Photo of John E. McCarthy Jr.Photo of Nicole Owren-WiestPhoto of Meredith Parnell

On March 21, 2019, the Department of Defense (DoD) Defense Innovation Board (“DIB”) released a report, Software is Never Done: Refactoring the Acquisition Code for Competitive Advantage (“the Report”), summarizing DIB’s Software Acquisition and Practices (SWAP) study, which was mandated by the National Defense Authorization Act of Fiscal Year (FY) 2018. The two-year study involved conversations with Congress, the DoD, federally-funded research and development centers, contractors, and the public focused on ways in which DoD can take advantage of the strength of the U.S. commercial software ecosystem. In addition, the Board solicited feedback on concept papers and draft versions of the Report leading up to its publication.

DIB describes the ideal approach to software development as one of “iterative development that deploys secure applications and software into operations in a continuing (and continuous) fashion.” The Report is critical of current DoD software projects where the DoD “spends years on developing requirements, taking and selecting bids from contractors, and then executing programs that must meet the listed requirements before they are ‘done.’” DIB concluded that, as a result, software is obsolete before it reaches the field, is ill-matched to the needs of users, and risks positioning the DoD behind adversaries like China, which leverages private industry to develop national security software.

The Report makes 26 specific recommendations that flow from three fundamental themes: (i) “speed and cycle time” are the critical metrics for managing the DoD’s procurement, deployment and updating of software; (ii) the DoD must do more to educate, retain, and support the best internal software developers; and (iii) software development can no longer be managed as if it were hardware.

Among other things, the Report urges the DoD to immediately:

  • Require suppliers to provide access to “source code, software frameworks, and development toolchains, with appropriate intellectual property (IP) rights, for all DoD-specific code,” enabling the DoD to perform full security testing and rebuilding of binaries from the source. The Report notes that contractors should have licensing agreements to protect any IP developed with their own resources.
  • Shift away from the use of “rigid requirements for software programs to a list of desired features” with minimum standards for operation, security, and interoperability.
  • Make security a “first-order consideration” for all software intensive systems and acquisition programs, and prioritize “regular and automated penetration testing” to expose vulnerabilities and breach DoD systems before adversaries do.

DIB proposes that the DoD secure high-level support for the Report’s vision during FY 2019, and begin initial deployment of its recommendations in FY 2020.

Photo of Mark RiesPhoto of Anuj VohraPhoto of Christian CurranPhoto of Meredith Parnell

Much that has been written about the bid protest reforms in the Section 809 Panel’s final report has focused on Recommendations 66-69, which expressly address (and propose changes to) the protest process at the U.S. Government Accountability Office (“GAO”) and the Court of Federal Claims (“COFC”). But the 809 Panel’s most impactful recommended changes to the protest process actually may be contained in Recommendation 35 (“Rec. 35”). There, in the context of a discussion of “updating” the Department of Defense’s (“DoD”) process for the acquisition of commercial and related items and services, the 809 Panel proposes to eliminate entirely GAO/COFC protests for such acquisitions valued at less than $15 million (and likely many above that threshold as well).

As discussed further below, the implementation of Rec. 35 may have unstated consequences that could ripple across both DoD and civilian agency acquisitions.

A. Recommendation 35: An Entirely Different Protest Process for Acquisitions of “Readily Available” Goods and Services

Rec. 35 proposes that DoD “[r]eplace commercial buying and existing simplified acquisition procedures and thresholds with simplified, readily available procedures for procuring readily available products and services and readily available products and services with customization.” The recommendation stems from the 809 Panel’s belief that to operate effectively, DoD must be able to procure readily available items and services as would a private sector company, without the current FAR-based constraints.[1]

In Rec. 35, the 809 Panel proposes replacing DoD’s current commercial-buying framework with two newly-defined categories of products and services: “readily available” (“RA”) and “readily available with customization” (“RAC”). These two categories would greatly expand the concept of “commercial items.” The 809 Panel defines RA products and services as those “that require no customization by the vendor and can be ordered directly by customers, to include products and services that only governments buy.” RAC products and services are defined as those “sold in the private sector, including to other public-sector customers, for which customization or manufacturing that is consistent with existing private-sector practices is necessary to meet DoD’s needs.” The only acquisitions not covered under these two categories are those for which “DoD finance[s] development . . . to provide a defense-unique capability.”

