use of a project management tool.

Inadequate acquisition planning and sole source contracts

The OIG team found little evidence that the Messaging Systems Office and the VMO conducted acquisition planning within the timeframes suggested in the Federal Acquisition Regulation 7.104-General Procedures.

In order to award a new blanket purchase agreement, the Messaging Systems Office submitted a sole source justification based on an urgent and compelling need. The Department’s Office of the Legal Adviser denied the office’s request because of inadequate acquisition planning. Program offices issuing requirements without sufficient lead-time restricts competition and risks increased costs. It can also put a strain on the contracting and administrative staff.

Read the full report here:


DOD Builds the World’s Most Expensive Gas Station in Afghanistan For $43M, Oh, Joy!

Posted: 1:01 am EDT


Apparently, we’ve built a compressed natural gas (CNG) automobile filling station in the city of Sheberghan, Afghanistan. The project cost almost $43 million, and the average Afghans can’t even afford to use it.

The Task Force for Business and Stability Operations (TFBSO or Task Force) was originally created by the Department of Defense (DOD) to help revive the post-invasion economy of Iraq. In 2009, TFBSO was redirected to Afghanistan, where its mission was to carry out projects to support economic development. From 2010 through 2014, Congress appropriated approximately $822 million to TFBSO for Afghanistan, of which the task force obligated approximately $766 million.

The contract awarded to Central Asian Engineering to construct the station was for just under $3 million. Yet according to an economic impact assessment performed at the request of TFBSO:

The Task Force spent $42,718,739 between 2011 and 2014 to fund the construction and to supervise the initial operation of the CNG station (approximately $12.3 [million] in direct costs and $30.0 [million] in overhead costs).

SIGAR says that the $43 million total cost of the TFBSO-funded CNG filling station far exceeds the estimated cost of CNG stations elsewhere. According to a 2010 publication of the International Energy Association, “the range of investment for a public [CNG] station serving an economically feasible amount of vehicles varies from $200,000 to $500,000. Costs in non-OECD [Organization for Economic Co-operation and Development] countries are likely to be in the lower end of this range.”

The SIGAR report notes that the total cost of building a CNG station in Pakistan would be approximately $306,000 at current exchange rates.  In short, at $43 million, the TFBSO filling station cost 140 times as much as a CNG station in Pakistan.

$43 million from the American taxpayers.

The SIGAR report also says that its ’s review of this project was hindered by DOD’s lack of cooperation, and when it comes to TFBSO activities, DOD appears determined to restrict or hinder SIGAR access.

It is both surprising and troubling that only a few months following the closure of TFBSO, DOD has not been able to find anyone who knows anything about TFBSO activities, despite the fact that TFBSO reported directly to the Office of the Secretary of Defense, operated in Afghanistan for over five years, and was only shut down in March 2015.

Further, SIGAR says that “If TFBSO had conducted a feasibility study of the project, they might have noted that Afghanistan lacks the natural gas transmission and local distribution infrastructure necessary to support a viable market for CNG vehicles.  Additionally, it appears that the cost of converting a car to run on CNG may be prohibitive for the average Afghan. TFBSO’s contractor, stated that conversion to CNG costs $700 per car in Afghanistan, where the average annual income is $690.”

We meant well in Afghanistan, too. Oh, joy!  What edition are we on?

But serious question. How can we have something happen like this, with DOD hindering/restricting SIGAR’s access and no one is in jail?

The read and weep report is available online here: 



State Dept Seeks Potential New Contractors for $234M Medical Service Support Iraq (MSSI) II Contract

Posted: 5:58 pm EDT


The State Department is seeking information for the availability of a new medical service provider for U.S. Mission Iraq.  There is an incumbent contractor,  CHS Middle East, LLC of Cape Canaveral, Florida. The total estimated contract value for the incumbent contractor is approximately $234M. According to the fedbiz announcement, the health units and diplomatic support hospitals will need to be mission capable by summer 2016. Below is an excerpt from the announcement:

