On September 17, 2015, Covington hosted a Symposium in the firm’s Washington office focusing on key trends and emerging issues for government contractors. Both Senator John McCain and former Attorney General Eric Holder addressed the procurement and enforcement challenges faced by the government and contractors, and several panels of leading experts discussed a wide variety of topics ranging from cybersecurity developments to contractor responsibility. The full-day program also offered a series of break-out sessions focused on operational business considerations, including the increasing importance of contractor supply chain management.  That topic now appears to have been particularly timely in light of DoD’s September 21, 2015 announcement of a new proposed rule addressing counterfeit electronic parts in contractor supply chains.

The new proposed rule is further implementation of section 818 of the 2012 National Defense Authorization Act (“NDAA”), which required the Secretary of Defense to assess DoD’s “acquisition policies and systems for the detection and avoidance of counterfeit electronic parts.” As discussed below, because the proposed rule would impose new substantive sourcing requirements and apply far more broadly than existing regulations, it would, if adopted, further increase the overall compliance burden on the defense contracting community. Continue Reading Proposed Counterfeit Parts Rule Envisions New Restrictions, Universal Applicability for DoD Contractors

Supply chain protection has been a point of increasing emphasis by the Government and especially the Department of Defense (“DoD”) in recent years. In no area is this more true than ensuring that Government systems and equipment are free from counterfeit electronic parts, which can raise both security and defect concerns.  DoD has accordingly taken several steps, many of which have taken the form of new requirements on contractors, to protect against counterfeit electronic parts.  With these requirements has come added risk to contractors that even mistakenly use electronic parts in the goods they sell to DoD.  However, an August 30, 2016, final DFARS rule (implemented at DFARS 231.205-71) seeks to mitigate some of this risk by allowing contractors to recover the cost of replacing counterfeit electronic parts, as long as the contractor has taken certain steps to prevent the use of such parts. Continue Reading DOD Final Rule Addresses Source Requirements and Cost Recovery for Use of Counterfeit Electronic Parts

Last week, the FAR Council issued a Final Rule, setting forth new FAR provisions that require the reporting of certain counterfeit and suspect counterfeit parts and certain major or critical nonconformances to the Government – Industry Data Exchange Program (“GIDEP”).[1]  This Final Rule comes more than five years after the rule was first proposed in the Federal Register in June 2014.  The FAR Council describes the Final Rule as “significantly de-scoped” from the version proposed in 2014, but it nonetheless constitutes a significant expansion of the existing counterfeit part reporting obligations, which to date have applied only to electronic parts under DOD contracts.

Continue Reading New FAR Rule Expands Counterfeit Reporting Obligations

The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency’s (“CISA”) Information and Communications Technology (“ICT”) Supply Chain Risk Management Task Force (the “Task Force”) recently released an interim public report.  The report describes the Task Force’s efforts over the last year to develop recommendations for securing the Government’s supply chain, and outlines the potential focus areas of each of its working groups over the coming year.

The report is particularly relevant to contractors that either sell ICT related products or services to the Government, or that sell ICT related components to higher tier contractors, because it offers some insight into potential supply chain risk management (“SCRM”) best practices, as well as requirements that the Government may seek to impose on contractors in the future. Continue Reading CISA Information and Communications Technology Supply Chain Risk Management Task Force Issues New Interim Report

On the eve of the recent government shutdown over border security, Congress and the President were in agreement on a different issue of national security:  mitigating supply chain risk.  On December 21, 2018, the President signed into law the Strengthening and Enhancing Cyber-capabilities by Utilizing Risk Exposure Technology Act (the “SECURE Technology Act”) (P.L. 115-390).  The Act includes a trio of bills that were designed to strengthen the cyber defenses of the Department of Homeland Security (“DHS”) and mitigate supply chain risks in the procurement of information technology.  The last of these three bills, the Federal Acquisition Supply Chain Security Act, should be of particular interest to contractors that procure information technology-related items related to the performance of a U.S. government contract.  Among other things, the bill establishes a Federal Acquisition Security Council, which is charged with several functions, including assessing supply chain risk.  The bill also gives the Secretary of DHS, the Secretary of the Department of Defense (“DoD”) and the Director of National Intelligence authority to issue exclusion and removal orders as to sources and/or covered articles based on the Council’s recommendation.  Finally, the bill allows federal agencies to exclude sources and/or covered articles deemed to pose a supply chain risk from certain procurements.

Continue Reading Jumping to Exclusions: New Law Provides Government-Wide Exclusion Authorities to Address Supply Chain Risks

[This article was originally published in Law360 and has been modified for the blog.]