The breadth of these definitions is important given the 809 Panel’s recommendations for acquiring these goods and services and, significant here, challenging those acquisitions:

  • No Advance Public Notice. Procurements for RA goods or services—whether customized or not—valued at less than $15 million would have no public solicitation or bidding process. Instead, a DoD contracting officer would need only to conduct sufficient market research to confirm that the goods and services being acquired were, in fact, readily available.[2] The lack of public notice or solicitation precludes the possibility of pre-award protests. And following award in such procurements, the procuring agency would need only post a notice of the award, and make the contracting file publicly available.[3]
  • Limited Award Challenges. GAO and the COFC would no longer have jurisdiction to consider protests arising out of RA procurements—customized or not—below the $15 million threshold. Instead, contractors wishing to challenge an award would be able to file only a post-award, agency-level protest, limited only to the question of whether the agency conducted adequate market research and reasonably concluded that the goods or services in question were readily available. (Procurements where a traditional solicitation is issued would generally remain subject to the GAO’s and COFC’s bid protest jurisdiction (subject to other recommendations contained in the 809 Report).

B. Impact of Recommendation

By their very terms, the procedures proposed in Rec. 35 would drastically change the way commercial items are procured. And given the expansive definitions of RA and RAC, there are few things—beyond major defense acquisition programs—that would not qualify. Indeed, the 809 Panel acknowledges that under these broad definitions in the report, “nearly all of the services DoD procures should meet the definition of readily available with customization.” Moreover, because the 809 Panel proposes that DoD may use the RA procedures for procurements in excess of the $15 million threshold with only authorization at the local level by the “chief of the contracting office,” DoD could use these procedures for procurements well in excess of $15 million with minimal, if any, transparency.

If implemented, these procedures also could have a ripple effect across DoD procurements in a variety of ways, and affect non-DoD procurements as well.

First, the new acquisition procedures would eliminate pre-award public scrutiny—and protests—of RA and RAC procurements where there is no public solicitation. This could stifle opportunity for small businesses and nontraditional contractors to access DoD procurements in favor large, traditional contractors with deep connections to DoD. This also would allow DoD to operate a huge swath of its expenditure of taxpayer funds unchecked at the pre-award stage, precluding both public scrutiny and eliminating potential offerors’ ability to challenge the ground rules of the procurement where the agency’s procurement may unduly restrict competition, improperly favor one offeror over another, or otherwise violate procurement law or regulation.

Second, the new procedures would significantly circumscribe the post-award protest process. The procedures completely remove oversight outside of DoD itself by eliminating GAO/COFC jurisdiction and leaving only agency-level protests. And even what is left within DoD can hardly be described as a protest. By limiting agency-level protests to the question of whether an agency conducted sufficient market research to determine commercial availability, Rec. 35 removes all other traditional grounds of protest—i.e., equal treatment of offerors, realism of proposed pricing, sufficient consideration of apparent organizational conflicts of interest, rationality of award decision, etc.

The ability to bring these types of traditional protest grounds serve not only to protect the investment of individual offerors in a given procurement, but to safeguard the integrity of the procurement system. Under the 809 Panel’s proposal, for the acquisition of RA products/services—with or without customization—where a solicitation is not issued, there would be nearly zero outside oversight of DoD procurement decisions. And although the 809 Panel asserts that releasing the “contract file” would increase transparency, even if true, that transparency is offset by the minimal information that would be included in the file and the lack of a viable mechanism to act on it.

Third, the limitation of protests proposed by the 809 Panel would also call into question the decades of legal precedent at GAO and COFC that contractors and agencies rely upon when planning acquisitions and bidding on procurements. And this uncertainty would likely have a severe impact on agency and contractor productivity and efficiency when it comes to planning and executing a procurement. Without a process to incentivize compliance, DoD agencies using RA procedures may choose to ignore established decisional law, adversely affecting an offeror’s ability to understand the legal boundaries of the agency’s procurement process.

Moreover, the proposed changes in Rec. 35 (and others) will create separate procurement and protest systems for the DoD and civilian agencies. Historically, this bifurcated approach created significant confusion, inefficiency, especially among the contractor community and particularly for those companies who operate in both the DoD and civilian spaces. These concerns eventually prompted the departure from the old Armed Services Procurement Regulation (“ASPR”)/Federal Procurement Regulation (“FPR”) split and the development of unified procedures under the FAR. Rather than propelling procurement to the future, the 809 Panel essentially seeks to revert to bygone days. As such, contractors once again will have to adapt not only to the new DoD processes, but also to the different, civilian agency procurement process.