Government is requesting information regarding the availability and feasibility of attracting new medical service providers to support the requirements of the U.S. Mission Iraq as described in this RFI. This notice is issued solely for information and planning purposes and does not constitute a Request for Proposal (RFP) or a commitment on the part of the Government to conduct a solicitation for the below-listed services in the future.
The DOS has a follow-on requirement for a Contractor to provide medical service support to U.S. Government (USG) personnel, USG third party contractors and authorized foreign nationals in Iraq. These medical services will be provided at USG facilities and include but are not limited to the following: general medical, surgical, orthopedic, gynecologic, dental, behavioral health, public health, urgent and emergency care and mortuary affairs. In order to fulfill these requirements the Contractor is responsible for providing trained and certified health care professionals (e.g., physicians, nurse practitioners, surgeons, emergency medical technicians, etc…) and the administrative services and staff to equip and operate the USG contractor-operated health care facilities in Iraq.

The Contractor is responsible for performing random and non-random drug testing for other third party contractors operating in support of the DOS in Iraq. Additionally, because other third party contractors require Emergency Medical Technicians (EMTs) in country, the Contractor is responsible for the medic validation and verification to ensure the verification of maintenance of credentials for EMTs.

Supported population is between 3500-5800

While the primary place of performance is throughout the country of Iraq, the Contractor may be tasked with providing temporary medical service support to other USG facilities located in the Near East Region (i.e., North Africa and the Middle East).

The BDSC Large Diplomatic Support Hospital not only provides primary care to personnel at BDSC, but also may serve as the secondary and trauma care center for the patient population within U.S. Mission Iraq (4300 – 5800 personnel). These services include evacuation management and mortuary affairs.

The Contractor shall provide on-site primary, urgent and initial emergency care for general medical, surgical, orthopedic, gynecologic, and mental health conditions; triage, stabilize and evacuate patients to the next level of medical care; and keep up to two patients in the Health Unit (HU) for up to 24 hours until stabilized or medically evacuated. Staffing shall be continuous and uninterrupted; coverage for illness and vacations shall be the responsibility of the Contractor.

The Contractor is responsible for providing routine care during regular working hours and on an emergency basis after normal working hours based on Chief of Mission (COM) requirements. Medical Service Support Iraq (MSSI) II; Solicitation SAQMMA-15-SS-MSSI .




Was the Consular Consolidated Database (CCD) the main target of the twin hackers?

Posted: 1:27 am EDT


In May 2015, a federal grand jury indicted twin brothers Muneeb and Sohaib Akhter, 23, of Springfield, Virginia, on charges of aggravated identity theft, conspiracy to commit wire fraud, conspiracy to access a protected computer without authorization, access of a protected computer without authorization, conspiracy to access a government computer without authorization, false statements, and obstruction of justice.  According to USDOJ, the brothers and coconspirators also devised a scheme to hack into computer systems at the U.S.  Department of State to access network traffic and to obtain passport information.  (See Twin Brothers and Co-Conspirators on Alleged Scheme to Hack State Dept to Obtain Passport Information).

The bothers pleaded guilty on June 26, 2015.   On October 2, the USDOJ announced that Muneeb Akhter was sentenced for accessing a protected computer without authorization, making a false statement and obstructing justice.  Muneeb Akhter was sentenced to 39 months in prison and Sohaib Akhter was sentenced to 24 months in prison.  Each man was also sentenced to three years of supervised release. Case title: USA v. Akhter et al.  Below is an excerpt from the announcement:

[T]he Akhter brothers and co-conspirators engaged in a series of computer intrusions and attempted computer intrusions against the U.S. Department of State to obtain sensitive passport and visa information and other related and valuable information about State Department computer systems.  In or around February 2015, Sohaib Akhter used his contract position at the State Department to access sensitive computer systems containing personally identifiable information belonging to dozens of co-workers, acquaintances, a former employer and a federal law enforcement agent investigating his crimes.

Sohaib Akhter later devised a scheme to ensure that he could maintain perpetual access to desired State Department systems.  Sohaib Akhter, with the help of Muneeb Akhter and co-conspirators, attempted to secretly install an electronic collection device inside a State Department building.  Once installed, the device could have enabled Sohaib Akhter and co-conspirators to remotely access and collect data from State Department computer systems.  Sohaib Akhter was forced to abandon the plan during its execution when he broke the device while attempting to install it behind a wall at a State Department facility in Washington, D.C.

