Contractors that must comply with the government’s domestic preference laws should take note of United States ex rel. Folliard v. Comstor Corp., __ F. Supp. 3d __, 2018 WL 1567620 (D.D.C. 2018) — a recent decision dismissing a country-of-origin fraud lawsuit initiated by serial relator Brady Folliard.
Last week, the Fourth Circuit Court of Appeals affirmed a lower court decision to dismiss a Telephone Consumer Protection Act (“TCPA”) lawsuit against General Dynamics Information Technology, Inc. (“GDIT”), on the basis that GDIT was immune from suit as a government contractor under what is known as the “Yearsley doctrine.” Craig Cunningham v. GDIT, No. 17-1592 (Apr. 24, 2018). The decision follows a long line of Fourth Circuit decisions in which contractors have been granted protection from liability when they perform work that supports important governmental functions. Continue Reading
The Court of Appeals for the Fourth Circuit recently published a decision that expanded on its prior Trimble ruling that a foreign government customer cannot sue a U.S. contractor in the Foreign Military Sales (“FMS”) context (at least in U.S. courts). In BAE Sys. Tech. Solution & Servs., Inc. v. Republic of Korea’s Def. Acq. Program Admin., 884 F.3d 463 (4th Cir. 2018), the Korean government claimed that BAE Systems Technology Solutions & Services, Inc. (“BAE”) breached a side agreement that BAE executed with Korea (the “BAE-Korea Agreement”). The BAE-Korea Agreement, which was separate from the FMS agreement between the U.S. and Korea (the “U.S.-Korea Agreement”), required BAE to use its best efforts to negotiate favorable pricing terms in the FMS transaction between the U.S. Government and Korea, and permitted the courts in Korea to hear disputes arising under the agreement.
BAE secured a favorable declaratory judgment from a U.S. district court to the effect that it had complied with the best efforts undertaking, and the Fourth Circuit affirmed on the broader ground that enforcing the BAE-Korea agreement would be contrary to the policy of the Arms Export Control Act (“AECA”) and the principles laid down by the Fourth Circuit in the 2007 Trimble decision, which held that foreign customers in an FMS transaction cannot sue U.S. contractors under a third-party beneficiary theory. However, both courts declined to enjoin Korea’s lawsuit in the Korean courts.
The Fourth Circuit’s decision suggests some guidance for U.S. contractors about entering into similar FMS side agreements in light of both U.S. and foreign litigation risks. Continue Reading
On April 24, 2018, the Department of Defense (DoD) issued a Notice and Request for Comment on draft guidance that DoD proposes for assessing contractors’ System Security Plans (SSPs) and their implementation of the security controls in NIST Special Publication (SP) 800-171. This includes assessments as part of source selection decisions and during contract performance. DFARS 252.204-7012 requires defense contractors to provide “adequate security” for networks where covered defense information (CDI) is processed, stored, or transmitted. Adequate security means, “at a minimum,” implementing NIST SP 800-171. To demonstrate implementation or planned implementation of the security controls in NIST SP 800-171, contractors must describe in a SSP how the security requirements have been implemented and develop plans of action and milestones (POA&M) that describe how any unimplemented security requirements will be met. Continue Reading
On April 17, 2018, Department of Homeland Security (DHS) Secretary Kirstjen Nielsen delivered a keynote address at the RSA Conference. A copy of her prepared remarks is available here. Secretary Nielsen’s remarks highlighted efforts by DHS to address the evolving cybersecurity threats to our country’s critical infrastructure.
Secretary Nielsen set the stage by describing the realities of the cyber threat landscape: 2017 was a landmark year in terms of cyberattack volume, with nearly half of all Americans having their sensitive personal information exposed online and ransomware attacks spreading to more than 150 countries. The Secretary stated that cybercrime damages are estimated to reach $6 trillion annually by 2021, and suggested that the emergence of internet-connected devices could make us even more vulnerable to cyberattacks.
To address evolving cyber threats and more sophisticated threat actors, Secretary Nielsen posited a five part approach that DHS is taking to support a “more forward-leaning posture” in the cybersecurity area. Those five approaches are summarized below:
Pursuant to Executive Order 13636, the National Institute of Standards and Technology (“NIST”) established the Framework for Improving Critical Infrastructure Cybersecurity, Version 1.0, a technology-neutral, voluntary, risk-based cybersecurity framework that includes standards and processes intended to align policy, business, and technological approaches to addressing cybersecurity risks. Four years later, NIST has released an updated version of the Framework.
On April 2, 2018, GAO issued a final rule revising its existing regulations to implement a number of changes to its bid protest process. The new rule becomes effective on May 1, 2018.
Several of these changes implement requirements in Section 1501 of the Consolidated Appropriations Act for FY2014 (“Act”), which directed GAO to institute an electronic filing system and authorized GAO to charge a filing fee to cover the cost of that electronic filing system. But the revisions are not limited to those two issues.
Here are the highlights:
On March 28, 2018, the Federal Register published proposed changes to the Civilian Board of Contract Appeals’ (“Board”) Rules of Procedure regarding appeals under the Contract Disputes Act (“CDA”). These proposed rules indicate that the Board wishes to: simplify and modernize access to the Board, clarify certain rules, and increase conformity between its rules and the Federal Rules of Civil Procedure (“Federal Rules”). Our key takeaways are below, and a side-by-side comparison between the Board’s current and proposed rules can be found here. Interested parties may submit comments by May 29, 2018. Continue Reading
[This article was originally published in Law360 and has been modified for the blog.]
This was not an April Fools’ Day joke: The New York Buy American Act (“NY BAA”) went into effect on April 1, 2018. Signed by Governor Andrew M. Cuomo in December 2017 and championed by state legislators on both sides of the aisle, the NY BAA amends the existing domestic content restrictions in Section 146 of the N.Y. State Finance Law and Section 2603-a of the N.Y. Public Authorities Law by adding another layer of “Buy American” requirements focused on structural iron and structural steel products used in certain construction projects.
Although Governor Cuomo has noted that this new law is intended “to support hardworking men and women, revitalize infrastructure across the state, bolster the strength of our manufacturing industries and cement our status as a global economic leader” – a sentiment in step with President Trump’s stated “Buy American” policy – the economic impact of this legislation remains to be seen. As will be discussed, this set of requirements is focused on only two categories of items (structural iron and structural steel) used on a specific set of construction projects (roads and bridges) that will be awarded by certain New York agencies or authorities during a two-year window.
Notwithstanding, the NY BAA is a noteworthy development because it further reinforces the general rallying cry behind “Buy American.” Most importantly, this new law serves as a reminder to contractors that an already cumbersome regime of federal and state domestic preferences will continue to remain complex.
GSA recently announced it is supporting an Inspector General investigation into alleged, third-party fraudulent activity in the System for Award Management (“SAM”). The GSA announcement suggests that fraudulent SAM accounts may have been used to divert certain federal payments to unauthorized bank accounts. The announcement does not elaborate on the scope of potentially impacted entities or the amount of misdirected payments at issue. GSA has advised impacted entities to validate their SAM registration and confirm their financial information. Although GSA has indicated it has or will reach out to impacted entities, contractors would be well advised to confirm independently the accuracy of their current SAM registration.