As a result, there has been no shortage of procurement legislation and regulation prohibiting or curtailing the federal government’s purchase of Chinese products: Section 889 of the Fiscal Year (FY) 2019 National Defense Authorization Act (NDAA) (restrictions on the use of telecommunications equipment and services); Section 847 of the FY 2020 NDAA (mitigating risks related to foreign ownership, control, or influence of Department of Defense (DoD) contractors or subcontractors); Section 223 of the FY 2021 NDAA (disclosure of funding sources in applications for federal research and development awards); and Section 5949 of the FY 2023 NDAA (prohibition of certain semiconductor products and services).

Even more legislation may be on the way, as we see provisions in the House version of the FY 2025 NDAA (see, e.g., Sections 173, 178, 242, 807, 1706, and 1722) and in the Senate version of the bill (see, e.g., Sections 885, 886, 887, 888, and 889).

Two different supply chain supply regimes essentially govern supply acquisition: The Buy American Act (BAA) and the Trade Agreements Act (TAA). Recently, there has been a renewed focus on the BAA, as the domestic component requirements have been increased.

The BAA, however, is a price evaluation preference, which means if the price of a Chinese product is low enough, the federal government will buy that product. For large business offerors, the price preference added to non-domestic offers is 20%, and for small business offerors, it is 30%. Under DoD acquisitions, the preference is 50% for all domestic offerors, regardless of size.

Depending on the item and the value of the acquisition, the TAA or other specific free trade agreements might apply because the United States Trade Representative (USTR) has waived the BAA for many supply acquisitions above specific thresholds, ranging from 50,000 to 174,000. If the TAA applies, offerors generally must supply products made domestically or in allied countries.  Most major acquisitions for commercial products, like the MAS program, are subject to the TAA.

Under the TAA, Chinese products are not eligible for purchase because China is not a signatory to the TAA. Although the BAA favors domestic production, it has the downside of allowing the acquisition of Chinese products in certain circumstances. The TAA provides a holistic approach to strengthening the supply chain, by taking advantage of the economic advantages and technical capabilities of our domestic sources and our allies, with the added benefit of providing domestic firms with the ability to participate in the procurements of allied countries. The differences between the BAA and TAA are important considerations as government and industry work together to address supply chain security and resiliency.

The post Competing global supply chain approaches first appeared on Federal News Network.

The Army has a plan to no longer “fight the network.”

Through the Unified Network Operations (UNO), initiative, the Army wants to create an agile, software-defined network that is easy to set up and use. This is the opposite of what soldiers currently must deal with then setting up a tactical network that requires on-premise hardware, cables and unique knowledge and skillsets.

The Army is laying the groundwork for this new network set up under UNO in a new draft request for proposals that Lt. Col. Keith Jordan, the product manager for Tactical Cyber and NetOps, in the Army’s Program Executive Office Command Control Communications-Tactical (PEO-C3T) said will bring efficiency, ease of use and, most importantly, meet the needs of commanders more readily.

“There’s a time component of how long it takes to make the network operate. That’s a concern. But also, it’s a manpower issue. It’s specialized training and skills that our signal soldiers are required to have in order to make all these different components of network work, both from a hardware perspective, a cabling, a software interoperability issue perspective and troubleshooting. So there’s a lot of different factors that the soldiers have to go through to make the network work,” Jordan said in an exclusive interview with Federal News Network. “When they are having to do those tasks across multiple items, one-by-one, it does take a lot more time. And depending on a unit, you’re going to always have a degree of soldiers that have the right requisite training and the right requisite experience. So there’s always a little bit of inefficiency built into that model. What we’re looking to do through this is to really improve that inefficiency, and make it much more a much simpler task for those soldiers, especially if we’re not fully manned that at each unit to do that mission.”

PEO-C3T has been leading the UNO effort for the better part of two years and the draft RFP is the second piece of a three-pronged effort to create this new software-defined network.

Jordan said the draft solicitation, for which responses are due by July 17, will help inform its long term plans to bring in commercial technologies and take advantage of cloud services. PEO-C3T expects to issue a final RFP for this multiple award indefinite delivery, indefinite quantity contract in early 2025 and make awards in early 2026.

In the meantime, Jordan said the Army will soon award “several” other transaction agreements (OTAs) to examine prototypes of what UNO may look like.

“The Army acquisition executive last year decided that UNO would utilize the software acquisition pathway. This is a new pathway under the adaptive acquisition framework that really is focused on how we manage, contract and deliver software capability to the Army. It’s different than what we might typically see under the some of the older pathways. This really is a revolution of thinking in the Army of how we recognize that software is different than hardware and it needs to be procured differently,” he said on Ask the CIO. “Really, what that does is it allows us to deliver capability incrementally versus like a big bang where the product is done all at once. We recognize that this will not be done right off the bat, you’ll get updates to the capability over time and each time we make an update, the capability will get more and more mature, more and more capable. The whole idea is we’re able to rapidly make these updates versus in the past where it may take a really long time to make an update. We want to update very often based on feedback in whatever theater we might be operating in.”

