Georgia Tech Procurement Assistance Center

Contractors are a bull’s-eye for hackers

By

The U.S. defense industrial supply chain is vast, complex and vulnerable. Organic components, large-scale integrators, myriad commercial service providers, and tens of thousands of private companies sustain the Defense Department. According to the SANS Institute, the percentage of cyber breaches that originate in the supply chain could be as high as 80 percent.

Some progress has undoubtedly been made with regard to securing the supply chain. The Defense Federal Acquisition Regulation Supplement (DFARS) NIST SP 800-171 supply chain program, for instance, introduced 109 stringent requirements for Defense Department suppliers dealing with sensitive government data—53 related to technology and 56 related to security policy.

But while DFARS applies to all contractors and suppliers regardless of size, it has not yet been fully implemented and it is not bulletproof.  Still, it is a big step toward securing the supply chain at all levels.

Keep reading this article at: https://www.afcea.org/content/contractors-are-bulls-eye-hackers

See GTPAC’s video, template and other resources designed to help contractors comply with the DoD/NIST cybersecurity rules at: http://gtpac.org/cybersecurity-training-video/

DoD makes supply chain risk management a permanent performance metric

By

On Sept. 19, 2018, the U.S. Department of Defense (DoD) issued a corrected Class Deviation 2018-O0020, to remove the sunset provision in DFARS 239.73, “Requirements for Information Relating to Supply Chain Risk,” that was due to expire on Sept. 30, 2018. The deviation is effective immediately.

This new deviation implements Section 881 of the National Defense Authorization Act (NDAA) for Fiscal Year (FY) 2019. Section 881 made the requirements for supply chain risk management under DFARS 239.73 permanent by placing its authority under a statute (10 U.S.C. § 2239a). This reauthorization reflects the continual efforts by Congress and the DoD to increase oversight on contractors supply chain and use risk management as a metric for contract performance.

DFARS Subpart 239.73, along with its contract clauses DFARS 252.239-7017 and DFARS 252.239-7018, places a significant onus on contractors to investigate its own supply chain to minimize and mitigate any perceived security risks. Failure to meet the requirements of the regulations creates significant risk to a contractor.

  • First, there is an explicit requirement in DFARS 252.239-7018 requiring contractors to actively mitigate supply chain risk during performance of the contract. However, the clause provides no additional information or standard to what is considered adequate mitigation.
  • Second, there is an implicit incentive for contractors to ensure that their supply chain is risk-free because the contractor is not the only entity to investigate risks in its supply chain. DFARS 252.239-7018 provides the government with an incredible oversight capability by permitting it to consult both public and non-public information, including all-source intelligence, to determine whether a contractor’s supply chain creates a risk.

Keep reading this article at: http://www.mondaq.com/article.asp?articleid=743224

DHS would get more power to bar risky contractors under dueling proposals

By

Two House Republicans are working on legislation that would expand the Homeland Security Department’s authority to deny contracts to companies that pose cybersecurity supply chain threats while the Trump administration is pushing an even more expansive proposal.

The bill in the House will be modeled on authorities Congress gave the Defense Department in 2011 that were implemented in 2015, said Rep. Scott Perry, R-Pa., who is drafting the bill with Rep. Peter King, R-N.Y.

Under those rules, Pentagon contracting officers can bar vendors that pose a security risk from competing for contracts before they’re awarded and halt contractors from hiring risky subcontractors after an award.

Under current Homeland Security Department rules, contracting officers working on unclassified contracts can’t bar vendors before an award based on information provided by intelligence agencies, Soraya Correa, the department’s chief procurement officer, who testified before two House Homeland Security panels last Thursday.

Keep reading this article at: https://www.nextgov.com/cybersecurity/2018/07/dhs-would-get-more-power-bar-risky-contractors-under-forthcoming-bill/149675/

 

Software review provisions proposed by Senate Armed Services Committee could have significant impact on DoD contractors

By

As the Senate approaches the end of its debate on the National Defense Authorization Act (NDAA) for Fiscal Year 2019, provisions of the bill regarding access to and review of information technology code deserve close attention.  These sections, if enacted, would significantly impact Department of Defense contractors and also would affect matters associated with investments subject to review by U.S. national security agencies.

As drafted, the provisions could expose current and prospective contractors to intrusive scrutiny and significant risks.  They lack clarity on key definitions, leaving the precise scope of those risks unclear.  We summarize major issues and concerns below.  We expect these provisions to receive scrutiny during the House-Senate conference on the NDAA over the summer.

Synopsis of the Proposed Legislation

Three sections of the Senate’s version of the NDAA, which passed the Senate Armed Services Committee in May, would establish new rules designed to mitigate “risks posed by providers of information technology with obligations to foreign governments.”  Those risks involve the access that foreign governments may have to code in products or services that are offered to the Department of Defense.  The provisions also impose new disclosure requirements on the efforts of a prospective vendor to obtain a license under the Export Administration Regulations (“EAR”) or the International Traffic in Arms Regulation (“ITAR”).

The pending legislation would require proactive disclosure of those matters, and would impose an ongoing duty to supplement those disclosures during the period of performance on the contract.  The Secretary of Defense would be authorized to assess and mitigate any resulting national security risks through contractual provisions or other performance requirements.

Keep reading this article at: https://www.insidegovernmentcontracts.com/2018/06/senate-armed-services-committee-proposes-expansive-unclear-software-review-provisions/

Can contractors force a written decision on a claim?

By

For a contractor with a claim on a federal construction project, an essential occurrence is a “final decision” by the government contracting officer.  Ideally, this is a formal written response addressing the merits of the claim.

But if the contracting officer declines to respond within 60 days, it becomes a “deemed denial” of the claim.  A final decision, formal or deemed, is a jurisdictional prerequisite to the contractor’s right to appeal.

