The General Services Administration plans to remove a special contract category for agencies’ purchase of used or refurbished technology during its ongoing schedules consolidation.
The problem with the category — which GSA refers to as a special item number or SIN — for reselling tech is twofold. Fraudsters are impersonating agencies placing IT orders, spoofing small businesses into sending used hardware to empty warehouses where the equipment is intercepted and sold on the black market without the bill ever being paid.
There have also been cases where the used or refurbished tech, although sold properly through the category, is counterfeit or has been altered in some way that doesn’t meet government standards, leaving agencies open to supply chain risks
There are “clear signs” small businesses are being phished by fraudsters, Lawrence Hale, a director within the GSA Federal Acquisition Service, said at the 930gov conference Tuesday. In the latter case, he said, it’s “essentially a supply chain attack.”
GSA’s best course of action, Hale said, is to shut the SIN down.
“Kind of controversially, we’re actually removing the refurbished products SIN from GSA’s [IT] Schedule 70 because you can’t guarantee the provenance of refurbished products,” Hale said. “And so in order to reduce the risk and reduce the exposure of federal agencies…we’re trying to dial that down by not providing a marketplace for the refurbished products.”
There are “strong feelings on both sides,” and some small businesses are “very conscientious” about selling refurbished products, Hale added.
However, the removal of SIN 132-9 isn’t a done deal just yet.
GSA is currently consolidating 24 of its Multiple Award Schedules into one by Oct. 1, and an ongoing request for information seeks industry feedback on supply and service large categories, subcategories and SINs that the forthcoming solicitation will be divided into.
Agencies considering using refurbished products to save money and add equipment quickly to critical systems need to perform a risk management analysis, Hale said.
“You’re potentially opening yourself up to a supply-chain attack in that sense because you could have counterfeit technology under the cover of what looks like a legitimate piece of equipment,” he said.
A legitimate grey market exists, and agencies should only deal with licensed resellers to reduce the risk of buying counterfeit goods that could be compromised, Hale added.
GSA is working with the National Institute of Standards and Technology and the Department of Defense on supply chain risk management initiatives.
“Federal Acquisition Services now has a senior-level executive on supply chain,” Hale said. “And clearly the Secure Technology Act that we just passed puts some specific responsibilities on GSA.”