Army testing prototypes through OTA

Through the OTA process, Jordan said vendors will demonstrate SDN capabilities that can bring together several disparate systems and handle a large number of users over a several month period.

He said the vendors will demonstrate the SDN capabilities in the lab and in the field so soldiers can provide real-time feedback and the contractors can add or change the network as required.

Jordan said “usability” and “simplicity” will be key concepts that the Army wants to see in the prototypes.

“We think by doing that we’re going to really get down to a good vendor, and then following that, we’re going to pursue a FAR-based contract that will allow a lot more vendors to get in the mix and be able to deliver various capabilities,” he said. “We don’t know how many vendors we’re going to end up with so that’s why the window [for timing] is a little bit difficult. But we think between late 2024 and 2025, we’ll be able to complete that [OTA award] process. Then as we go into the prototype phase, the idea would be that’s a little bit of a longer phase because there’ll be a downselect. We’re not going to take the same amount of vendors from the lab to the field. We’re going to take those vendors out to the field and that’ll be a little bit longer because what we do want to do is see their agile development process and we want to be able to see as a soldier provides feedback to a particular company, we want to see him make the changes that we’re looking for. It’s not just about the technology, it’s also going to be about the company’s ability to manage the process.”

Jordan said the network of the future will depend on agile and DevSecOps process, where signal soldiers will not have to have special skillsets.

The future network also will enable commanders to make faster and better decisions as data will be easier to get and use.

“We’ve had to fight the network for a long time. This will help us be able to get the network up and running efficiently, tailored to our mission needs and operationalize it,” Jordan said. “For industry, there’s going to be lots of opportunities inside UNO to deliver unique and value added capabilities to the network. We’re really excited because there is so many opportunities for businesses, both small and large, to deliver capability inside the network, around things that we haven’t even thought of yet that we may want. As long as our vendors are able to operate in a modular open system approach, and that we’re able to integrate capability into that architecture in a rapid and easy to do methodology, we’re really going to be successful.”

The post With UNO, Army intends to stop battling its own network first appeared on Federal News Network.

Conflicts of interest in federal contracting can happen in a lot of ways. In one tangled case, an award winner’s subcontractor turned out to have a conflict of interest. And it may have scuttled the deal. Haynes Boone Procurement Attorney Zach Prince joins the Federal Drive with Tom Temin.

Interview transcript:

Tom Temin
This one’s a little bit convoluted, but you’re always good at sorting them out for us, Zach. This was a [Center for Medicare and Medicaid Services]  award for what to whom?

Zach Prince
So this was the third iteration of a CMS award. This was a protest by a company called the Square Group (ASG) of an award to its competitor Cogent. This award was for health insurance marketplace and financial management analytics. So analyzing data generated from other CMS contracts, among other things.

Tom Temin
All right. And it didn’t initially go to Cogent, it went to ASG first.

Zach Prince
That’s right. So ASG got this award in 2023. And then Cogent brought a protest at GAO. Before GAO got to a decision there, the agency took corrective action, held exchanges with Cogent and ASG, got revised quotations, and then decided that actually it was going to award to Cogent which had a substantially lower price. So at that point, ASG protested here at GAO.

Tom Temin
Yeah. And they had a lot of grounds. But there was only one that really kind of stuck and took them both through a long process.

Zach Prince
A lot of these protests, especially at GAO, you go in and you argue basically everything. As Judge Thompson said in one of his decisions from the Court of Federal Claims recently, “throw the throw spaghetti at the wall and hope something sticks.” That’s how a lot of protests go. This though, GAO was struck by the organizational conflict of interest (OCI) issue, and that ultimately is what it decided in favor of for ASG.

Tom Temin
Right, so now, nobody has the contract while CMS figures out what to do. But in this case, the organizational conflict of interest wasn’t with the main contractor, Cogent; it was with one of its subcontractors. Explain what was going on there.

Zach Prince
So there are a couple of categories of OCI. Organizational conflicts of interest can be impaired objectivity — which is what happened here — biased ground rules, or unequal access. So some of those are things that can be mitigated, usually impaired objectivity, which means basically, that you’re evaluating your own work from another contract. Can’t be mitigated, unless it’s a subcontractors issue, and then potentially the subcontractor can be firewalled off. That’s what the issue was here. A Cogent subcontractor, that it was having do quite a bit of the work apparently, had been running a separate contract for CMS supporting the federal exchanges, or healthcare.gov, where it was generating the data that it was then going to be validating under this new contract. Classic, classic impaired objectivity OCI; there was a proposed mitigation strategy. But on review, GAO decided that strategy just wasn’t enough.

