Defense Industrial Base

On April 9th, President Trump issued the Restoring America’s Maritime Dominance Executive Order (“Maritime EO”), which declares that “[i]t is the policy of the United States to revitalize and rebuild domestic maritime industries and workforce to promote national security and economic prosperity.”  The Maritime EO aims to improve the nation’s commercial shipbuilding capacity and bolster the maritime workforce.  The four corners of the Maritime EO primarily take two key steps—(1) directing the National Security Adviser to prepare a Maritime Action Plan (“MAP”) to revitalize domestic maritime industries and (2) imposing a series of trade-related measures to bolster domestic shipping.  The Fact Sheet accompanying the Maritime EO further notes that President Trump has established a new Office of Maritime and Industrial Capacity at the National Security Council, which presumably will help coordinate implementation of the Maritime EO.  

While much remains to be seen on how the Maritime EO will be implemented, it is clear that the Trump administration intends to take a multifaceted approach to supporting the domestic maritime industry.  In this regard, the EO tracks and builds upon the SHIPS for America Act of 2024 (“SHIPS Act”), proposed legislation that garnered broad bipartisan support last year after its initial introduction in Congress.  The SHIPS Act was co-sponsored by then-Rep. Michael Waltz, who as the current National Security Adviser has principal responsibility for managing the development of the MAP that forms the backbone for the EO and its policy objectives.  Especially in light of the legislative momentum in this area, we expect that this initial action and any subsequent executive and legislative actions will be of significant interest to a wide range of U.S. businesses, including ship builders and their suppliers.Continue Reading Renewed Effort to Support Commercial Shipbuilding Capacity and the Domestic Maritime Industry

President Trump issued a series of executive orders (“EOs”) and presidential memoranda on Wednesday, April 9, that could impact government contractors across a broad range of industries.  Among other initiatives, these executive actions seek to reform the defense acquisition system, reinvigorate the U.S. maritime industry, and streamline foreign military sales.  The actions also reflect President Trump’s goal of catalyzing innovation and economic growth by reducing regulatory burdens, both in general and in the energy industry specifically.

We briefly summarize below the six April 9 executive actions most likely to impact government contractors.Continue Reading New Executive Actions Address the Defense Acquisition System, U.S. Maritime Industries, Foreign Military Sales, and “Unlawful” Regulations

On March 12, 2024, the Department of Defense (DoD) published a final rule, revising the eligibility criteria for the voluntary DoD Defense Industrial Base (DIB) Cybersecurity (CS) Activities Program.  The intent of the rule is to permit all defense contractors that own or operate unclassified information systems that process, store, or transmit covered defense information to participate in the program.  Previously, only cleared contractors were permitted to participate in the sharing of this information.  The final rule also amends identity proofing requirements by eliminating the need to obtain a medium security certificate to participate in either the voluntary or mandatory reporting regimes.  The rule will take effect on April 11, 2024, and DoD anticipates a significant increase in contractor participation.

Additional information about the rule is outlined below.Continue Reading DoD Expands Contractor Cybersecurity Information Sharing Program

On March 8, 2022, the Department of Justice announced the first settlement of a case under the Civil Cyber-Fraud Initiative.  Established in October 2021, the Initiative aims to utilize the government’s authority under the civil False Claims Act to pursue alleged instances of fraud and misrepresentation concerning cyber practices.  (We previously wrote about the Initiative here.)  The Initiative has been a point of emphasis in DOJ speeches and public comments in recent months.  This settlement is a milestone in the rollout of the program and confirmation that DOJ intends to take allegations of cyber fraud seriously.
Continue Reading First Settlement of DOJ Civil Cyber-Fraud Initiative

On the heels of the FTC’s opposition to Lockheed Martin’s acquisition of Aerojet Rocketdyne and Lockheed’s termination of the deal, the Department of Defense (DoD) released a report expressing concerns about the state of competition among its contractors.  Of particular note, the report encourages DoD action to (1) increase oversight of M&A transactions and (2) obtain greater IP rights in matters involving defense industrial base contractors.  Although the report is light on specifics and identifies objectives that are in some tension with each other, the report is a reminder to companies that the U.S. Government, the single largest purchaser in the country, remains focused on enhancing competition. To that end, we anticipate seeing Executive Branch action in the coming months that seeks to further that policy objective.
Continue Reading DoD Signals Increased Scrutiny of Gov Con M&A and Renewed Interest in Background IP Rights

