Covington Team

Contact:Email

The National Institute of Standards and Technology (“NIST”) released on August 15, 2017 its proposed update to Special Publication (“SP”) 800-53. NIST SP 800-53, which was last revised in 2014, provides information security standards and guidelines, including baseline control requirements, for implementation on federal information systems under the Federal Information Systems Management Act of 2002 (“FISMA”). The revised version will still apply only to federal systems when finalized, but one of the stated objectives of the revised version is to make the cybersecurity and privacy standards and guidelines accessible to non-federal and private sector organizations for voluntary use on their systems. 
Continue Reading NIST Releases Fifth Revision of Special Publication 800-53

On August 1, 2017, a bipartisan group of Senators introduced legislation (fact sheet) that would establish minimum cybersecurity standards for Internet of Things (“IoT”) devices sold to the U.S. Government. As Internet-connected devices become increasingly ubiquitous and susceptible to evolving and complex cyber threats, the proposed bill attempts to safeguard the security of executive agencies’ IoT devices by directing executive agencies to include specified clauses in contracts for the acquisition of Internet-connected devices.

The bill’s provisions leverage federal purchasing power to improve the security of IoT devices by requiring, among other things, IoT device, software, and firmware providers to certify compliance with specified security controls and requirements relating to vulnerability patching and notification, unless such contractors otherwise satisfy one of three waiver requirements.

The bill also directs the Department of Homeland Security (“DHS”) to issue vulnerability disclosure guidance for government contractors; to amend federal statutes, specifically the Computer Fraud and Abuse Act (“CFAA”) and Digital Millennium Copyright Act (“DMCA”), to exempt certain “good faith” activities by cybersecurity researchers; and require all executive branch agencies to maintain an inventory of IoT devices active on their networks.

In addition, the statute would require the Director of the Office of Management and Budget (“OMB”) to issue guidelines to federal agencies consistent with the bill within 180 days of enactment.

The bill is summarized below.
Continue Reading A Summary of the Recently Introduced “Internet of Things (IoT) Cybersecurity Improvement Act of 2017”

In recognition of the decennial anniversary of the U.S. Civilian Board of Contract Appeals (“Civilian Board”), we set out to determine notable trends in Civilian Board practice. Among other things, we identified a recent marked increase in the number of published decisions containing substantial discussions of discovery issues – more than half of the 24 decisions we identified and reviewed were issued in or after 2014. Through the publication of these decisions, the Board has provided important guidance to practitioners who may face the same (or similar) discovery issues in the future. We believe that this trend toward publication should generally result in greater predictability of outcomes in discovery disputes, and therefore should facilitate the resolution of potential discovery disputes more efficiently.

Earlier this month we published an article about this very topic in the Board of Contract Appeals Bar Journal. In our article, we focused our analysis primarily on three interesting decisions that pit statutory requirements related to the disclosure/production of information – the Privacy Act, the Inspector General Act, and the Freedom of Information Act – against the bounds of permissible discovery at the Civilian Board. These three decisions should provide a relatively high degree of outcome predictability in similar cases because of the rigid statutory requirements at issue.

In addition to the link to a PDF of the article above, the full text of the article is available below.
Continue Reading Predictability of Outcomes in Discovery Disputes at CBCA Improves During its First Ten Years

Earlier this month, the Armed Services Board of Contract Appeals held that the U.S. Army breached its contractual obligation to provide physical security to its principal logistical support contractor, KBR, during the height of the Iraq War.  As a consequence, the Board found that KBR was entitled to be reimbursed for $44 million, plus interest, in costs that the Government had withheld from KBR relating to KBR’s and its subcontractors’ use of private security.  A copy of the opinion is available here.

Continue Reading ASBCA Issues Important Ruling in “Contractor-on-the-Battlefield” Dispute

Last month, in CanPro Investments Ltd. v. United States, COFC No. 16-268C (April 2017), the Court of Federal Claims (“COFC” or “Court”) denied the Government’s motion for reconsideration and reaffirmed its prior decision that CanPro Investments Ltd. (“CanPro”) may continue to litigate its claim for breach of the implied duty of good faith and fair dealing against the General Services Administration (“GSA”). CanPro alleged that the Government breached the implied duty by receiving an unreasonable number of visitors at the building it leased from CanPro – and despite their being no specific contractual provision regulating the number of permitted visitors. This decision is important because it reinforces the implied duty as a mechanism to protect a party’s reasonable expectations arising from a government contract.   
Continue Reading Long Live Reasonableness: Reinforcing the Implied Duty of Good Faith and Fair Dealing in Government Contracts

When must a party’s “defense” be asserted as a Contract Disputes Act (CDA) claim in order to raise that defense during a Court of Federal Claims or Board of Contract Appeals proceeding?