Tom Temin
In other words, this subcontractor was going to be evaluating data that it itself generated, not in relation to its direct work for CMS, but in its work as a subcontractor to Cogent, which would have ended up in the same place.

Zach Prince
You can’t have a situation where you’re evaluating your own work, or where somebody who’s part of your team is evaluating its own work. It is, at least optically, a major problem where the agency should not be able to trust or can’t trust the independence of that assessment. And so they proposed a mitigation strategy. They said, ‘we’re going to take this up, and we’re going to firewall them off.’ So they’re not reviewing that one type of data, payment data, that was generated from the other contract. And the agency said, ‘okay, that’s good enough.’ But when GAO looked at this during the protests, they said, ‘hold on, there are several categories of data that are at issue here. There’s payment data, there’s enrollment data, there’s potentially other data, all of which are data that were generated by the subcontractor under the other contract. Your proposal for mitigation only dealt with one category, it didn’t deal with these other ones.’ So for the agency to have accepted the mitigation proposal as is, where it only dealt with one category that was irrational. And that was the basis to sustain the protest.

Tom Temin
We’re speaking with Zach Prince, he’s a partner at the law firm, Haynes Boone. Would the subcontractor have known about what’s going on, because it probably would have, because don’t subcontractors know when they’re part of a team that is bidding by the prime for a new contract?

Zach Prince
They absolutely should have known what’s going on. And the prime, Cogent, really should have known about this issue, too. The issue was brought to their attention during the evaluation also, by the technical evaluation, and that’s when they came up with this mitigation strategy. They didn’t reflect this mitigation strategy in their technical proposal, which by the way, they had a couple rounds of chances to provide a revised proposal. So they’ve got a technical proposal that says nothing about segregating these guys out. And in fact, they call for hundreds of hours of these guys’ time, the subcontractor’s time, doing valuation tasks. That was directly contrary to what they said in the mitigation plan. They just didn’t fix the issue when they had opportunity.

Tom Temin
Yeah, some things simply can’t be mitigated, in other words.

Zach Prince
It could have been mitigated if they did it early enough, if they came up with a way that this sub just wasn’t doing that work. Some things certainly can’t be. If the prime was the one who had generated this data that they’re then evaluating, you can’t mitigate it by firewalling yourself off, it’s too much of the work. Sometimes, if it’s a tiny part of the scope of work, maybe you can subcontract that as the prime, but most cases, you can’t. But in this case, it just wasn’t reflected in their technical proposal, which is another big issue GAO had with the agency’s conduct.

Tom Temin
Even if they could say, well, this subcontractor will continue to evaluate this data. But this particular sliver of data which they generate under this contract with us, they will not be. We’ll find somebody else to evaluate it. Even that doesn’t seem to totally mitigate it, because you still have this business relationship, and it just doesn’t sound clean no matter what you do in some cases.

Zach Prince
And I think it’s rational for the agency to determine that that is something that can’t be mitigated if that’s what they wanted to do. The finger is on the scale heavily for the agency, as long as it’s making a rational decision. The problem is here, they weren’t making a rational decision. It just wasn’t reflected in the technical proposal, which showed that, basically, if they did this mitigation, what they proposed was unworkable. And the mitigation itself just didn’t go far enough. Because it wasn’t just a sliver of data that was the problem. It was this wider set of data.

Tom Temin
And so now nobody has the contract. GAO just, I guess, invalidated it. What happens in these situations when you have too close bidders. One was better on price, but it has a conflict of interest. Can the agency say ‘okay, we’ll go back to the first company, Square Group?’

Zach Prince
The agency has got a couple of options. And the most outlandish option — this is definitely not happening — is the agency just says ‘we don’t care what GAO says.’ They don’t have to; GAO just makes recommendations. But if you don’t do what GAO says, then you’re going to end up in the Court of Federal Claims. And your agency is going to end up in front of Congress explaining why they chose to ignore GAO.

Tom Temin
Plus it could be two more years till you get any of the work done.

Zach Prince
Right. I mean, if they choose to ignore GAO, then they can just let Cogent keep going. And then they get the work done. And sometimes that happens in really sensitive procurements. But it is really rare. They could also go back now and say, ‘let’s reopen discussions. And we’ll get a new proposal from Cogent, we’ll get a new proposal from ASG. ASG will probably give us a much better price. Cogent will give us a different technical proposal that deals with this issue.’ And then they reevaluate at that point. That’s the more complicated way to do it. I’m not sure right now, how the work’s getting done. Maybe there’s a bridge contract from the incumbent. I think this probably is ASG continuing to perform because I think they were the incumbent, so maybe the agency goes that route.