On February 24, 2021, President Biden signed an Executive Order entitled “Executive Order on America’s Supply Chains” (the “Order”). Among other things, the Order is an initial step toward accomplishing the Biden Administration’s goal of building more resilient American supply chains that avoid shortages of critical products, facilitate investments to
Continue Reading President Biden Directs Broad Review of America’s Supply Chains

It goes without saying that the COVID-19 pandemic has significantly affected the Department of Defense (“DoD”) and the defense industrial base.  And while Congress has taken steps to mitigate these impacts, the sheer scale of the pandemic’s effects pose a continuing challenge to both DoD and its contractors.  Now a group of major defense contractors has submitted a pair of joint letters to the Pentagon and OMB highlighting the need for further action and the risk to the defense industrial base if such actions are not taken.
Continue Reading Defense Contractors Say Section 3610 and Other Contractor Support Measures Require Relief

On Friday January 31, 2020, Ellen Lord, Under Secretary of Defense for Acquisition and Sustainment, Kevin Fahey, Assistant Secretary of Defense for Acquisition, and Katie Arrington, the Chief Information Security Officer for the Department of Defense (“DoD”), briefed reporters on the release of the Cybersecurity Maturity Model Certification (“CMMC”) Version
Continue Reading DoD Announces the Release of CMMC Version 1.0

On December 13, the Department of Defense (“DoD”) released the latest version of its Cybersecurity Maturity Model Certification (“CMMC”).  This is the third iteration of the draft model that DoD has publicly released since it issued the first draft in October.  (We previously discussed Version 0.4 and Version 0.6 of the CMMC in prior blog posts.)

DoD describes the CMMC as “a DoD certification process that measures a DIB sector company’s ability to protect FCI [Federal Contract Information] and CUI [Controlled Unclassified Information].”  DoD has stated publicly that it intends to begin incorporating certification requirements into solicitations starting in Fall 2020, with compliance audits beginning in late 2020 or early 2021.  Depending the sensitivity of the information that contractors will receive in the course of performing work for DoD, they will be expected to demonstrate compliance through third party audits with the requirements set forth under one of five certification levels.  This applies even where contractors will not be handling FCI or CUI in the course of performing their contracts.[1]

The two most significant updates to the model in this version of the draft are (i) the addition of “Practices” for obtaining Level 4 and 5 certifications, and (ii) an expansion of “clarifications” section, which now covers the requirements of Levels 2 and 3 of the model, in addition to Level 1.  These changes and others are discussed in more detail below.  Given the expected release in late January 2020, it is likely that the requirements in this draft will closely resemble those that will be set forth in Version 1.0 of the CMMC framework, which is anticipated to serve as the basis for the first contractor audits.Continue Reading DoD Releases Version 0.7 of Its Cybersecurity Maturity Model Certification

On November 7, the Office of the Assistant Secretary of Defense for Acquisition released Version 0.6 of its draft Cybersecurity Maturity Model Certification (CMMC) for public comment. The CMMC was created in response to growing concerns by Congress and within DoD over the increased presence of cyber threats and intrusions aimed at the Defense Industrial Base (DIB) and its supply chains.

The model updates Version 0.4, which DoD released on September 4, 2019, and which we wrote about here. The CMMC establishes the framework necessary for contractors to obtain one of five certification levels necessary to perform work on certain DoD contracts, including those that require the handling of Controlled Unclassified Information. Whereas Version 0.4 merely listed the capabilities, controls, and processes that were expected to apply to each certification level, this version provides some additional discussion and clarification to assist contractors with meeting Level 1 certifications.

DoD has not explicitly asked for comment on this version of the CMMC, and has stated that the updated model is being released “so that the public can review the draft model and begin to prepare for the eventual CMMC roll out.” For this reason, although additional changes are to be expected to the model, contractors should review the general requirements closely to ensure that they are positioned to continue bidding on DoD contracts once DoD begins including a requirement to obtain a specific certification level in Requests for Proposal in Fall 2020.
Continue Reading DoD Releases Version 0.6 of its Cybersecurity Maturity Model Certification