Department of Defense (DoD) Issues Final Rule on Safeguarding Covered Defense Information and Related Information Security Compliance Requirements

On October 21, 2016, the Department of Defense (“DoD”) issued a final rule (the “final rule”) codifying the specific actions DoD contractors and subcontractors must take to adequately safeguard “covered defense information” (“CDI”) and to report and respond to cyber incidents on “covered contractor information systems,” including those leveraging the cloud. The final rule updates several provisions of the Defense Federal Acquisition Regulation Supplement (“DFARS”) including two significant interim clauses DoD issued in late 2015: DFARS 252.239-7010 (“Cloud Computing Services”) and DFARS 252.204-7012 (“Safeguarding Covered Defense Information and Cyber Incident Reporting”) (herein referred to as the “interim clauses”). The interim clauses largely overhauled DoD’s scheme for information security on contractor systems, including cloud-based systems. This Client Alert comes as the latest in a series of alerts members of our team have made as the Government continually updates its approach to information and data security to counter increasingly dangerous cyber-risks.

Following the interim rulemaking, many Federal contractors and subcontractors were surprised by the interim clauses, which came without notice or opportunity to comment. The contractor community also had mixed-to-negative reactions to the interim clauses because they imposed new, seemingly burdensome security controls, required contractors to “rapidly report” cyber incidents to DoD within 72 hours of discovery, and required contractors to observe a host of seemingly burdensome forensic preservation requirements. They also struggled with the broad applicability of the clauses, which applied to any “contractor information system” handling a broad universe of data and information DoD termed “covered defense information” or “CDI.” In addition, many commercial cloud service providers (“CSP”) expressed concern that the clauses imposed standards more invasive and burdensome than what they had developed in the commercial marketplace.

Continue reading: http://www.jdsupra.com/legalnews/department-of-defense-dod-issues-final-80259/

Carter to Implement 3 Recommendations from Defense Innovation Board

WASHINGTON, Oct. 28, 2016 — Earlier this month Defense Secretary Ash Carter’s new Defense Innovation Board recommended to the department several novel practices for improving innovation at the Pentagon, and today he announced that he would implement three of them.

He was speaking at the Center for Strategic and International Studies’ event, Assessing the Third Offset Strategy, a forum during which department leaders discussed the DoD drive to identify next-generation concepts and capabilities that will assure U.S. military superiority over the next several decades.

Google Alphabet’s Eric Schmidt chairs the DIB and its members include Amazon’s Jeff Bezos, LinkedIn’s Reid Hoffman, Code for America’s Jennifer Pahlka, astrophysicist Neil deGrasse Tyson, United Technologies’ Mike McQuade and University of Texas Chancellor Bill McRaven, a retired Navy admiral and former commander of U.S. Special Operations Command.

Continue reading: http://www.defense.gov/News/Article/Article/989582/carter-to-implement-3-recommendations-from-defense-innovation-board?source=GovDelivery

Milwaukee Entrepreneurs Graduate SBA Emerging Leaders Initiative Small Businesses Developed Growth Plans, Networks

Milwaukee, Wis. – CEO’s of 8 small, high potential firms completed SBA’s 26-week “streetwise MBA” Emerging Leaders course on October 24. Serial entrepreneur and director of graduate management programs for the Milwaukee School of Engineering, Gene Wright, taught the program along with local business experts. Emerging Leaders culminates with each CEO developing a three year growth plan. Sylvestra Ramirez, CEO of Physical Therapy of Milwaukee, spoke on behalf of the class.

 

Eric Ness, SBA’s Wisconsin district director, congratulated the new graduates, saying, “Through the Emerging Leaders initiative, SBA has worked with nearly 80 Wisconsin companies. These firms have created local jobs, found financing to expand, and pursued contracting opportunities. Nationally, Emerging Leaders businesses have accessed more than $20 million in new financing and more than $700 million in Federal, state, local and tribal contracts. More than 80 percent created new jobs or retained all existing jobs and nearly 70 percent saw revenue growth. We look forward to the 2016 Emerging Leaders class moving their businesses forward with measurable success.”

 

Graduates included:

 

Duane Crowley and Genevieve O’Sullivan-Crowley, D&G Express Service Ltd

Lynne Keckeisen, Confluence Graphics Inc.

John LaPointe and Leah LaPointe, Greener Roofs and Gardens

Citlali Mendieta, Antigua Latin Restaurant & Catering

Alex Post and Jay Hoppa, Arker LLC

Sylvestra Ramirez, Physical Therapy of Milwaukee

Jose Reyes, CMJ Electric, LLC

Rosheen Styczinski, New Eden Landscape Architecture, LLC

2016-sba-emerging-leaders

Caption:  2016 Emerging Leaders graduates. (L-R): Gene Wright, instructor;  Lynne Keckeisen, Citlali Mendieta, Jay Hoppa, Genevieve O’Sullivan Crowley, Jose Reyes, Rosheen Styczinski, Sylvestra Ramirez, Leah LaPointe, John LaPointe, Shane Mahaffy, course coordinator, SBA; Eric Ness, Wisconsin district director, SBA.

Got Something to Sell to the Pentagon? It’s About to Get Easier

In the past, companies that had never sold to the government found it difficult to prove their qualifications to federal buyers.

Today, several agencies are trying to eliminate experience requirements, part of a deliberate effort to acquire cutting-edge technology from commercial companies that have, until now, avoided the federal marketplace.

The Pentagon’s research and development agency is one prominent example: the Defense Advanced Research Projects Agency’s Microsystems Technology Office is introducing a “simpler contracting approach” for companies that haven’t sold to DARPA and haven’t won large Pentagon contracts, according to a recent announcement.