Tom Temin
All right, so we could call this one be fair or be square. Pun intended.

The post Why bidders for federal contracts need to deal with conflicts of interest early on first appeared on Federal News Network.

Senate Armed Services Committee leaders filed their version of the National Defense Authorization Act for fiscal 2025 on Monday, which was passed behind closed doors last month in a 22-3 vote. The bill is now heading to the Senate floor for consideration.

The legislation includes an amendment to a portion of Section 1521 of the defense bill for fiscal 2022, which centralizes the procurement of cyber products and services across the Defense Department. 

The fiscal 2022 defense bill states that the DoD components can’t independently purchase cyber services unless they can buy services at a lower per-unit price than what the DoD chief information officer office, which leads department-wide procurement of cyber services, offers. The components can also procure cyber services independently if the DoD CIO office approves the purchase.

If passed, the amendment included in the 2025 defense bill would allow DoD components to buy cyber services independently if they can demonstrate the “compelling need that the requirement of the product has due to its urgency, or to ensure product or service competition within the market.”

Sen. Eric Schmitt (R-Mo.), who has long expressed concern about the Defense Department’s increasing reliance on Microsoft for its cyber products, initiated the amendment.

“DoD CIO has used this authority to create a one-size-fits-all approach to all DoD components, causing serious concerns related to a single zero-day flaw being used to create massive disruptions across DoD’s networks. The amendment returns decision-making power back to DoD components, so they can adopt tailored cybersecurity approaches based on the threats they face,” the amendment summary shared with Federal News Network says.

In May, Schmitt, along with Sen. Ron Wyden (D-Ore.), sent a letter to the Pentagon inquiring about the department’s push to implement Microsoft’s most expensive licenses, known as E5, across all components. The Pentagon already widely relies on Microsoft products and services but it has been considering mandating all components to upgrade to Microsoft’s E5 license as part of its effort to achieve the target level of zero trust by 2027.

“Although we welcome the department’s decision to invest in greater cybersecurity, we are deeply concerned that DoD is choosing not to pursue a multi-vendor approach that would result in greater competition, lower long-term costs and better outcomes related to cybersecurity,” Schmitt and Wyden wrote.

Another amendment, also spearheaded by Schmitt, would require companies that conduct software development in China to notify the Pentagon if they are required to disclose any software vulnerability to any Chinese agency, such as the Ministry of Industry and Information Technology.

“PRC security laws mandate that cyber companies with presences in China must report any flaw discovered to their government, potentially giving state-sponsored hackers a treasure trove of zero-day flaws to exploit. This bill would ensure that companies doing business with DoD that have presences in the PRC report the same information to their US-based arm as their PRC arm reports to the CCP government,” the summary of the amendment provided to Federal News Network reads.

The provision amends Section 855 of the fiscal 2022 defense policy bill and is identical to the Defense Technology Reporting Parity Act, which Schmitt filed on the floor prior to the 2025 defense policy bill.

The two amendments signal lawmakers’ growing concern about the Pentagons’ reliance on a single vendor for its cybersecurity products.

The fiscal 2025 defense policy bill authorizes a topline of $911.8 billion, which exceeds spending limits imposed by the Fiscal Responsibility Act passed last year.

Sen. Jack Reed (D-R.I.), chairman of the Armed Services Committee, voted against the legislation due to the funding increase that would break the spending caps.

“I regret that I needed to vote against passage of this bill because it includes a funding increase that cannot be appropriated without breaking lawful spending caps and causing unintended harm to our military. I appreciate the need for greater defense spending to ensure our national security, but I cannot support this approach,” Reed said in a statement.

The House passed its version of the defense bill last month, and the two chambers will have to negotiate to pass the bill before the end of 2024.

The post NDAA amendment to give more authority to DoD components to buy cyber products first appeared on Federal News Network.

The Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) is exactly what it sounds like: a mandate for reporting. There’s also a cyber reporting rule from the Securities and Exchange Commission already in effect. Is it overkill? Executive Vice President for Policy at the Professional Services Council Stephanie Kostro shared more with the Federal Drive with Tom Temin.

Interview transcript:

Tom Temin
Sounds like contractors are waking up and looking across the landscape at reporting rules. And everywhere you look, there’s another one.

Stephanie Kostro
I have likened to this set of proposed rules and final rules, etc., as a flurry. And it really has been a plethora of cyber incident reporting requirements coming down, not just for companies across the economy, but specifically for government contractors. And we’re following I think it’s 16 separate actions very, very carefully. And those things range from exactly what you said, the SEC had a rule go final last December, that talked about reporting of significant cyber incidents, and it already looks like there are companies out in the economy who are not paying attention to that rule, and has been called to question in several ways in the courts. And so as we move forward with this CIRCIA proposed rule, PSC submitted comments. I think they received close to 300 very substantive, meaty sets of comments. It really is an active space, and contractors are watching it very, very closely.

