Defense Industry

On March 12, 2024, the Department of Defense (DoD) published a final rule, revising the eligibility criteria for the voluntary DoD Defense Industrial Base (DIB) Cybersecurity (CS) Activities Program.  The intent of the rule is to permit all defense contractors that own or operate unclassified information systems that process, store, or transmit covered defense information to participate in the program.  Previously, only cleared contractors were permitted to participate in the sharing of this information.  The final rule also amends identity proofing requirements by eliminating the need to obtain a medium security certificate to participate in either the voluntary or mandatory reporting regimes.  The rule will take effect on April 11, 2024, and DoD anticipates a significant increase in contractor participation.

Additional information about the rule is outlined below.Continue Reading DoD Expands Contractor Cybersecurity Information Sharing Program

This post continues our ongoing coverage of the FY 2024 NDAA. 

The FY 2024 NDAA includes numerous supply chain and stockpile management provisions aimed at addressing a host of perceived vulnerabilities and weaknesses in Department of Defense (“DoD”) supply chain networks used to secure goods and services for our national defense.  Of particular note, this year’s NDAA seeks to address China’s and Russia’s continued dominance in the global supply chain for many critical materials and rare earth elements.  Supply chain- and stockpile-related measures in the NDAA could present significant opportunities for contractors poised to support the U.S. Government’s efforts to on-shore and friend-shore U.S. and DoD sourcing and manufacturing, but Congress’s focus on increasing supply chain visibility could also herald new rounds of compliance and reporting requirements attached to federal procurements.Continue Reading Key Supply Chain Provisions of the National Defense Authorization Act (“NDAA”) for Fiscal Year (“FY”) 2024

On December 22, 2023, President Biden signed into law the 2024 National Defense Authorization Act (“FY 2024 NDAA”).  Sections 1841 through 1843 of the new law address Unidentified Anomalous Phenomena (“UAP”).

The version of the FY 2024 NDAA enacted in the Senate in July of this year incorporated the Unidentified Anomalous Phenomena Disclosure Act of 2023—which would have mandated the Federal Government’s exercise of eminent domain over UAP-related material controlled by private persons or entities.  As discussed in greater detail below, the eminent domain mandate was not included in the final version of the NDAA passed by both chambers of Congress.  The newly enacted law requires only the establishment of a government wide UAP records collection; that government offices transfer UAP records to the collection; and that records be reviewed for disclosure (or not) against a set of criteria under which public release could be “postponed.”  Nonetheless, the substance of these final UAP provisions and Congress’s renewed interest in UAP may be a harbinger of things to come for government contractors and research entities, especially those involved in defense, intelligence, and other national security projects.  We expand on the background, evolution, and national security implications of the UAP amendment—and its potential impacts on contractors and other private entities—below.Continue Reading Implications of the Unidentified Anomalous Phenomena (UAP) Amendment in the 2024 National Defense Authorization Act (NDAA)

In keeping with the trend of increased attention on the False Claims Act’s (“FCA”) qui tam provisions, the Second Circuit recently weighed in on a seeming conflict between the statute and the relator’s obligations under the Federal Rules of Civil Procedure (“FCRP”). Under Rule 4(m) of the FRCP, the court generally must dismiss a complaint if the plaintiff fails to serve the defendant with a complaint and summons within 90 days of filing. Fed. R. Civ. P. 4(m). But a relator bringing suit under the qui tam provisions of the FCA may not serve a defendant until the complaint is unsealed and “until the court so orders.” 31 U.S.C. § 3730(b)(2). In cases brought under the qui tam provisions of the FCA, this creates the potential for questions regarding when the Rule 4(m) service-of-process clock begins to tick.

These questions seldom arise because courts ordinarily unseal a relator’s complaint and simultaneously order the relator to serve the defendant. In which case, the express order to serve the defendant plainly triggers the service-of-process clock under Rule 4(m). But what if the court unseals the relator’s complaint and then delays (or never issues) the order to serve the defendant? This was the question before the Second Circuit last month in U.S. ex rel. Weiner v. Siemens AG, No. 22-2656, 2023 WL 8227913, at 3 (2d Cir. Nov. 28, 2023).Continue Reading Tick-tock, the Court Starts the Clock: Deconflicting the FCA and Rule 4(m) of the FRCP

On October 3, 2023, the Federal Acquisition Regulation (FAR) Council released two new proposed cybersecurity rules. The first of the two, covered in a separate blog, is titled “Cyber Threat and Incident Reporting and Information Sharing,” and adds new requirements to the cybersecurity incident reporting obligations of federal contractors. The second rule, titled “Standardizing Cybersecurity Requirements for Unclassified Federal Information Systems,” covers cybersecurity contractual requirements for unclassified Federal information systems.