All of these issues demonstrate that the RA procedures proposed by the 809 Panel may create significant upheaval in the DoD procurement community that could dramatically change how contractors will need to operate with regard to DoD procurements. But despite its “bold” proposals, the 809 Panel cites to very little by way of studies or research to support the benefits—much less the necessity—of these recommendations. Indeed, just last year the RAND Corporation released a comprehensive study of DoD procurements that found that bid protests were not a significant impediment to the procurement process. Thus the drastic revisions to the DoD protest process appear to be simply change for change sake, at best a solution in search of a problem.

Although improvements to the procurement process are always worth considering, the drastic measures called for in Rec. 35 threaten to upend decades of established legal principles in the procurement arena, and make the process less, not more, transparent for the public and for contractors. Contractors should take heed when examining their positions on these important issues and continue to monitor congressional activity in this area going forward as these reforms likely will dramatically impact many defense contractors’ business.

 

[1] In putting forward its belief that drastic changes are needed, the 809 Panel makes no distinction between the procurement of cutting-edge technology advancements from nontraditional businesses and the procurement of office supplies or custodial services for a support agency office.

[2] Although the report identifies a $15 million maximum for use of its new market research process, it also authorizes the process for RA and RAC procurements of any value in excess of $15 million if the “chief of the contracting office” authorizes use of the process in writing. No criteria govern use of this authority. The 809 Panel references FAR subpart 2.1, Definitions, for the definition of “chief of the contracting office,” but that term is not defined in the FAR. The term “contracting office” is defined essentially as any “office that awards or executes a contract.”

[3] Publicly posted contracting files would include identification of the products/services procured and the price paid, the contracting officer’s market research, and a “short award decision document” when the awardee was chosen based on factors other than price.

Photo of Peter J. EyrePhoto of Daniel R. FormanPhoto of Evan D. WolffPhoto of Kate M. Growley, CIPP/G, CIPP/US

Crowell & Moring has issued its fifth annual report on regulatory trends for in-house counsel. “Regulatory Forecast 2019: What Corporate Counsel Need to Know for the Coming Year” explores a diverse range of regulatory developments coming out of Washington and other leading regulatory centers of power, and it takes a deep dive into international trade—examining the challenges and opportunities that will arise in the year ahead as global businesses compete in the digital revolution and operate their businesses across borders.

The section focusing on government contracts, Battening Down the Hatches on Cybersecurity,” discusses why doing business with the federal government will get tougher as requirements for cybersecurity become stricter.

Also relevant to contractors is the article Congressional Influence on Rulemaking is On the Rise,” which discusses how congressional input on rulemaking is increasing as the Trump administration pursues deregulation.

Be sure to follow the conversation on Twitter with #RegulatoryForecast.

Photo of Evan D. WolffPhoto of Kate M. Growley, CIPP/G, CIPP/USPhoto of Michael G. Gruden, CIPP/GPhoto of Payal NanavatiPhoto of Judy Choi

Adding to the Defense Contract Management Agency’s (DCMA) new cybersecurity responsibilities, the Department of Defense (DoD) Under Secretary of Defense for Acquisition and Sustainment (USDAS) recently issued a memorandum titled Strategically Implementing Cybersecurity Contract Clauses that increases DCMA’s role.  The memorandum tasks DCMA with implementing a process to perform company-wide assessments of contractors’ compliance with the DFARS Safeguarding Clause and the related solicitation provision, DFARS 252.204-7008 Compliance with Safeguarding Covered Defense Information, in lieu of the current contract-by-contract assessment of the Clause and Provision requirements.

Specifically, the memorandum addresses the inefficiencies caused by DFARS 252.204-7008, which requires contractors to self-certify on a contract-specific basis implementation of National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 as required by the Safeguarding Clause.  USDAS notes that this approach impedes the effective implementation of requirements to protect the DoD’s Controlled Unclassified Information (CUI).  To resolve these issues, the memorandum directs DCMA to develop a proposed path to issue no-cost bilateral block modifications to contracts administered by DCMA and recommend to the USDAS a set of business strategies to:

  • obtain and assess contractor system security plans (SSPs) and associated plans of action and milestones (POAMs) at a strategic level as an alternative to the contract-by-contract review;
  • propose a methodology to determine contractors’ cybersecurity readiness at a strategic level and assign levels of confidence for contractors’ readiness assessment at the corporate, business sector or facility level; and
  • propose how to communicate contractors’ cybersecurity readiness and confidence level to DoD components.