Tom Temin
Because there doesn’t seem to be a lot of coordination among the agencies that are imposing these rules. Here, you’ve got two we just mentioned that our cyber alone and there might be more coming.

Stephanie Kostro
That’s exactly right. Last year, the second half of 2023, the Office of the National Cyber Director — that’s an office within the White House — released a request for information, asking the public, ‘how can we better harmonize these cyber requirements,’ not just reporting requirements, but across the board. And we, along with others provided some substantive feedback on that. But the landscape continually changes, and we’ve seen lots of proposals introduced, since those comments were due so in the last, say, eight to 10 months, even more cyber incident reporting requirements have come across the transom. Courts are challenging, companies are not necessarily following the rules. It’s really sort of I would liken it to a maelstrom of activity. We are very concerned that some of these reporting requirements might be overly burdensome, particularly on government contractors whose very livelihoods depend on federal work, and they want to be compliant. It’s just what rules should they be more compliant with? It goes back to the old literary references to all these things are created equal, but some are more equal than others. Which ones take precedence for government contractors, which ones should really be the name of the game? And we have some thoughts on that. PSC stands ready to help with collaboration, to help with cooperation with the government to figure out what actually makes our nation more cyber secure, and what incidents should be reported. What ones have the potential to materially impact either the company or the work that the government needs to perform? And so as we move forward, we, alongside several other associations and other companies, want to be helpful in this regard. There’s just so much going on?

Tom Temin
Well, I guess the SEC, to use that example, can only ask publicly traded companies to report and then I presume — I haven’t read their rule — but it would be any incident that might materially affect their being invested in or something, some result that they would have that investors would make a decision on. But in the case of the Cybersecurity and Infrastructure Security Agency, they would be concerned about impacts on the cybersecurity operations and the continuing operations of infrastructure providers. So different purposes for the rules. What’s PSC’s main commentary here? What are you saying, in general, to all these agencies?

Stephanie Kostro
Really happy that you mentioned that, Tom, because some of those government contractors are publicly traded companies. So they are subject to both sets of rules. And our position is, what is CISA trying to do in this space? We want to be supportive of the maintenance and sustainment of government operations, to make sure folks are more cyber secure. So we are hoping to work with them on what entities should be covered, what kinds of cyber incidents should be covered. And to be honest CIRCIA also, this proposed rule talks about ransomware payments or ransom payments. As we move forward, information about payments, etc., that’s important. But does that actually make you more cyber secure? it’s really unpacking what causes the cyber incursions and incidents and preventing them from starting even in the first place. And that is what makes us more cyber secure. And that’s what we at PSC would like to focus on.

Tom Temin
We’re speaking with Stephanie Kostro, executive vice president for policy at the Professional Services Council. There’s another rule reporting situation, of different context, and that is a final rule from the Small Business Administration, getting rid of the idea that you can self-certify that you are service-disabled veteran-owned. And there is a site at which people could do that. That site is not working too well. So what are you finding here? What’s going on?

Stephanie Kostro
I love that you bring this one up as well, Tom, because comments were due here on July 8, regarding this SBA direct final rule, and it’s something that’s not going through their proposed rulemaking process. It’s a direct final rule. And it would implement a section of the fiscal year 2024 National Defense Authorization Act, which eliminates the ability for these service-disabled veteran-owned small businesses to self-certify, to say that they are in fact, service-disabled veterans who have ownership stakes in these small businesses to go through the [Veteran Small Business Certification (VetCERT)] program. We, on the face of it, are supportive of this. It’s the timelines that we are questioning. And here’s the rub. And you mentioned it, Tom: This direct federal rule goes into effect August 5. If you go to the VetCERT program website, they are taking it down to upgrade it on August 1, and it estimates that it will be out for about a month or so, potentially longer, to do system wide upgrades. And what they say is if you’re trying to apply for certification as a service-disabled veteran-owned small business, please wait until this upgrade is over. The issue that we’re facing here is if the website is down and you can’t have new applicants applying for certification here, you’re going to run into a backlog of folks looking for certification. And we wonder whether the SBA has the manpower and the resources necessary to work through that backlog as quickly as they need to. Because, as of October 1 of this year, if you want to get credit for participating as a service-disabled veteran-owned small business, or you have that kind of business among your subcontractors, if you want to claim credit for participation, they have to be certified through this program. So it’s one of these things where I am not entirely sure that, on the face of it, it could be the people writing this direct final rule didn’t talk to the website folks. That happens a lot, not just in government, but across the economy and in companies too. But I hope that they can look at this and go, ‘Hey, maybe we can we can find some wiggle room here for companies to be able to comply with this final rule in a timely manner in a way that makes sense.’ Currently, it just looks like they’re gonna run into a brick wall here.

