For the first time in several years, the version of the FY 2019 National Defense Authorization Act (NDAA) that just passed the Senate does not contain any major reforms to limit bid protests. But the bill the Senate sent to the conference committee process does contain two provisions aimed at bid protests. Although they are minor, they portend and may lay the groundwork for future attempts to change the protest process. Both provisions call for further study of issues addressed in the RAND Corporation’s January 2018 bid protest report.
Continue Reading Senate Largely Leaves Bid Protests Alone in Passed Version of FY 2019 NDAA After Threatening Major Revisions
Legislation
GAO’s Task Order Protest Jurisdiction Expires Today
GAO’s jurisdiction over protests of civilian agency task and delivery orders valued at more than $10 million will sunset today. 41 U.S.C. § 410(f)(3). GAO will continue to have jurisdiction over Department of Defense task and delivery orders over $10 million — Congress made that jurisdiction permanent in 2011. 10 U.S.C. § 2304c(e).…
Competing Bills Focus on Cybersecurity Information Sharing But Final Language and Ultimate Passage Remain Unknown
There are currently three major cybersecurity-related bills pending in the 114th Congress that address information sharing among private entities and between private entities and the federal government: the Protecting Cyber Networks Act (PCNA), H.R. 1560, the National Cybersecurity Protection Advancement Act of 2015 (NCPAA), H.R. 1731, and the Cyber Security Information Act of 2015 (CISA), S. 754. Some of the key issues that need to be resolved across these bills include: which agency will be designated as the lead as a clearinghouse for cyber threat information, what liability protections will be granted to those companies that do share information, and whether the structures established under any of these bills will also facilitate greater sharing of government threat information with the private sector. Although the bills all provide that existing reporting requirements will not be disturbed, such as those for Department of Defense “(DOD”) contractors, it remains unclear how these different reporting schemes will interact. Similarly, these bills do not address a provision in the House version of the 2016 National Defense Authorization Act that would provide liability protection to certain DOD contractors for properly reporting cyber incidents on their networks and information systems.
Restrictions on the sharing of cyber threat and vulnerability information are often raised as significant barriers to effective cybersecurity. But the sharing of such information is not without risk. In particular, private entities have raised concerns about how the government would use this information and whether such disclosures could result in antitrust, privacy or other legal complications. These bills look to increase incentives for cooperation between the government and the private sector in fending off cyber-attacks by encouraging private companies to voluntarily share information about the particular traits of cyber-attacks—what the bills refer to as “cyber threat indicators”—that they have previously encountered. In response to some of the concerns previously voiced by industry, these bills provide civil suit immunity for private entities that elect to share their information with each other and with the government. The bills also contain liability protection for contractors who monitor government computer systems. What follows is a brief comparison of all three major bills and why their different approaches may or may not benefit government contractors.Continue Reading Competing Bills Focus on Cybersecurity Information Sharing But Final Language and Ultimate Passage Remain Unknown
Senator McCain Renews Focus on Ending Cost-Plus Contracts
A longtime and well-known proponent of defense acquisition reform, Senator John McCain assumed the chairmanship of the U.S. Senate Armed Services Committee (“SASC”) on January 6. Sen. McCain has been particularly outspoken concerning cost overruns on major systems procurement projects. He has characterized the “cost-plus” contract structure as among the key causes of these overruns, and has described implementing a ban on “cost-plus” contracts as among his top three priorities for the 114th Congress (along with countering cyber-threats and addressing sequestration).
Continue Reading Senator McCain Renews Focus on Ending Cost-Plus Contracts
Federal Information Technology Reform Act Included in the House-Passed NDAA FY 15
A major piece of IT acquisition reform legislation called the Federal Information Technology Acquisition Reform Act (“FITARA”), on which we have previously reported, was included in version of the National Defense Authorization Act for Fiscal Year 2015 (“NDAA FY 15”) passed by the House on December 4, 2014, along with other significant IT reform provisions related to open systems requirements for the Department of Defense (“DoD”).
The FITARA portion of the bill includes provisions that would require the federal government to:
- empower Chief Information Officers (“CIOs”) and prevent the CIO from delegating the duty of reviewing IT contracts before the agency enters into the contract;
- provide a publicly available list for each major information technology investment, both new and existing, that lists information specified in forthcoming investment evaluation guidance;
- engage in a detailed review of high-risk information technology investments to identify problems;
- inventory all information technology;
- implement a federal data center consolidation initiative, which will include publicized goals regarding cost savings and optimization improvements to be achieved as a result of the initiative, and must be performed consistent with federal guidelines on cloud computing and cybersecurity such as FedRAMP and NIST guidelines;
- expand the use of specialized IT acquisition experts;
- develop a federal strategic sourcing initiative to be developed by GSA, which will allow for the use of governmentwide user license agreements.
Additional provisions require the use of open and modular strategies by the DoD, including the following requirements
Continue Reading Federal Information Technology Reform Act Included in the House-Passed NDAA FY 15
Request for Public Comments on “Alternative Measures” for Calculating Allowable Employee Compensation Costs
A Federal Register notice has requested public comments on “alternative measures” for capping the reimbursement of contractor employee compensation. This notice follows a June 24, 2014 interim rule from the Department of Defense (“DOD”), the General Services Administration, and the National Aeronautics and Space Administration that implements Section 702 of the Bipartisan Budget Act of…
Cleared Intelligence Contractors Readying for New Cybersecurity Reporting Requirements
When it became law on July 7, 2014, the 2014 Intelligence Authorization Act (“IAA”) gave the Director of National Intelligence (“DNI”) 90 calendar days to issue new regulations addressing the requirement that “cleared intelligence contractors” report any “successful penetration” of their networks and information systems. With the DNI on the clock, what can these contractors expect?
For one thing, following a penetration of a covered network or information system, the DNI regulations will require that a cleared intelligence contractor report the following information to a designated element of the Intelligence Community (“IC”):
- A description of the technique or method used in such penetration;
- A sample of the malicious software, if discovered and isolated by the contractor, involved in such penetration; and
- A summary of information created by or for an element of the IC that has been potentially compromised.
Continue Reading Cleared Intelligence Contractors Readying for New Cybersecurity Reporting Requirements