DoD Addresses Cybersecurity Preparedness, Incident Reporting, and Cloud Computing Acquisitions with new DFARS interim rule

Announced and effective today, August 26, 2015, DoD has issued an interim rule that significantly expands existing DFARS provisions and clauses requiring contractors and subcontractors to report cyber incidents.  The interim rule will apply “to all contractors with covered defense information transiting their information systems,” an estimated 10,000 contractors.  Additionally, in an effort to ensure acquisition uniformity across the Department, the interim rule implements DoD policies and procedures to be used when contracting for or utilizing cloud computing services.  Due to “urgent and compelling reasons,” the rule was issued without an opportunity for public comment.
Continue Reading

Supreme Court to Hear VA Procurement Controversy This Fall

In a matter of keen interest to the small business community, last month the Supreme Court granted certiorari in Kingdomware Technologies, Inc. v. United States. The Court’s decision will hopefully bring some closure to the long-running dispute between the Department of Veterans Affairs (“VA”) and veteran-owned businesses over the VA’s refusal to set aside procurements under the so-called “Rule of Two.” Continue Reading

Heads Up! Inflation Adjustments to Acquisition Thresholds Are Just Around the Corner

On July 2, 2015, the FAR Council issued a Final Rule that amends the FAR, effective October 1, 2015, to implement inflation-based adjustments to certain acquisition-related monetary thresholds. 80 Fed. Reg. 38293. The modifications will be made to comply with 41 U.S.C. § 1908, which requires the FAR Council to calculate the adjustments every five years based on the Consumer Price Index for all urban consumers. The statute does not require adjustments to thresholds established by the Construction Wage Rate Requirements statute (the Davis-Bacon Act), the Service Contract Labor Standards statute, or the United States Trade Representative, pursuant to Title III of the Trade Agreements Act of 1979. Continue Reading

As GSA FAS Struggles to Reinvent Itself, Contractors Suffer

Note: The following post is adapted from the forthcoming 2015/2016 GSA Schedule Handbook, published by ThompsonWest, due out later this year.

The last year has been a tough one for the GSA Multiple Award Schedules (“MAS”) program.  The Federal Acquisition Service (“FAS”) – the agency charged with administering the MAS program – has struggled to re-invent itself and its contracting vehicles in order to ensure they both stay relevant in an increasingly competitive federal marketplace.  The byproduct of this struggle has been mostly negative for Schedule vendors. Continue Reading

The FCPA Challenges of Doing Business in Cuba

This article originally appeared in the June 24, 2015 edition of Corporate Counsel and is reprinted with permission. © 2015 ALM Media Properties, LLC.

On December 17, 2014, President Barack Obama announced a set of diplomatic and economic changes aimed at normalizing relations between the United States and Cuba after nearly 55 years of barriers between the two countries. Obama stated that diplomatic relations would be re-established with Cuba, and on May 29 his administration removed Cuba from the U.S. list of state sponsors of terrorism. New regulations issued by the U.S. Department of Treasury and U.S. Department of Commerce on January 16, 2015, allow certain U.S. exports of telecommunications, construction materials and farming equipment, and allow U.S. banking transactions in Cuba. Continue Reading

Government Contracting Abroad: Beware Compliance Risks

On June 16, 2015, IAP Worldwide Services Inc., a private defense and government contracting company, agreed to pay $7.1 million to settle criminal charges under the U.S. Foreign Corrupt Practices Act (“FCPA”) related to bribing Kuwaiti government officials to secure a Kuwaiti government contract. On the same day, James Michael Rama, IAP’s former Vice President of Special Projects and Programs, also pleaded guilty to FCPA charges. For U.S. Government contractors, the opportunities to provide services and expertise to foreign governments are lucrative, but this enforcement action also highlights the risks associated with obtaining such contracts. Continue Reading

Ransoming Sensitive Personal Information: Will OPM’s Data Breach Trigger Your Insider Threats?