Furthermore, beginning in or about November 2013, Muneeb Akhter was performing contract work for a private data aggregation company located in Rockville, Maryland.  He hacked into the company’s database of federal contract information so that he and his brother could use the information to tailor successful bids to win contracts and clients for their own technology company.  Muneeb Akhter also inserted codes onto the victim company’s servers that caused them to vote for Akhter in an online contest and send more than 10,000 mass emails to students at George Mason University, also for the purpose of garnering contest votes.

In or about October 2014, Muneeb Akhter lied about his hacking activities and employment history on a government background investigation form while successfully obtaining a position with a defense contractor.  Furthermore, in or about March 2015, after his arrest and release pending trial, Muneeb Akhter obstructed justice by endeavoring to isolate a key co-conspirator from law enforcement officers investigating the conspirators’ crimes.  Among other acts, Muneeb Akhter drove the co-conspirator to the airport and purchased a boarding pass, which the co-conspirator used to travel out of the country to the Republic of Malta.  When the co-conspirator returned to the United States, Muneeb Akhter continued to encourage the co-conspirator to avoid law enforcement agents.

One of the brothers was profiled by WaPo in 2014. Both brothers started college at 16 and they were George Mason’s youngest graduates in 2011. In 2012, the brothers received a $200,000 grant from the Defense Advanced Research Project Agency, or DARPA.

The details of this case are even more disturbing.  Under Count Eight  (Conspiracy to Access a Government Computer without Authorization).

60. The Bureau of Consular Affairs (hereinafter “Bureau”) is a division of the State Department, which administers laws, formulates regulations, and implements policies relating to consular services and immigration. It has physical offices in Washington, DC.

61. Passport Lockbox (hereinafter “Lockbox”) is a Bureau program that performs payment processing, scarming of applications, and initial data entry for US. passport applications. Lockbox has a computer database containing imaged passport applications associated with real individuals. The imaged passport applications in Lockbox’s database contain, among other things, a photograph of the passport applicant, as well as certain personal information including the applicant’s full name, date and place of birth, current address, telephone numbers, parent information, spouse’s name, and emergency contact information.

62. ActioNet, Inc. (hereinafter “ActioNet”) is a contractor that provided information technology support to the State Department. It has physical offices in Falls Church, Virginia, located in the Eastern District of Virginia.

63. From in or about October 2014 to in or about February 2015, SOHAIB AKHTER was a contract employee at ActioNet assigned to a position at the State Department as a Tier II Application Support Resource in the Data Engineering and Data Management Program within the Bureau.

64. Prior to accessing the Lockbox database, and throughout his tenure as a contractor with the State Department, SOHAIB AKHTER was made aware of and indicated he understood: (a) the confidential nature of the Lockbox database and the confidential personal data contained therein; (b) the information contained in the passport records maintained by the State Department pursuant to Lockbox is protected from unauthorized disclosure by the Privacy Act of 1974, 5 U.S.C. § 552a; and (c) passport applications maintained by the State Department in the Lockbox database should be accessed only in connection with an employee’s official government duties and not the employee’s interest or curiosity.

69. MUNEEB AKHTER and SOHAIB AKHTER, UCC-l, and other coconspirators known and unknown to the Grand Jury, engaged in a series of computer intrusions and attempted computer intrusions against the State Department to obtain sensitive passport and visa information and other related and valuable information about State Department computer systems.

70. SOHAIB AKHTER used his contract position at the State Department to search for and access sensitive passport information belonging to coworkers, acquaintances, a former employer, and federal agents investigating him for crimes alleged in this Indictment. After accessing sensitive passport information from State Department computers, SOHAIB AKHTER copied, saved, and shared this information with coconspirators.

71. SOHAIB AKHTER also attempted to use his access to State Department computer systems to create an unauthorized account that would enable him to access State Department computer systems undetected. SOHAIB AKHTER surreptitiously installed malicious programs onto State Department computer systems in order to execute his plan to create the backdoor login account.

72. SOHAIB AKHTER orchestrated a scheme to secretly install a physical device at a State Department building known as SA-17. Once installed, the device would enable SOHAIB AKHTER and coconspirators to collect data from and remotely access State Department computer systems.

73. SOHAIB AKHTER led the conspiracy, organized the intrusion to install the physical device, recruited coconspirators to assist in execution of the intrusion, and managed the execution of the intrusion.