In Kansas City Power & Light Co. v. United States, the Court of Federal Claims moves us one step closer to solving this peculiar government contracts riddle called Maropakis.  In this decision, the court held that the government’s affirmative defense of offset was not a claim under the CDA, and therefore, did not need to be asserted through a contracting officer final decision before it could be raised before the court.  This decision is important because it further limits the applicability of the Maropakis doctrine and reinforces that Maropakis only applies to “defenses” that seek payment of money or the adjustment/interpretation of contract terms.

Continue Reading The Latest Clue to Solving the Maropakis Riddle: The Affirmative Defense of Offset

A U.S. District Court recently dismissed a False Claims Act (FCA) qui tam action alleging that numerous GSA Schedule contractors violated their obligations under the Trade Agreements Act (TAA), resulting in the submission of false claims under the “implied certification” theory of FCA liability.  As discussed further below, the court’s decision — United States ex rel. Berkowitz v. Automation Aids, No. 13-C-08185, 2017 WL 1036575 (N.D. Ill. Mar. 12, 2017) — is important for at least two reasons:

  1. The court found that “often” it is “tougher” to satisfy the heightened pleading requirements of Federal Rule of Civil Procedure 9(b) when FCA allegations are based on an implied certification theory.
  2. The court held that, when dealing with conduct arising from a “sprawling federal procurement statutory and regulatory framework” (like the TAA), general allegations of non-compliance may support a breach-of-contract claim, but are insufficient in an FCA case. Rather, “specific allegations” about the fraudulent scheme are needed.

This decision comes at a particularly opportune time for contractors, given the likelihood of increased TAA and Buy American Act (BAA) enforcement during the Trump Administration and the corresponding potential uptick in whistleblower FCA activity involving these country-of-origin issues.
Continue Reading Common Sense Prevails: “Tougher” To Satisfy Rule 9(b) Standard in “Implied Certification” FCA Case Arising from GSA Schedule Contractors’ Alleged TAA Non-Compliance

Over the last few months, we’ve reported on various government contracts decisions that illustrate the impact a release of claims provision can have on contractors.  A few weeks ago, we published a Feature Comment in The Government Contractor (titled “Release Me? Five Things Every Government Contractor Needs To Know Before Signing A Release Of Claims”)

In TranBen, Ltd. v. Department of Transportation, CBCA 5448 (Jan. 26, 2017), the Civilian Board of Contract Appeals (“Board”) recently applied a restrictive view of the implied duty of good faith and fair dealing under an indefinite delivery/indefinite quantity (“IDIQ”) contract.  In its appeal seeking almost $14 million, TranBen, Ltd. (“TranBen”) alleged that the Department of Transportation (“DOT” or “Government”) breached the implied duty by misleading the Internal Revenue Service (“IRS”) about the availability of paper vouchers in order to receive IRS guidance allowing DOT to issue transit subsidies on debit cards, instead of vouchers, without rendering them taxable.  The Board dismissed the appeal for failure to state a claim in a troubling decision that calls into question the viability of the implied duty under an IDIQ contract where the Government satisfies its minimum ordering obligation.  At the very least, the Board’s decision indicates contractors should be even more vigilant, at the early stages of IDIQ contract formation, to ensure that their legitimate expectations are protected through express contract language. 
Continue Reading CBCA Narrows Scope of Implied Duty of Good Faith and Fair Dealing in IDIQ Contracts

A prime contractor is responsible for managing its subcontractors, but what exactly does that require? In a recent decision, the answer of the Armed Services Board of Contract Appeals was: not nearly as much as DCAA claimed.

In Lockheed Martin Integrated Sys., Inc., ASBCA Nos. 59508, 59509, the Board ruled on a Government claim seeking more than $100 million from LMIS for allegedly breaching an obligation to manage subcontracts. In DCAA’s reading, this obligation was extensive and required a number of concrete actions by the prime contractor.
Continue Reading ASBCA Shoots Down DCAA Overreach on Responsibility to Manage Subcontractors