Security: Clearance and Cyber

In the world of security clearances, the Senate reintroduced a bill last week to decrease the 570,000 pending security clearance investigations backlog. With this legislation, the National Background Investigations Bureau, which conducts most government security checks, will merge into the Pentagon, which may (or may not(!)) help get the backlog under control. Language within the bill charges the Director of National Intelligence with streamlining the time-intensive, paper-heavy security clearance process. It can take over a year to get a clearance, and that’s once you are in the queue. There is also the Catch 22 of not obtaining a contractor job without a clearance and not getting a clearance without already having the job. (Nextgov, February 2019) Of course, the backlog wasn’t helped by the shutdown.

The Department of Homeland Security (DHS) also has security on the table. Need to keep your non-US citizen tech guru on staff? DHS is with you. They hope to keep tech specialists from outside the country here, and support the Startup Act. The Startup Act would keep foreign-born entrepreneurs and STEM experts in the country to ultimately promote innovation. Seems counter to the current Administration’s stated goals, but kudos to Congress for trying. (ibid)

Meanwhile, Congress is trying to get a grip on how the recent government shutdown affected security, specifically cyber security. Here is a breakdown of the tech and cybersecurity hearings that took place last week:

  • 2.6.19 the Senate Appropriations Services Committee briefed by intelligence leaders on worldwide threats.
  • 2.6.19 the House Armed Services Committee evaluated the Defense Departments counterterrorism efforts.
  • 2.6.19 the House Energy and Commerce telecom subcommittee explored ways to preserve the open internet for small business and consumers. (Nextgov, February 2019)

Do you have security clearance questions? Wondering how the open internet will affect your small business and its ability to do business with the government? Give us a call at 301-913-5000 and we will try to provide you with answers.

809 Panel Contracting Shake-Up

Often, the Department of Defense has the need to make “real time” purchases, in the same way as corporations in the commercial world. With a procurement process in place that can be lengthy, the solutions provided may not always be the most technologically advanced. Congress took this knowledge and commissioned the Section 809 Panel.

The Section 809 Panel streamlines and codifies acquisition for DoD and addresses issues with the way DoD purchases warfighter equipment. The panel released their third report this week, with the final report (tying all findings together) expected to be released in mid-February.

Among its recommendations to mirror the commerical marketplace are the following:

  • A more streamlined approach for purchases, which includes halting publicly advertising procurements and small businesses set asides. (Federal News Network January 15, 2019)
  • Dividing DOD purchases into three groups:
    • Goods readily available -acquisition officials could buy items on a fixed-price basis worth up to $15 million — or higher with senior official approval — via direct solicitations or price quotes. This includes no public advertisement or small business set aside requirements.
    • Goods readily available with some modifications – would follow similar principles as goods readily available, but allow for slightly more government contract stipulations, oversight, and transparency. For example, those contracts covering most of DoD’s services spending would require public solicitations if they’re worth more than $15 million. And losing bidders would be able to file both pre- and post-award GAO protests.
    • Defense unique procurements -the panel acknowledged that DoD and Congress had already done significant work to develop alternative acquisition approaches that could deliver systems more quickly. (ibid)

The Section 809 panel will be disbanded this summer, expecting its study to live on in perpetuity. The report’s final recommendation is for all of the panel’s records to be transferred to a proposed Center for Acquisition Innovation at the National Defense University’s Eisenhower School. (Federal News Network January 2019)

Keeping a Secret Secret

The Pentagon warns that cyber attacks and threats from foreign intelligence services on national security are very real, and they aim to increase protections for subcontractors from foreign hacking efforts so that sensitive information remains undistributed.  Part of the new standard reads, “a company’s level of security is accepted by all prime contractors, systems integrators, and the DoD.” Subcontractors should now be able to better explain their security controls to defense companies. (J.Lynch, Fifth Domain, December 2018)

Subcontractors are being held to new standards, and the Pentagon is serious about poor or lapsed cybersecurity measures. A Pentagon task force has been created to prevent defense secrets from outside hackers as well as a pilot program for the DoD to learn which companies are actually in their network.

In light of those warnings, the Aerospace Industry Association (AIA) has updated the national aerospace standard, which now consists of a list of 110 security controls broken down into “22 control families.” (J.Lynch, Fifth Domain, December 2018) These new AIA guidelines do not replace the National Institute of Standards and Technology standards, but work to compliment them. Updated AIA standards are built around successive levels of security, thus allowing for continual improvement of cyber defense capabilities.

Questions about your cyber security plan? Give us a call at (301) 913-5000, we are here to help!