Of note, DCMA is further instructed to engage industry to discuss methods to oversee the implementation of the DFARS Safeguarding Clause and NIST SP 800-171.  It is possible that this industry engagement may occur through another DoD Industry Day, since the last DFARS Safeguarding Clause-related Industry Day occurred almost two years ago.

Industry will once again take a “wait and see” approach to the DoD’s policy implementation since the DCMA is directed to take action after March 1, 2019.

Photo of David B. Robbins

This week’s episode covers government shutdown, trafficking in persons policy, and False Claims Act news, and is hosted by partner David Robbins. Crowell & Moring’s “Fastest 5 Minutes” is a biweekly podcast that provides a brief summary of significant government contracts legal and regulatory developments that no government contracts lawyer or executive should be without.

ListenCrowell.com | PodBean | SoundCloud | iTunes 

Photo of Crowell & Moring

Crowell & Moring has issued its seventh-annual “Litigation Forecast 2019: What Corporate Counsel Need to Know for the Coming Year.” 

The section focusing on government contracts, Bid Protests Enter A Shifting Landscape,” provides an overview of how the process of protesting the awarding of a federal contract might dramatically change in 2019.

Also of interest to contractors, the article, DOJ: Putting Limits On Guidance,” which outlines how The DOJ’s Brand Memo may give health care contractors a new avenue of defense in FCA litigation, but its interpretation is still unclear.

The Forecast further explores the developing legal, regulatory, and technology developments affecting a wide range of companies in twelve areas of law: antitrust, corporate, cybersecurity, e-discovery, environmental, government contracts, health care, intellectual property, international trade, labor and employment, torts, and white collar.

Be sure to follow the conversation on social media with #LitigationForecast.

Photo of Monica DiFonzo SterlingPhoto of Meredith Parnell

It’s not every day that a contractor recovers nearly four times the value of its initial contract, especially when there’s a potential conflict of interest in the mix – but that is exactly what happened in Appeal of Phoenix Data Solution.  On June 21, 2018, the Armed Services Board of Contract Appeals (Board) awarded Phoenix Data Solutions LLC, formerly known as Aetna Government Health Plans (AGHP), over $11 million in claimed settlement costs plus interest arising from the Tricare Management Activity’s (TMA) termination for convenience and subsequent deemed denial of AGHP’s claim related to performance under a regional TRICARE managed care support contract.

Continue Reading ASBCA Awards Contractor Over $11 Million in Settlement Costs After Termination for Convenience, Despite Possible Conflict of Interest

Photo of Trina Fairley BarlowPhoto of Christine B. HawesPhoto of Jason M. CrawfordPhoto of Mana Elihu Lombardo

In this episode, hosts Jason Crawford and Mana Lombardo speak with Trina Fairley Barlow, a partner in the firm’s Labor and Employment and Government Contracts groups, and Christine Hawes, counsel in the Labor & Employment Group, to discuss the False Claims Act’s retaliation provision and considerations for investigating FCA allegations brought by whistleblowers. “Let’s Talk FCA” is Crowell & Moring’s podcast covering the latest developments with the False Claims Act.

ListenCrowell.com | PodBean | SoundCloud | iTunes 

Photo of Peter J. EyrePhoto of David B. Robbins

This week’s episode covers GSA schedule, cybersecurity, and FCA news, and is hosted by partners Peter Eyre and David Robbins. Crowell & Moring’s “Fastest 5 Minutes” is a biweekly podcast that provides a brief summary of significant government contracts legal and regulatory developments that no government contracts lawyer or executive should be without.

ListenCrowell.com | PodBean | SoundCloud | iTunes 

Photo of Mana Elihu LombardoPhoto of M. Yuan Zhou

In this episode, host Mana Lombardo speaks with Will Chang, partner in the firm’s Health Care and White Collar & Regulatory Enforcement groups and a former trial attorney at the DOJ Criminal Division, Fraud Section; and Yuan Zhou, an associate in the firm’s Government Contracts Group, to discuss the recent impact of the Brand Memo on FCA enforcement. “Let’s Talk FCA” is Crowell & Moring’s podcast covering the latest developments with the False Claims Act.

ListenCrowell.com | PodBean | SoundCloud | iTunes