Skip to content Skip to left sidebar Skip to right sidebar Skip to footer

Tag: DOD

Line Item: Cybersecurity

We knew it would eventually happen. DoD is finally looking to permit cybersecurity costs as “allowable” on certain types of government contracts. (Federal News Network, June 2019)

Katie Arrington, the special assistant to the Assistant Secretary of Defense for Acquisition for Cyber in the Office of the Under Secretary of Acquisition and Sustainment in DoD, recently spoke at the Professional Services Council (PSC) gathering in Virginia. Ms. Arrington is the lead for the DoD effort to develop and institutionalize the new Cybersecurity Maturity Model Certification (CMMC) standard for vendors. She told attendees that she wants to enact a legitimate standard for cybersecurity allowable costs. (ibid)

During a recent webinar, Arrington spoke about cyber attacks and the need for the defense industrial base to defend themselves against nation-state attacks. DoD is aiming at not just it’s 200,000 prime contractors but all vendors (approximately 300,000) that comprise the DoD supply chain. (ibid)

Arrington is working with the Johns Hopkins University Applied Physics Lab and Carnegie Mellon University’s Software Engineering Institute to generate initial requirements. The draft will require DoD vendors to be certified through third-party assessment organizations. The standard incorporates existing requirements from NIST, the Federal Risk Authorization Management Program (FedRAMP), and other models.  (ibid)

Arrington expects DoD to carry out 12 webinars across the country over the summer. She aims to receive feedback from industry experts with a draft standard by the end of summer and third-party assessors to start certifying vendors in January. (CMMC requirements will be added to requests for information by June of 2020 and become a standard in solicitations by September 2020.) (ibid)

According to Alan Chvotkin, senior vice president and general counsel for PSC, the certification of contractors will be a very competitive discriminator in the marketplace. His main concern is whether DoD will only certify the big six contractors and what is going to take place for the prime and a subcontractor. (ibid)

Congress recognizes that risks to the supply chain need to be reduced. The Senate version of the 2020 National Defense Authorization Act, includes a provision requiring DoD to move to a broader cybersecurity standard with its contractors. Currently, DoD mandates defense contractors meet the requirements of NIST Special Publication 800-171; however, there is no current audit for compliance. Oversight of subcontractors by prime contractors is also a reasonable concern as is the lack of information available on subcontractors. The committee feels prime contractors should be held responsible and accountable for securing DoD technology and sensitive information and ultimately delivering uncompromised products and capabilities. This is seen as a first step in securing the supply chain. (ibid)

The Senate Armed Services Committee (SASC) believes DoD should provide direct technical assistance to contractors, based on risk, and in such a way as to not harm the industrial base while at the same time providing incentives/penalties for non-compliance of vendors’ cyber performance. DoD is being asked to provide the SASC with a briefing by March of 2020 and quarterly briefings on how the standard is being implemented by both vendors and the DoD. (ibid)

Although security has always been an allowable overhead cost, it will now be used as an incentive to get vendors to more quickly align themselves to the CMMC standard. The incentive doesn’t force companies to trade off security for other expenses. It appears the government will offer some reimbursement for some share of the cost, hopefully bringing all vendors up to the same level. (Firm-fixed-price contracts do not fall under the allowable cost umbrella in the same manner, as cyber is counted as general overhead in the final cost to the government.) (ibid)

Eager to learn a little more about the cyber standard and how it might affect your current contract or an upcoming bid? Give us a call at 301-913-5000.

 

 

Accelerating Money to Small Business

If the Accelerating Defense Innovation Act passes Congress, small businesses with more than 50 percent of venture capital funding will find it easier to obtain Small Business Innovation Research (SBIR) grant money from the Department of Defense (DoD). To date, legal hurdles have prevented DoD from utilizing these companies. (Fedscoop, May 21, 2019)

The SBIR, created in 1983, provides small businesses with grants to help them expedite product development, and offers follow-on funding and assistance to provide guidance meeting requirements during the government purchasing process. In 2003, courts ruled that companies owned (more than half) by venture capital firms were ineligible for SBIR grants. Then in 2011, a waiver was created by Congress for those small businesses that are majority-owned by venture investors. These waivers required congressional notification as well as Small Business Administration approval. (ibid)

Unfortunately, DoD has never used the waiver. Defense Contracting Officers continue to shy away from small businesses funded through venture capital. Rep. Mac Thornberry (R-Texas), the new legislation sponsor, cited a recent example of a small satellite technology startup that visited DoD’s Hacking 4 Defense program but did not receive an SBIR grant because of the majority capital investment in the firm, even though their technology is cutting edge. (ibid)

A new pilot program, on which the legislation is based, allows the Secretary of Defense and service acquisition executives for each arm of the military to make an SBIR award to a small business that is majority-owned by domestic venture investors. The bill will allow no more than 15 percent of DoD SBIR program funds to be awarded to these small businesses. Its end date of September 30, 2022. (ibid)

Aside from SBIR, small tech companies can look at other ways to work with the DoD. For instance, the Defense Innovation Unit currently handles commercial innovation pilot projects. Once testing is complete, any DoD branch may procure from a small business, generally within 90 days of the first contact with the company. (ibid)

Rep. Thornberry, the ranking Republican on the House Armed Services Committee, would like to include his legislation in the 2020 National Defense Authorization Act (NDAA).