74. MUNEEB AKHTER provided technical assistance to SOHAIB AKHTER for the unauthorized access. MUNEEB AKHTER programmed the physical device, known as a “gumstix,” so that it would collect data from State Department computers and transmit it wirelessly to computers controlled by MUNEEB AKHTER and SOHAIB AKHTER and coconspirators.

75. On the day the scheme was executed, UCC-1 transported materials, including the gumstix, from MUNEEB AKHTER, located at the AKHTER residence, to SOHAIB AKHTER, located at SA-17.
78. In or about October 2014, SOHAIB AKHTER was hired by ActioNet to perform contract work for the State Department at both ActioNet offices in Falls Church, Virginia, and Bureau offices in Washington, DC.

79. Beginning on or about February 12, 2015, and continuing thereafter until on or about February 19, 2015, in Falls Church, Virginia, in the Eastern District of Virginia, and elsewhere, SOHAIB AKHTER, while employed at ActioNet, accessed the Lockbox database without authorization. .

80. Between on or about February 12, 2015, and on or about February 19, 2015, SOHAIB AKHTER conducted approximately 119 searches for U.S. passport records using the Passport Lockbox Lookup report. He accessed personal passport information for approximately 62 different individuals, including: G.R., a DHS special agent investigating the crimes alleged in this Indictment; UCC-1; A.I.; A.M., the CEO of Victim Company 2; and himself. In addition, SOHAIB AKHTER attempted to access passport information for S.T., a DHS special agent investigating the crimes alleged in this Indictment.

82. In or about February 2015, SOHAIB AKHTER viewed and copied from State Department computer systems the personal passport information associated with several individuals, including DHS Special Agent G.R.

83. In or about March 2015, MUNEEB AKHTER told UCC-1 that he and SOHAIB AKHTER stored the personal passport information that SOHIAB AKHTER removed from State Department systems on an external hard drive. MUNEEB AKHTER told UCC-1 that Special Agent G.R.’s information would be valuable to criminals on the “dark net” and that he was considering selling the information.

84. In or about February 2015, SOHAIB AKHTER downloaded several programs to a State Department computer. These programs included malicious software, or malware, which SOHAIB AKHTER hoped would enable him to access State Department computers remotely.

85. In or about February 2015, SOHAIB AKHTER told UCC-1 that if he was able to gain remote access to State Department computer systems, he could: access information on individuals’ passport applications; access and unilaterally approve visa applications without State Department authorization in exchange for payment; and create passports and visas and sell them on the “dark net.”

86. On or about February 15, 2015, SOHAIB AKHTER called UCC-1 and asked him to buy a drill. UCC-1 purchased the drill and then, pursuant to SOHAIB AKHTER’s request, drove to the AKHTER residence to pick up additional items from MUNEEB AKHTER. At the AKHTER residence, in Springfield, Virginia, in the Eastern District of Virginia, MUNEEB AKHTER told UCC-1 that he was programming a SD card, which was later to be inserted into the gumstix. MUNEEB AKHTER gave UCC-1 a bag containing a screwdriver, tape, glue, and the gumstix. Pursuant to SOHAIB AKHTER’s request, UCC—l drove to SA-17, in Washington, DC, and delivered the bag and items to SOHAIB AKHTER outside SA-17. Later that day, MUNEEB AKHTER drove separately to Washington, DC, and delivered the SD card to SOHAIB AKHTER.

87. On or about the evening of February 15, 2015, SOHAIB AKHTER called MUNEEB AKHTER and told him that he attempted to install the gumstix behind a wall inside SA-17 but was ultimately unsuccessful.

88. On or about February 19, 2015, SOHAIB AKHTER sent an email from his State Department email account to the email address containing lines of code and headers for State Department servers.