Tom Temin
Yeah, sounds like the technology and the policy aren’t quite aligned, and not the first time we’ve seen that happen.

Stephanie Kostro
Exactly, exactly. Again, that’s not solely the realm of the government; this happens in companies too. But I would like the SBA, when they read our comments, to note that this is really not a great situation. And they have the power to change some of this.

Tom Temin
All right. And in the couple of minutes we have with you, I wanted to go to a third topic, and that is some of the National Defense Authorization provisions in the House version. And there is a little bit more inflation relief, temporary authority to help adjust for inflation. I’m presuming PSC is in favor of that one?

Stephanie Kostro 

We are very much in favor of that. This was a provision that was put into law last year, and it was extended again, and the House passed version of the National Defense Authorization Act for Fiscal 2025 would extend it again. This is temporary authority to allow companies to claim costs incurred for inflation related expenses. And so this is subject to the availability of funds — these kinds of provisions always are — we just like to have the ability for companies to recoup any unexpected expenses due to inflation. And we talked a lot about inflation two years ago, a year and a half ago, even a year ago, it still hasn’t come down to where companies had planned for it to be. And so some of these costs are much higher than they had anticipated and planned for.

Tom Temin
Right. There’s a pretty strong labor market in the United States. And that’s where a lot of the inflation you might see in professional services.

Stephanie Kostro
That’s exactly right, Tom, and we have a tight labor market where we’ve got more job openings than job seekers. And so, as we move forward, we’re gonna have to adjust how we think about labor. And I think we are all for paying laborers more, certainly a wage that they deserve, and even thinking through what the long term implications of this higher-than-expected inflation would be.

Tom Temin
And then there’s the pilot project that the NDAA would launch, and that is that the loser pays for protests, legal costs.

Stephanie Kostro
So this is sort of Groundhog Day for us, Tom, this provision, when if a protest lodged with the Government Accountability Office is denied, that the contractor would pay [the Defense Department] for costs incurred to defend the protest. This was the law of the land from the fiscal year 2018 NDAA; it was repealed. Studies have been done that this kind of approach isn’t the most effective. There aren’t a lot of frivolous protests. And a lot of times GAO comes down not with a clean denial of protest, but something in between where the government and the company work something out. And it’s really unclear to us what would count as a cost incurred by the department in defending a protest. And so, PSC, like we did last year when this provision was in the NDAA, stands ready to talk about negative impacts of protests and to figure out a way that we could help in this regard. I just don’t think rehashing old language is the way to go. And we’re looking to be helpful in that.

The post Contractors see new cyber reporting rules everywhere they look first appeared on Federal News Network.

Specifically, in recent comments submitted on behalf of Coalition members, we pointed out that stakeholders have been addressing multiple cyber-related rulemakings, including:

• DoD’s Cybersecurity Maturity Model Certification (CMMC) Program 2.0
• Revisions to NIST 800-171 including Software Bills of Materials
• The implementation of the Federal Risk and Authorization Management Program (FedRAMP)
• Cyber incident reporting generally, and
• Ongoing implementation of Section 889 (regarding the restriction on the use of certain communications and video technologies)

That is a lot of cyber-related regulatory activity. To this point, in addressing one of the provisions of the Cyber Threat and Incident Reporting FAR Case, specifically, the required incident reporting within eight hours of discovering its occurrence, with subsequent updates every 72 hours thereafter, we identified the need for coordination. After noting that short timelines run the risk of inundating the government with false positive reports to make sure compliance obligations are fulfilled, along with the fact that they take away contractor time from efforts to mitigate cyber incidents, we recommended that the government:

…harmonize the proposed rule with the 72-hour reporting requirement established by the DFARS and the CIRCIA [(CISA’s Cybersecurity Incident Reporting for Critical Infrastructure Act)] to afford contractors more time to conduct initial investigations, prepare a preliminary report, and begin remediation efforts. Further, subsequent updates should be required only for material changes.

The Council should also consider exempting cloud service providers (CSPs) that have an existing FedRAMP authorization from the rule’s reporting requirements so long as they comply with FedRAMP’s incident communications procedures.

The government should pursue opportunities to harmonize the requirements and criteria of its cybersecurity rulemakings as much as possible to alleviate unnecessary burdens for both the public and private sectors. Overlapping and/or conflicting rules are not just a manifestation of inefficiency and waste. They prompt confusion and contribute to making the government an inhospitable environment for doing business. The federal government needs the commercial sector to keep up with cutting-edge technology and resulting cybersecurity vulnerabilities. Indeed, a key component of the acquisition reforms put in place at the end of the last century is the appropriate reliance on that sector, as that reliance permits the government to leverage, rather than duplicate, the private sector’s research and innovation expenditures, freeing up government funds for targeted application to mission critical goods and services. Simply put: the harder it is for commercial firms to participate, the lower the number of commercial firms, and their associated solutions, available to the government.