Perhaps it’s the books I’ve been reading or the television shows I’ve been watching, but my mind can’t seem to stop linking the recent barrage of cybersecurity attacks with those ne’er-do-wells that plagued the Caribbean from 1650 through the 1730s.  Yes, I’m talking about pirates, but not the Errol Flynn/Johnny Depp-style buccaneer, more the Edward Teach model, the notorious “Blackbeard.”  One of Blackbeard’s most infamous successes occurred in Charleston, South Carolina in 1718 when he blockaded Charleston Harbor and held some of the town’s leading citizens for ransom.  Rather than demand the typical jewels and money, Blackbeard wanted something else – he held both the town and its people ransom for £300 of medicine.  After a circus of errors conspired to delay the ransom payment, Blackbeard received his medicine and released both the harbor and his prisoners – minus, of course, much of their finer possessions (they were pirates after all) – and sailed off into legend.  So what does this jaunt down piracy lane have to do with cybersecurity and federal contractors?  Simple, sometimes we don’t know what’s really of value and how that value can be used.  Case in point – the OPM breach. Continue Reading

Seventh Circuit Rejects FCA Implied False Certification Theory

On June 8, 2015, the U.S. Court of Appeals for the Seventh Circuit rejected the doctrine of implied false certification in a False Claims Act (“FCA”) lawsuit, U.S. ex rel. Nelson v. Sanford-Brown Ltd.  No. 14-2506, 2015 WL 3541422.  In a welcome decision for government contractors, the Court held that the FCA is “not the proper mechanism” for Government enforcement of regulations.  Instead, regulatory violations should be handled by the appropriate Government agency–not the courts. Continue Reading

ALERT: NIST Issues Final Guidance on Federal Contractor Cybersecurity Standards for Controlled Unclassified Information

On June 19, 2015, the National Institute of Standards and Technology (“NIST”) published the final version of guidance for federal agencies to ensure sensitive information remains confidential when stored outside of federal systems.  The guidelines, Special Publication 800-171, Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations, apply to nonfederal information systems and organizations that process, store, or transmit federal controlled unclassified information, or “CUI,” and match the guidelines published for public comment last fall.  The new guidance is step two in a three-part plan with the National Archives and Records Administration (“NARA”), discussed in last month’s blog, to ensure the confidentiality of sensitive federal information no matter where it is stored.  As data breaches continue to make near-daily news, federal contractors not using the “recommendations” laid out in SP 800-171 would be wise to take another look, as they contain, more than ever, the Government’s express expectations of how it wants its information protected. Continue Reading

SCOTUS: No Unlimited Suspension of the Statute of Limitations Under the False Claims Act; “First-to-File” Doctrine Does Not Bar Related Suits in Perpetuity

In an opinion released May 26, 2015, Kellogg Brown & Roots Services, Inc. v. United States ex rel. Carter, the U.S. Supreme Court unanimously held that whistleblowers cannot extend the statute of limitations for war-related civil false claims under the Wartime Suspension of Limitations Act (“WSLA”), reinstating an already generous statute of limitations period under the civil False Claims Act (“FCA”).  The Court also settled a split between the U.S. Courts of Appeals for the D.C. Circuit and the Fourth Circuit.  For purposes of the FCA’s “first-to-file” bar, the FCA only limits a lawsuit based on the same underlying facts as another case that is actually open and pending when the later lawsuit is filed.  In reaching these holdings, the Court relied heavily on the plain meaning of the statutory language, simultaneously handing a victory to both Defendants (on the statute of limitations issue) and Plaintiffs (on the first-to-file issue).  But, the holding relating to the WSLA may prove to be the greatest legacy from the KBR decision, reigning in aggressive whistleblowers and government lawyers who would try to allege a case of “fraud” decades after the conduct occurred, and long after a Defendant is able to defend itself effectively. Continue Reading

LexBlog