We’re not sure reading this if the intrusion was done on the State Department’s Travel Document Issuance System (TDIS) which includes information from U.S. citizens and nationals applying for passports, other Department of State computer systems, passport acceptance agents, the Social Security Administration, the lockbox provider (CITIBANK), passport specialists, and fraud prevention managers, or, if the intrusion occurred on the Passport Information Electronic Records Systems (PIERS), or wait … the motherload, the Consular Consolidated Database (CCD) The Passport Lockbox program cited in the indictment is vague; it’s not a system of record according to the State Department’s System of Records Notices.  But the indictment identifies it as a State Department database. Could this be in reference to the Citibank® Lockbox Services? That is a high-speed processing environment and image-based platform for receivables management, advanced reporting and image inquiry used by the State Department to enable the scanning of applications, extraction of applicant photos received at lockbox locations and storing and batching of images.

Note that #69 of the indictment also alleges “a series of computer intrusions and attempted computer intrusions against the State Department to obtain sensitive passport and visa information;” does that mean the targeted system was the CCD?  The CCD provides access to passport data in Travel Document Issuance System (TDIS), Passport Lookout Tracking System (PLOTS), and Passport Information Electronic Records System (PIERS).  As of December 2009, the CCD also contains over 100 million visa cases and 75 million photographs, utilizing billions of rows of data, and has a current growth rate of approximately 35 thousand visa cases every day.

By the way, one of the brothers was a contract employee assigned to a position at the State Department as a Tier II Application Support Resource in the Data Engineering and Data Management Program within the CA Bureau from October 2014 to in or about February 2015 (#63).  In November 2014, the State Department suffered some “technical difficulties.” See State Dept Re-attached to the Internet, and About Those “Unrelated” Embassy Outages; State Department’s “Technical Difficulties” Continue Worldwide, So What About the CCD?

Was it just a coincidence that a master of the universe hacker was working at the State Department at the time when the agency’s systems were having technical difficulties?

Or were the Akhter twins the “technical difficulties”?





State Dept to Renovate Kabul’s Pol-i-Charkhi (PIC) Prison. Again.

Posted: 2:52 am EDT


The State Department has issued a Pre-Solicitation Notice of the Government’s intent to issue a solicitation for the renovation of Pol-i-Charkhi (PIC) Prison in Kabul, Afghanistan.  The project includes renovations in Blocks 1, 2 & 3 and extensive infrastructure and satellite structure improvements to the facility.  Actual solicitation documents are only accessible using the restricted portion of, so we have not been able to read the details of this renovation.

This is, however, the same prison which is the subject of an October 2014 SIGAR report, Pol-i-Charkhi Prison: After 5 Years and $18.5 Million, Renovation Project Remains Incomplete (pdf) This is Afghanistan’s largest correctional facility, funded in its initial construction by the Soviet Union in 1973.  It is designed for approximately 5,000 prisoners but housed nearly 7,400 during SIGAR’s inspection last year. Extract below from the SIGAR report:

Screen Shot 2015-09-29

  • In June 2009, in response to damage caused by 35 years of neglect, Soviet occupation, and warfare, the Department of State’s Regional Procurement Support Office (RPSO) awarded an INL-funded renovation contract to W (AWCC)—an Afghan firm—for $16.1 million. Following two modifications, the contract’s overall value increased to $20.2 million.
  • In November 2010, the RPSO terminated AWCC’s INL-funded renovation contract at the government’s convenience based on unsatisfactory performance.4 Following contract termination, INL awarded Batoor Construction Company—an Afghan company—a $250,000 contract to document AWCC’s work completed under the renovation contract.
  • More than 5 years after work began, renovation of Pol-i-Charkhi prison has not been completed, and the contract has been terminated for convenience. Following the RPSO’s termination of the INL-funded contract in November 2010, Batoor Construction Company reviewed and documented AWCC’s work completed under the renovation contract. In March 2011, Batoor reported that AWCC completed approximately 50 percent of the required renovation work. Batoor’s report also noted multiple instances of defective workmanship including the lack of backfilling of trenches, not repairing/replacing broken fixtures, lack of proper roof flashing and gutters, and soil settlement issues. For example, the report noted that there were no metal flashing or gutters installed on one of the prison blocks resulting in damage to surface paint and moisture penetration in supporting walls.
  • We conducted our prison inspection on April 19, 2014, but were limited by the fact that the renovation work had been completed more than 3 years prior to our site visit. We found that the prison holding areas had been reconfigured into maximum, medium, and minimum security cells, and the cells contained the required sinks and toilets. Our inspection of the renovated industries building and kitchen facilities did not disclose any major deficiencies. We also found that AWCC procured and installed the six back-up power diesel generators, as required by the contract. However, the generators cannot be used because they were not hooked-up to the prison’s electric power grid before the renovation contract was terminated. INL officials told us that the work necessary to make the generators operational—primarily installing paired transformers—will be done under the planned follow-on renovation contract, which they hope to begin in late 2014 or early 2015.
  • INL officials told us they anticipated an award of a follow-on contract by the spring of 2015 to complete the renovation work initiated in 2009 and a separate contract to construct a wastewater treatment plant. They estimated the renovation work would cost $11 million; the wastewater treatment plant, $5 million.
  • On November 5, 2010, the contracting officer issued a Stop Work Order which noted that AWCC’s performance was deemed unsatisfactory due to its lack of progress on the project, labor unrest at the work site, and a lack of supplies to maintain efficient progress. Then, on November 26, 2012, the RPSO contracting officer issued AWCC a termination for convenience letter.
  • After a 2-year negotiation that concluded in December 2012, RPSO agreed to an $18.5 million settlement with AWCC—92 percent of the $20.2 million contract value. RPSO agreed to the settlement despite INL and Batoor reports showing that AWCC only completed about 50 percent of the work required under the contract. The contracting officer who negotiated the settlement for the U.S. government told us that the final award amount reflected actual incurred costs and not any specific completion rate. The contracting officer noted that an RPSO contract specialist and an Afghan COR10 assisted her in lengthy negotiations with AWCC and joined her for the final round of discussions in Istanbul, Turkey, which concluded with the signed settlement agreement.
  • Although the contracting officer was able to execute some oversight and issue clear warnings to AWCC regarding its performance, INL’s oversight efforts were compromised by a U.S. employee who served as the COR for the AWCC renovation contract as well as the Basirat design and project monitoring contract. The COR served in this capacity until May 2010, when he was suspended after INL and State’s Office of Inspector General found that he had accepted money from Basirat to promote the company’s interests. The COR was convicted and sentenced by a U.S. District Court for accepting illegal gratuities from Basirat.9 As a result, in August 2010, State suspended Basirat from receiving any government contracts. In August 2010, State also suspended AWCC from receiving government contracts based on receiving confidential proposal information from Basirat concerning State solicitations.
  • The contracting officer added that during these final negotiations the COR [contracting officer’s representative] concurred with many of the contractor’s assertions. In June 2013, just 6 months later, the COR’s designation was suspended amid concerns that he may have colluded with another INL contractor, an issue discussed in our May 2014 inspection report on Baghlan prison.11 As noted in that report, INL suspected this COR of enabling a contractor to substitute inferior products and materials, failing to discover substandard construction, approving questionable invoices, and certifying that all contract terms had been met at the time of project turnover to INL even though construction deficiencies remained. The COR resigned in August 2013. SIGAR investigators are currently conducting an inquiry to determine whether the contractor or other U.S. government officials were complicit in these alleged activities.

So  —  the previous contractor collected an $18.5 million settlement,  92 percent of the $20.2 million contract? But it only did 50 percent of the work required under the contract? Maybe we should all move to Kabul and be contractors?

And now, there will be a new $16M contract?  Which will have modifications, of course, and will not really top off at $16M.


Related items:

Here’s what it looks like in Afghanistan’s largest — and still incomplete — prison (WaPo)

America’s Unfinished Prison in Afghanistan Is a Filthy Nightmare (Medium)



Congressional Drama Features Ex-Clinton IT Staffer Bryan Pagliano, Good Excuse to Check Your PLI Coverage

Posted: 5:27 am EDT
Updated: 3:03 pm EDT


Bryan Pagliano worked on Hillary Clinton’s 2008 presidential campaign and reportedly helped manage her server at that time. When Clinton became secretary of state in 2009, Pagliano got a job at the State Department.  This report citing public federal records says that he was classified as a GS-15 in his job as a special advisor and deputy chief information officer at the State Department. He earned around $140,000 per year from 2010-2012.  He was also reportedly paid personally by the Clintons to continue managing the private server from 2009 to 2013.