Over the summer, pursuant to Section 874 of the FY 2017 National Defense Authorization Act (“NDAA”)[1], the Department of Defense (“DoD”) issued a proposed rule[2] to exclude the application of certain laws and regulations to the acquisition of commercial items, including commercially available off-the-shelf (“COTS”) items.  Among other things, the proposed rule identifies certain DFARS and FAR clauses that should be excluded from commercial item contracts and subcontracts, and sets forth a narrower definition of “subcontract” that would carve out a category of lower-tier commercial item agreements from the reach of certain flow-down requirements.  A summary of the proposed rule and our key observations/takeaways are below. Continue Reading Takeaways From DoD’s Proposed Changes to Commercial Item Contracting

On August 29, the U.S. Court of Appeals for the D.C. Circuit upheld the dismissal of a qui tam suit under the False Claims Act (“FCA”) alleging that government contractor Govplace made false statements and false claims by selling to the Government, via its GSA schedule contract, computer and other products not originating in designated countries under the Trade Agreements Act (“TAA”). The decision shows that a contractor may defend against an FCA action by showing that it reasonably relied on a supplier’s certification as to TAA compliance.

The D.C. Circuit Decision: Govplace has been providing information technology (“IT”) integration and product solutions to the Government via a GSA schedule contract since 1999. Products on GSA schedule contracts must comply with the TAA requirement that “only U.S.-made or designated country end products [can] be offered and sold” under such contracts. Govplace acquires many of the products listed in its schedule contract from a distributor, Ingram Micro, which expressly certifies that its products are TAA compliant.

In the Govplace case, the relator alleged that certain products that Govplace acquired from Ingram Micro were manufactured in China, a non-designated country, and that Govplace acted with reckless disregard in relying on Ingram Micro’s certifications.

Continue Reading D.C. Circuit Dismisses FCA Suit & Provides Guidance for Contractor Reliance on Supplier Certifications

URL

On May 11, 2017, the U.S. China Economic and Security Review Commission (“Commission”) issued a Request for Proposal to “to provide a one-time unclassified report on supply chain vulnerabilities from China in U.S. federal information technology (IT) procurement.”

Congress established the Commission in 2000 to monitor and report to Congress on the national security implications of China’s economic relationship with the United States.  See Commission website here.  The Commission is composed of 12 members serving two year terms, three of whom are selected by each of the Majority and Minority Leaders of the Senate, and the Speaker and the Minority Leader of the House.

The report being sought via the RFP will serve as a “reference guide for policymakers on how the U.S. government manages risks associated with Chinese-made products and services and the participation of Chinese companies in its information technology (IT) supply chains.”  It is envisioned that the report would be briefed to the Commission and interested members of Congress, among others.  The winning contractor must produce a report that addresses at least the following:

  • Summary of the laws, regulations, and other requirements since the passage of the Federal Information Technology Acquisition Reform Act in 2015.  See our discussion of final OMB guidance on implementing FITARA here.  Among the requirements is a comparison of the risk management process for non-national security and national-security-related IT procurements.
  • Evaluation of how Chinese firms and Chinese-made IT products and services enter U.S. government IT supply chains.  In particular, an evaluation of how reliant U.S. government and U.S. government IT contractors are on Chinese firms and Chinese-made IT products and services.
  • Assessment of points of vulnerability in the procurement system, particularly for IT products and services designated as high risk by the U.S. government’s Chief Information Officers (CIO).  Evaluation of whether the CIOs are adequately assessing risk in their ratings of IT products and services.
  • Assessment of why the vulnerability points identified above exist, and an explanation of the factors contributing to the challenge of supply chain insecurity.  Explanation of how vulnerabilities are expected to shift in the next 5–10 years, particularly as Chinese firms move up the value-added chain.
  • Assessment of whether the U.S. government’s management of the risks associated with Chinese firms and Chinese-made products and services to its IT procurement supply chains is sufficient.  Provide a comprehensive description of cases in which the Chinese government, Chinese companies, or Chinese products have been implicated in connection with U.S. supply chain vulnerabilities or exploitation.

This focus on supply chain vulnerabilities is consistent with DoD’s emphasis in the past few years on protecting its supply chain, including rules that address the exclusion of contractors that DoD perceives as presenting a supply chain risk in national security systems, as well as the Department’s rules requiring contractors to provide more oversight of their supply chains to help prevent counterfeit electronic parts.

Proposals are due on June 14 with a report due 90 days from contract execution.