In a recent Breaking Defense opinion piece advocating for DoD and Congress to “walk away” from CMMC,  Bill Greenwalt, nonresident senior fellow at the American Enterprise Institute and a former deputy undersecretary of defense for industrial policy, discussed the burden of such compliance costs.  He stated:

CMMC’s costs are significant and equate to nearly $4 billion annually over the next two decades. …  [I]ncreased costs to industry will inevitably end up coming back to the department in the form of increased prices and what the government pays in reimbursed contractor overhead.  

***

For small businesses, exactly the type of company that DoD is looking to attract in its latest industrial base strategy, these costs may prove to be prohibitive as the price to pay to merely bid on a contract. DoD has noted it will cost small businesses over $100,000 to have a third-party certify their compliance with just Level 2 requirements. …

For primarily commercial companies, the issue will be whether the benefits ever justify the costs… The net result will be more decisions to not bid on government contracts, an even smaller and more concentrated defense industrial base, and fewer opportunities for DoD to adopt leading commercial innovation.

Hyperlinked citations omitted.

In our comments on the Cyber Threat and Incident Reporting rule, we expressed our belief that with so many cyber initiatives underway, the government and industry would benefit from opportunities for periodic information exchanges. Based on the foregoing, we continue to believe that such exchanges would facilitate a common understanding of the many compliance obligations involved in identifying and implementing an appropriate cybersecurity regime, including the cost of that regime, and thereby, they would promote the efficient and effective implementation of needed cyber-related rules. To that end, the Coalition is available to facilitate such exchanges.

The post Cyber harmonization: Making the regulations work together first appeared on Federal News Network.

• The Justice Department's Civil Cyber-Fraud Initiative chalked up another successful case by winning more than $11 million from two contractors to resolve False Claims Act allegations. Guidehouse paid $7.6 million and Nan McKay and Associates paid $3.7 million to put to rest claims they violated the False Claims Act. The companies failed to meet cybersecurity requirements in contracts intended to ensure a secure environment for low-income New Yorkers to apply online for federal rental assistance during the COVID-19 pandemic. Guidehouse and Nan McKay admitted that they failed to satisfy their obligation to complete the required pre-production cybersecurity testing of the system.
  (DoJ wins biggest cyber False Claims Act settlement yet - DoJ)
• House appropriators are digging in even further into federal telework and agencies’ return-to-office policies. One fiscal 2025 spending bill that the GOP-led committee advanced this week includes language targeting teleworking feds. Language accompanying the bill would set new requirements for agencies to publicly report their policies on telework and office space. It would also require agencies to publicly share their office space utilization rates in the D.C. area. Unions are pushing back against the language, saying that telework policies should be tailored to the nature of employees’ work, rather than having a one-size-fits-all approach.
  (More House appropriators target federal telework, office space - Fedeal News Network)
• Two Defense Department projects made the cut for the Presidential Federal Sustainability Awards the White House announced this week. One is a project the Air Force has been working on since 2019 at Florida’s Tyndall Air Force Base, about half of which was destroyed by Hurricane Michael the previous fall. The White House credited Air Force officials with rebuilding with a “base of the future” in mind, and using construction techniques that should make the installation more resilient against severe weather. The second is the huge Edwards Air Force Base solar project, which became one of the world’s biggest solar and battery storage facilities when officials cut the ribbon last year. The 4,000-acre project is also DoD’s biggest public-private partnership to date.
  (DoD Components Receive Presidential Sustainability Award - Department of Defense)
• The Federal Risk and Authorization Management Program (FedRAMP) finalizes the "fast pass" approval process for AI tools. The FedRAMP cloud security program is opening up its doors to specific types of generative artificial intelligence capabilities for priority approvals starting August 31. Under the new emerging technology prioritization framework, FedRAMP is telling vendors to submit three types of GenAI tools for expedited reviews. The FedRAMP management office said it will start with GenAI tools used for chat interfaces and code generation, and debugging tools that use large language models and prompt-based image generation. It also will review associated application programming interfaces (APIs) that provide these functions. It will release the first list of prioritized AI tools by September 30.
  (FedRAMP to begin prioritizing AI cloud capabilities for approvals - Federal News Network)
• The Defense Counterintelligence and Security Agency is managing a surge in security clearance applications. DCSA Director David Cattler said his agency is receiving up to 11,000 new applications for investigations every week. The surge has led to longer security clearance processing timelines. Cattler told the House Oversight Committee this week that secret-level cases are taking an average of 92 days to process and a top-secret case about 188 days.
  (An examination of DOD’s struggling background check system - House Oversight and Accountability Committee )
• For the first time in a decade, the Government Accountability Office is out with a proposed revision of federal internal controls. Called the "Green Book," GAO said its changes emphasize preventive control activities and highlights management's responsibility for internal control at all levels and within all functions of an agency's structure, such as program and financial managers. The proposed revisions provide additional requirements, guidance and resources for addressing risk areas such as fraud, improper payments and information security when designing, implementing and operating an internal control system. GAO has not updated the Standards for Internal Control in the Federal Government since 2014. Comments on the proposed revisions are due by August 26.
  (GAO proposes first updates to the 'Green Book' since 2014 - GAO)
• The Department of Homeland Security is expanding a new cyber personnel system. DHS established the Cyber Talent Management System (CTMS) in 2021. It got off to a slow start, but DHS has now hired nearly 200 people using CTMS. DHS Chief Information Officer Eric Hysen said the department has made hundreds of offers using the system. Hysen told the House Homeland Security Committee that in the coming years, DHS will expand use of CTMS across the department.
  (DHS aims to expand CTMS after ‘challenges’ with rollout - Fedeal News Network)
• The Partnership for Public Service is down to just six finalists for the 2024 Sammies People’s Choice Award. The finalists are part of the larger awards program, which recognizes the work of career civil servants. The People’s Choice finalists include one team that made it possible for non-tax forms to be electronically submitted to the IRS. Another finalist developed an app that lets veterans use their phones to make health care appointments and manage insurance claims. Voting on all six finalists is open to the public until July 12. The winner will be recognized later this year during a Sammies ceremony at the Kennedy Center in Washington, D.C.
  (2024 Sammies People’s Choice Award finalists - Partnership for Public Service)