The State Department confirmed on September 3, that Mr. Pagliano was employed by the State Department from May 2009 through February 2013 as an IT specialist, and that he currently serves as a contractor working in the Bureau of Information Resource Management (State/IRM). The State Department also said that it was not consulted on Mr. Pagliano’s decision to take the 5th.   “He has pleaded the Fifth, so to speak. It’s certainly not an admission of guilt, as we all know, but it’s his constitutional right, so we respect that,” the official spokesperson said.

That’s not the end of it, of course. The House Select Committee on Benghazi is reportedly requiring Mr. Pagliano’s presence, which prompted a stern letter Wednesday from Pagliano’s lawyer, who accused the panel and its chairman, Rep. Trey Gowdy (R-S.C.), of engaging in political theater and abusing its subpoena power, according to the Washington Post. Politico also has a report today noting that Pagliano’s lawyer, Mark MacDougall has said in a letter to two congressional panels that he did not ask any Congressional committees for immunity, but “in the event that any committee of the Congress” does authorize such a judicial order, “Mr. Pagliano will, of course, comply with such an order.”

Even if you’re in no danger of getting snared in the Clinton controversies, isn’t this case a good reminder to review one’s Professional Liability Insurance coverage? PLI covers not just admin and disciplinary matters, but also congressional and OIG investigations. For eligible employees, the State Department regulations allow the reimbursement of up to 50% of PLI cost (see 3 FAM 3840 – pdf).













OPM Spends $133 Million on Credit Monitoring, Still No Credit Freeze

Posted: 12:34 am PDT


On September 1, OPM announced the $133M contract for identity thief protection and credit monitoring services for the 21.5 million individuals affected by the massive OPM breach that includes security clearance data. Our go-to expert on this says that “perhaps the agency should be offering the option to pay for the cost that victims may incur in “freezing” their credit files, a much more effective way of preventing identity theft.” Excerpt from Krebs on Security:

The only step that will reliably block identity thieves from accessing your credit file — and therefore applying for new loans, credit cards and otherwise ruining your good name — is freezing your credit file with the major credit bureaus. This freeze process — described in detail in the primer, How I Learned to Stop Worrying and Embrace the Security Freeze — can be done online or over the phone. Each bureau will give the consumer a unique personal identification number (PIN) that the consumer will need to provide in the event that he needs to apply for new credit in the future.

Here is part of the OPM announcement:

The U.S. Office of Personnel Management (OPM) and the U.S. Department of Defense (DoD) today announced the award of a $133,263,550 contract to Identity Theft Guard Solutions LLC, doing business as ID Experts, for identity theft protection services for 21.5 million individuals whose personal information was stolen in one of the largest cybercrimes ever carried out against the United States Government. These services will be provided at no cost to the victims whose sensitive information, including Social Security numbers, were compromised in the cyber incident involving background investigations.

“We remain fully committed to assisting the victims of these serious cybercrimes and to taking every step possible to prevent the theft of sensitive data in the future,” said Beth Cobert, Acting Director of the Office of Personnel Management. “Millions of individuals, through no fault of their own, had their personal information stolen and we’re committed to standing by them, supporting them, and protecting them against further victimization. And as someone whose own information was stolen, I completely understand the concern and frustration people are feeling.”

ID Experts will provide all impacted individuals and their dependent minor children (under the age of 18 as of July 1, 2015) with credit monitoring, identity monitoring, identity theft insurance, and identity restoration services for a period of three years. This task order was awarded under GSA’s Blanket Purchase Agreements (BPA) for Identity Monitoring, Data Breach Response and Protection Services which GSA awarded today.

The U.S. Government, through the Department of Defense, will notify those impacted beginning later this month and continue over the next several weeks. Notifications will be sent directly to impacted individuals.






Heard that? Crickets.


State Dept Honors Six Security Contractors Killed in 2014 Camp Gibson-Kabul Suicide Attack

Posted: 3:11  am EDT


On August 3, the State Department held a ceremony honoring six security personnel who were killed while working for DynCorp International on behalf of the Bureau of International Narcotics and Law Enforcement Affairs (INL) in Afghanistan.