Contractors would obviously prefer a government agency to go on the record with a response to a claim. The Contract Disputes Act allows a contractor to petition a board of contract appeals “to direct a contracting officer to issue a decision in a specified period of time.” Does this empower contractors to force a written claim decision by the government?  Unfortunately, that question was recently answered in the negative.

Keep reading this article at: http://www.constructiondive.com/news/can-contractors-force-a-written-decision-on-a-claim/505464/

How force majeure contract clauses can plan for the unexpected

By

Anyone in the construction business can attest to the fact that it’s an industry that defines the phrase “stuff happens.” And most of the time, there is someone to blame.

Inconsistencies between versions of the plans and specifications; late ordering of long-lead-time specialty items; failure on the part of a subcontractor to adequately allocate resources; mathematical mistakes in the original estimate — all of these can lead to delays in the schedule and higher costs. These are also the result of human error, so each step in the decision-making process that led to the mistake can be evaluated and corrected for the future.

But then there are those events no one could have anticipated, and these happenings fall under the category of force majeure — bringing a whole new set of contract-related questions that all parties must address.

Keep reading this article at: http://www.constructiondive.com/news/the-dotted-line-how-force-majeure-contract-clauses-can-plan-for-the-unexpe/446722/

New FAR rule encourages ‘constructive exchanges’ between federal agencies and contractors

By

The November 29, 2016 edition of the Federal Register contains a proposed amendment to the Federal Acquisition Regulation (FAR) aimed at encouraging pre-acquisition communications between industry professionals and federal agencies.  This amendment is part of a five-year long effort by the Obama Administration to clarify that communications between potential government contractors and federal agencies are not only allowed, but encouraged.

The proposed rule would amend FAR 1.102-2(a)(4), which currently states that “[t]he Government must not hesitate to communicate with the commercial sector as early as possible in the acquisition cycle to help the Government determine the capabilities available in the commercial marketplace. The Government will maximize its use of commercial products and services in meeting Government requirements.”  In the revised version, the following language would be added:

“Government acquisition personnel are permitted and encouraged to engage in responsible and constructive exchanges with industry as part of market research … so long as those exchanges are consistent with existing laws, regulations, and promote a fair competitive environment.” 

There are a number of laws and regulations that may be come into play during pre-acquisition exchanges with government officials, including the Procurement Integrity Act, 41 U.S.C. § 423, Anti-Kickback Act, 41 U.S.C. § 51 et seq., restrictions on lobbying activity, regulations on collusive bidding, prohibition on contingent fee arrangements, and various laws prohibiting gifts and gratuities to and bribery of federal officials.

Keep reading this article at: https://www.insidegovernmentcontracts.com/2016/12/new-far-rule-encourages-constructive-exchanges-between-federal-agencies-and-contractors/

What vendors need to know about GSA’s new cyber offerings

By

GSA Schedule ContractThe General Service Administration is introducing an additional step to evaluate cybersecurity vendors: an oral exam.

The agency last week posted a draft solicitation for Highly Adaptive Cybersecurity Services, four new IT Schedule 70 Special Item Numbers designed to offer agencies quick access for cyberattack prevention and remediation. The SINs include penetration testing, incident response, cyber hunt and risk and vulnerability assessment services, and the agency is on the hunt for “high-quality cybersecurity vendors.”

That’s where the oral technical evaluation comes in.

Keep reading this article at: http://www.nextgov.com/cybersecurity/2016/08/what-vendors-need-know-about-gsas-new-cyber-offerings/131016/

LPTA contracts stifle innovations, contracting officials say

By

Lowest Price, Technically Acceptable (LPTA) contracts might save the government some money, but they deter innovation, a panel of government contracting officials said Monday (May 19, 2014).

“I don’t know a senior leader in government that thinks LPTA is the best,” said Tiffany Hixson, regional commissioner for the General Services Administration. “Contracting and innovation is about risk management.”

But with shrinking budgets, agencies are looking to lower their costs and LPTA contracts do just that, said Robert Coen, acting director of the National Institutes of Health Information Technology Acquisition and Assessment Center.

“There’s way too much LPTA going on,” Coen said at the May 19 ACT-IAC Management of Change Conference. “LPTA should be used for commodity buys, not innovations.”

Keep reading this article at: http://www.fiercegovernment.com/story/lpta-contracts-stifle-innovations-contracting-officials-say/2014-05-20

DoD acquisition heroes during Iraq, Afghanistan? Small biz, universities and DARPA

By

You didn’t hear much about them during the wars in Iraq and Afghanistan but DARPA, small businesses, and universities were the people who most impressed retired Gen. Hoss Cartwright when he was vice chairman of the Joint Chiefs of Staff, as he and the services scrambled to find weapons to give American troops a combat edge.

“DARPA was incredible to our ability to gain advantage. Small businesses and universities were hotbeds of innovation for us,”  Cartwright said during a panel at the Center for Strategic and International Studies on lessons learned from the last dozen years of war. He made no mention of Lockheed Martin, Boeing, or BAE Systems — or any of the other large defense companies.

What made them special? “Their willingness to take risks… made a huge difference and saved countless lives on the battlefield,” Cartwright said. And he said that in Afghanistan and (previously) Iraq, “[the] battlefield is not driven by platforms” — tanks, ships, planes — which take so long to design, build, and deploy.

Another avenue of innovation at the Pentagon sprang from the acquisition processes of Special Operations Command (SOCOM), which has the right to just buy things in small quantities if it really needs them.

Keep reading this article at: http://breakingdefense.com/2013/11/dod-acquisition-heroes-during-iraq-afghanistan-small-biz-and-darpa/

Contracting News

Read More

Contracting Tips

Read More

GTPAC News

Read More

Georgia Tech News

Read More