Continue reading: http://www.defenseone.com/technology/2016/10/got-something-sell-pentagon-its-about-get-easier/132320/?oref=defenseone_today_nl

The Blacklisting Rules Are Coming: What Federal Contractors Need to Know

The Federal Acquisition Regulation final rule implementing the “Fair Play and Safe Workplaces” Executive Order 13673 was issued on August 25, 2016, and the rule goes into effect on October 25, 2016. This new regulation presents a significant change – and potential challenge – for major government contractors.

President Obama signed Executive Order 13673, often referred to as the “Blacklisting” order, on July 31, 2014. The stated goal of the order is to “increase efficiency and cost savings in the work performed by parties who contract with the Federal Government by ensuring that they understand and comply with labor laws.” On their face, the Order and regulations provide new instructions for Federal contracting officers to consider a contractor’s compliance with certain Federal and State labor laws as a part of the determination of contractor “responsibility” that contracting officers must undertake before awarding a Federal contract. But what do the Blacklisting Order and the final rule really do?

Continue reading: http://www.jdsupra.com/legalnews/the-blacklisting-rules-are-coming-what-62888/http://www.jdsupra.com/legalnews/the-blacklisting-rules-are-coming-what-62888/

DoD Updates Cyber Incident Reporting Rule

On October 4, 2016, a final rule was published in the Federal Register which implements statutory requirements for Department of Defense (DoD) contractors and subcontractors to report cyber incidents that result in an actual or potentially adverse effect on a covered contractor information system or covered defense information residing therein, or on a contractor’s ability to provide operationally critical support.

The final rule responds to public comments to the interim final rule published on October 2, 2015, and updates DoD’s Defense Industrial Base (DIB) Cybersecurity (CS) Activities.  The mandatory reporting requirements apply to all forms of agreements between DoD and DIB companies (contracts, grants, cooperative agreements, other transaction agreements, technology investments agreements, and any other type of legal instrument or agreement) and the revisions provided are part of DoD’s efforts to establish a single reporting mechanism for such cyber incidents on unclassified DoD contractor networks or information systems.  Importantly, reporting under this rule does not abrogate the contractor’s responsibility for any other applicable cyber incident reporting requirement which the contractor may be subject to (e.g. FTC, state laws, etc.).

Continue reading: http://www.natlawreview.com/article/dod-updates-cyber-incident-reporting-rule

Why Defense Contractors Should Embrace Insider Threat Requirements

John Breeden II is an award-winning journalist and reviewer with over 20 years of experience covering technology and government. He is currently the CEO of the Tech Writers Bureau, a group that creates technological thought leadership content for organizations of all sizes. Twitter: @LabGuys

October is national Cybersecurity Awareness Month, and I think it’s interesting it shares the same calendar space with Halloween. For many people working in government, the prospect of a security breach or hack is at least as scary as the season’s ghosts and goblins are for kids.

But while ghosts are arguably nonexistent and goblins are certainly confined to the realm of Tolkien fantasies, the danger of a cyber threat is all too real, with government becoming a favorite target of attackers in recent years.

Government has recently been motivated to improve its cybersecurity posture in a sort of trial by fire. The WikiLeaks and Edward Snowden incidents were a one-two punch in the gut in terms of worst-case scenarios. Then, the breach at the Office of Personnel Management that resulted in the theft of more than 21 million personal records brought the threat closer to home for millions of government workers.

Continue reading: http://www.nextgov.com/technology-news/tech-insider/2016/10/national-industrial-security-program-operating-manual-update/132236/?oref=govexec_today_pm_nl

Sen. Hatch dives into the FAR

Under the Federal Acquisition Regulation, agencies must consider existing commercial products before seeking to develop custom solutions to meet their needs. Sen. Orrin Hatch (R-Utah), chairman of the Senate Finance Committee, is asking vendors whether agencies are complying with those guidelines and taking full advantage of commercially available options.

In an Oct. 5 letter, Hatch announced that the committee wants to know whether agencies are conducting in-depth market research into off-the-shelf, or non-developmental, technologies that don’t require investments in new, expensive IT systems.

Continue reading: https://fcw.com/articles/2016/10/11/hatch-finance-far.aspx?s=fcwdaily_121016

Haven’t Sold To Government Before? DARPA Still Might Buy Your Tech

In the past, companies that had never sold to the government found it difficult to prove their qualifications to federal buyers.

Today, several agencies are trying to eliminate experience requirements, part of a deliberate effort to acquire cutting-edge technology from commercial companies that have, until now, avoided the federal marketplace.

The Pentagon’s research and development agency is one prominent example: the Defense Advanced Research Projects Agency’s Microsystems Technology Office is introducing a “simpler contracting approach” for companies that haven’t sold to DARPA and haven’t won large Pentagon contracts, according to a recent announcement.

Continue reading: http://www.nextgov.com/cio-briefing/2016/10/havent-sold-government-darpa-still-might-buy-your-tech/132203/?oref=govexec_today_nl

GSA’s New Contract With Dun & Bradstreet Draws Mixed Reaction

Last week’s announcement that the General Services Administration had updated its Dun & Bradstreet contract will allow agency acquisition personnel and contractors wider latitude to use the standardized company information for purposes beyond mere identification.

But some transparency advocates consider the step insufficient.

In a Sept. 29 blog post, Kevin Youel Page, deputy commissioner of GSA’s Federal Acquisition Service, announced changes in the proprietary system for business identifiers in its Integrated Award Environment tracking system that are a “huge step forward in the goal to make data more accessible and readily available across government.”

Continue reading: http://www.govexec.com/management/2016/10/gsas-new-contract-dun-bradstreet-draws-mixed-reaction/132205/?oref=govexec_today_nl