All six honorees were security guards at Camp Gibson in Kabul and were killed on July 22, 2014, when a suicide bomber riding a motorcycle attacked the camp.  They hailed from four different countries – Fiji, India, Kenya, and Nepal.  Deputy Secretary Heather Higginbottom and INL Assistant Secretary William R. Brownfield will pay tribute to our fallen colleagues by laying a wreath at the INL Memorial Wall located within the State Department building at its 21st Street Entrance.

There are 93 names on the wall commemorating the individuals from 12 countries and the United States who lost their lives between 1989 and 2014 while supporting the Department’s criminal justice assistance programs abroad.  These individuals collaborated with host governments and civil society in challenging environments to enhance respect for rule of law around the world.  The Department is proud to recognize their service and sacrifice to our nation.

A virtual INL Memorial Wall is available at to pay tribute to the 93 honorees and their families.



The State Department announcement does not include the names of those honored at the INL ceremony. The New Indian Express identified the two Indian nationals as P V Kuttappan and Raveendran Parambath, as well as the two Nepali security guards as Ganga Limbu and Anil Gurung.  The security guards from Fiji and Kenya were not identified.


Bureau Tasks With Countering Violent Extremism: 96 Authorized Employees, Running on 17-23% Vacancies

Posted: 12:28  am EDT

Via GAO:

Terrorism and violent extremism continue to pose a global threat, and combating them remains a top priority for the U.S. government. State leads and coordinates U.S. efforts to counter terrorism abroad. State’s Office of the Coordinator for Counterterrorism was elevated to bureau status in 2012 with the aim of enhancing State’s ability to counter violent extremism, build partner counterterrorism capacity, and improve coordination. GAO was asked to review the effects of this change and the new bureau’s efforts.

While the bureau has undertaken efforts to assess its progress, it has not yet evaluated its priority Countering Violent Extremism (CVE) program and has not established time frames for addressing recommendations from program evaluations. Specifically, the bureau established indicators and targets for its foreign assistance–related goals and reported results achieved toward each indicator. The bureau has also completed four evaluations covering three of its six programs that resulted in 60 recommendations. The bureau reported having implemented about half of the recommendations (28 of 60) as of June 2015 but has not established time frames for addressing the remaining recommendations. Without specific time frames, it will be difficult for the bureau to ensure timely implementation of programmatic improvements. In addition, despite identifying its CVE program as a priority and acknowledging the benefit of evaluating it, the bureau has postponed evaluating it each fiscal year since 2012.

image from

image from

The bureau’s number of authorized FTEs grew from 66 in fiscal year 2011 to 96 in fiscal year 2015, which is an increase of more than 45 percent. Figure 6 shows the number of authorized FTEs within the bureau for fiscal years 2011 to 2015, along with the number of FTE positions that were filled. While the bureau’s current authorized level of FTEs for fiscal year 2015 is 96 positions, it had 22 vacancies as of October 31, 2014. The percentage of vacancies in the bureau has ranged from 17 percent to 23 percent in fiscal years 2011 to 2015. According to the CT Bureau, these vacancies have included both staff-level and management positions.

In addition to the authorized FTEs, the CT Bureau also has non-FTE positions, which include contractors; interns; fellows; detailees; and “When Actually Employed,” the designation applied to retired State employees rehired under temporary part-time appointments. For fiscal years 2013, 2014, and 2015, respectively, the CT Bureau had 92, 78, and 69 such positions, in addition to its authorized FTEs, according to the CT Bureau.


Related item:

State Should Evaluate Its Countering Violent Extremism Program and Set Time Frames for Addressing Evaluation Recommendations | GAO-15-684 | pdf


OPM Hit By Class Action Lawsuit, and Those Phishing Scams You Feared Over #OPMHack Are Real (Corrected)

Posted: 7:16 pm  EDT


The largest federal employee union, the American Federation of Government Employees, filed a class action lawsuit today against the Office of Personnel Management, its director, Katherine Archuleta, its chief information officer, Donna Seymour and Keypoint Government Solutions, an OPM contractor.


A couple of weeks ago, we thought that the “recipe” from the OPM email notification sent to potentially affected employees via email might be copied by online scammers.



Today, the United States Computer Emergency Readiness Team (US-CERT), part of part of DHS’ National Cybersecurity and Communications Integration Center (NCCIC) issued an alert on phishing campaigns masquerading as emails from the Office of Personnel Management (OPM) or the identity protection firm CSID.