Both rules arise from Executive Order 14028, “Improving the Nation’s Cybersecurity,” issued by President Biden on May 12, 2021 (the “Cyber EO”). We have covered developments under this Executive Order as part of a series of monthly posts. The first blog summarized the Cyber EO’s key provisions and timelines, and subsequent blogs described the actions taken by various government agencies to implement the Cyber EO from June 2021 through November 2023. This blog describes key requirements imposed by the proposed “Standardizing Cybersecurity Requirements for Unclassified Federal Information Systems” rule (the “Proposed Standardizing Rule”)

Proposed Cybersecurity Requirements for Unclassified Federal Information Systems

As directed by the Cyber EO, the Proposed Standardizing Rule would establish cybersecurity policies, procedures, and requirements for contractors that develop, implement, operate, or maintain Federal Information Systems (“FIS”). Under the rule, a FIS is defined as “an information system used or operated by an agency, by a contractor of an agency, or by another organization on behalf of an agency.”Continue Reading Proposed FAR Rule: “Standardizing Cybersecurity Requirements for Unclassified Federal Information Systems”

The Armed Services Board of Contract Appeals has issued its annual report for FY 2023, shedding light on how often contractor appeals reach a successful result, and what agencies are most frequently involved in contract litigation.Continue Reading ASBCA Issues Annual Report, Providing Data on How Often Contractors Prevail

On October 17, 2023, the U.S. Government Accountability Office (“GAO”) published a report on mergers and acquisitions (“M&A”) in the defense industrial base. The report details the current M&A review process of the Department of Defense (“DOD”) and provides recommendations to proactively assess M&A competition risks.Continue Reading GAO Recommends Increased Guidance for DOD Mergers & Acquisitions Review

On October 3, 2023, the Federal Acquisition Regulation (FAR) Council released two new proposed cybersecurity rules. The first of the two, titled “Cyber Threat and Incident Reporting and Information Sharing,” adds new requirements to the cybersecurity incident reporting obligations of federal contractors. The second rule, which we will cover in a separate blog post, is titled “Standardizing Cybersecurity Requirements for Unclassified Federal Information Systems” and covers cybersecurity contractual requirements for unclassified Federal information systems.

Both rules arise from Executive Order 14028, “Improving the Nation’s Cybersecurity,” issued by President Biden on May 12, 2021 (the “Cyber EO”). We have covered developments under this Executive Order as part of a series of monthly posts. The first blog summarized the Cyber EO’s key provisions and timelines, and subsequent blogs described the actions taken by various government agencies to implement the Cyber EO from June 2021 through September 2023. This blog describes key requirements imposed by the proposed “Cyber Threat and Incident Reporting and Information Sharing” rule.Continue Reading FAR Cyber Threat and Incident Reporting and Information Sharing Rule

Following our recent overview of topics to watch in the National Defense Authorization Act (“NDAA”) for Fiscal Year (“FY”) 2024, available here, we continue our coverage with a “deep dive” into NDAA provisions related to cybersecurity and software security in each of the Senate and House bills.  For the past three years, the NDAA has dedicated a separate Title to cyber and cybersecurity, reflecting the increased importance of these issues in Department of Defense (“DoD”) operations.  As expected, both the Senate and House versions of the NDAA bill continue this tradition.  Many of the cyberspace related provisions in both chambers’ bills would have direct or indirect impacts on DoD contractors and other members of the Defense Industrial Base (“DIB”).  We summarize below the cyber-related provisions that are most likely to impact the DIB. Continue Reading Key Cyber Security and Software Security Provisions of the House and Senate Versions of the Fiscal Year (FY) 2024 National Defense Authorization Act (NDAA)

Domestic sourcing requirements are not new, but the Government is always developing new tools for increasing the sourcing of goods from the U.S. and allied countries.  Both sides of the political aisle have marched to a drumbeat of increased domestic sourcing for the past several years.  Most recently, the Biden Administration implemented Executive Order 14005 to “maximize” the U.S. Government’s purchase of goods and services produced in the United States and Executive Order 14104 to increase domestic manufacturing and commercialization in certain research and development supported by federal funding.  The ongoing bi-partisan support for bolstering domestic sourcing is illustrated no better than through this year’s NDAA, which focuses on expanding the domestic supply chain for materials and supplies critical to the U.S. military, encouraging the purchase of domestic end items, and providing more opportunities for the Department of Defense (“DoD”) to engage with and purchase from domestic businesses.Continue Reading Key Domestic Sourcing Provisions of the House and Senate Versions of the Fiscal Year (FY) 2024 National Defense Authorization Act (NDAA)