EZGSA has information about this and other ways small businesses can obtain government contracting. Give us a call at 301-913-5000.

 

The Future is Cloud-y

In February, GSA released a draft request for proposal (RFP) to consolidate and upgrade all of the Defense Department’s back office functions into the commercial cloud. GSA’s Federal Acquisition Service is now in the early stages of doing the same for civilian agencies with Civilian Enterprise Office Solutions (CEOS). (Federal News Network, May 7, 2019)

To help ensure supply chain security, DHS took the lead on early efforts. GSA has taken over efforts to reduce the attack surface of the network. With managed service, security is already embedded in the solution, making it more secure than the currently situation. (ibid)

Alan Thomas, GSA FAS commissioner and a board member managing the Technology Modernization Fund (TMF), has recommendations/lessons learned for agencies applying for Fund loans to modernize their IT:

  • Agencies submitting proposals this year need to build incremental benchmarks into their proposal, or their funding will likely be pulled.
  • Quarterly reviews will be conducted on agencies receiving funding.
  • Agencies should make sure their proposals focus on value creation and cost savings as the agencies must pay back funding provided by TMF.
  • Agencies should coordinate internally on proposals prior to submission; otherwise, they run the risk of being turned down for funding. (ibid)

FAS is also in need of IT modernization. The FAS internal systems, FSS 19, is nearly 40 years old. It uses older programming languages (COBOL, PowerBuilder) that solved specific problems instead of approaching an integrated solution. FAS is in need of a new, updated IT solution to bring the agency out of the 1970s. (ibid)

Are you a software provider or integrator looking to bring civilian agencies into the 21st century? Let’s talk! 301-913-5000.

 

 

Outdated Software, Meet Innovation!

We all know that the Defense Department’s outdated software lags behind current industry standards. Procurement and updates take entirely too long. To get a handle on the situation, the Defense Innovation Board, through the DoD, conducted a year-long study with the results of the study, released last Friday. (Federal News Network, May 3, 2019)

The Defense Innovation Board suggests the following to get DoD software up to speed:

  • Congress updating laws to reduce procurement timeframes;
  • All military agencies working together to test and optimize software;
  • Ensuring cybersecurity; and
  • Enriching software employees through services. (ibid)

The DoD undersecretary would like to complete multiple pilots with one line of funds for software development, which would give DoD administrative flexibility. Other suggestions include special pathways for rapid acquisition of applications and upgrades, quicker turnaround time for software requirements processes, and a fund available for rapid software acquisition and upgrades. (ibid)

Any new defense acquisition system should be optimized for software-centric (not hardware) systems that prioritize security, speed, and cycle time over cost, schedule, and strict requirements.. Additionally, “DoD will need to create and maintain an interoperable digital infrastructure that enables rapid deployment, scaling, testing and optimization of software as an enduring capability; manage it using modern development methods and eliminate the existing hardware-centric regulations and other barriers for software programs.” (ibid)

The report emphasizes bringing software development into the modern age by making it a high-priority career track with specialized recruiting, education, promotions, and salaries to attract the talent necessary to maintain, optimize, and develop products over time. It also pointed out that procurement requirements must move from rigid lists to a format of desired features and required characteristics: this will keep programs from bottlenecking. (ibid)

The Pentagon is currently rewriting D0D’s primary acquisition policy document, Instruction 5000.02, in an effort to start improving the acquisition process.  Many see this as a step in the right direction, albeit a small one.

Do you have a talent pool ready to work with DoD to modernize their software and new acquisition process? Give us a call at 301-913-5000, and we can talk about your options.

809 Panel Contracting Shake-Up

Often, the Department of Defense has the need to make “real time” purchases, in the same way as corporations in the commercial world. With a procurement process in place that can be lengthy, the solutions provided may not always be the most technologically advanced. Congress took this knowledge and commissioned the Section 809 Panel.

The Section 809 Panel streamlines and codifies acquisition for DoD and addresses issues with the way DoD purchases warfighter equipment. The panel released their third report this week, with the final report (tying all findings together) expected to be released in mid-February.

Among its recommendations to mirror the commerical marketplace are the following:

  • A more streamlined approach for purchases, which includes halting publicly advertising procurements and small businesses set asides. (Federal News Network January 15, 2019)
  • Dividing DOD purchases into three groups:
    • Goods readily available -acquisition officials could buy items on a fixed-price basis worth up to $15 million — or higher with senior official approval — via direct solicitations or price quotes. This includes no public advertisement or small business set aside requirements.
    • Goods readily available with some modifications – would follow similar principles as goods readily available, but allow for slightly more government contract stipulations, oversight, and transparency. For example, those contracts covering most of DoD’s services spending would require public solicitations if they’re worth more than $15 million. And losing bidders would be able to file both pre- and post-award GAO protests.
    • Defense unique procurements -the panel acknowledged that DoD and Congress had already done significant work to develop alternative acquisition approaches that could deliver systems more quickly. (ibid)

The Section 809 panel will be disbanded this summer, expecting its study to live on in perpetuity. The report’s final recommendation is for all of the panel’s records to be transferred to a proposed Center for Acquisition Innovation at the National Defense University’s Eisenhower School. (Federal News Network January 2019)