The post False Claims Act allegations leave two contractors with millions of dollars in fines first appeared on Federal News Network.

In a long-running case, a vendor of computer vision software protested a National Geospatial-Intelligence Agency award to systems integrator CACI, which was going to develop its own computer vision software. The protester, Percipient, had not bid. But Percipient did file in the Court of Federal Claims on the basis that the government is obligated to use commercially available products. For what happened next, the Federal Drive with Tom Temin talked to Haynes and Boone procurement attorney Dan Ramish.

Interview Transcript: 

Tom Temin: I guess before filing at the Court of Federal Claims, this company Percipient had gone back and forth with the NGA and with CACI, trying to get awarded as a subcontractor.

Dan Ramish: Yes, that’s right, Tom. So what’s interesting and unusual in this case is that Percipient wasn’t in a position to meet the government’s entire requirement. The government needed both a repository for storing and managing and disseminating visual intelligence and also the computer vision functions that Percipient provided. And so at most, it could act as a prospective subcontractor, but it couldn’t prime contract the work with the government. So it was relying on this statutory preference for using commercial products and services.

Tom Temin: So the question then when it went to the Court of Federal Claims after being said basically, ‘Thanks, but no thanks,’ by both NGA and CACI, it filed a protest on that basis. But there were two problems there right are two issues that had to overcome. 1. Did that really apply the commercial requirement and 2. Did the company have standing?

Dan Ramish: So there were both standing and jurisdictional questions as to whether the protests could survive. The government filed a motion to dismiss and the court actually dismissed because of what’s called the task order protest ban, which says that protests that are in connection with the issuance or proposed issuance of an order under an IDIQ contract can’t be protested to the Court of Federal Claims. There are dollar thresholds where you can bring a protest at GAO, but the court won’t hear protests of issuance or proposed issuance of orders. This was relating to an IDIQ contract.

Tom Temin: So that provision that they could not protest comes from the Federal Acquisition Streamlining Act that’s of long standing here.

Dan Ramish: That’s right. And so the court was actually willing to entertain at the trial level the idea that this company had standing to protest, but they said, ‘Oh, wait a minute, this is under a task order.’ And so the FASA task order protest bar applies.

Tom Temin: Alright. So what happened next?

Dan Ramish: So next, Percipient appealed to the Federal Circuit Court of Appeals. And on appeal, the two major issues were first, this FASA task order protest bar, whether Precipient’s protest was in connection with the issuance of proposed issuance of a task or delivery order, and then also whether Precipient had statutory standing to bring the protest when it wasn’t an actual or prospective bidder on the contract. Precipient admitted that they couldn’t meet the entire requirement.

Tom Temin: Right. So what did that court decide?

Dan Ramish: So this was a split decision Tom with a two-judge majority and one judge that was dissenting, and the majority found that the FASA task order protest bar did not apply and that Precipient was an interested party withstanding to protest under the specific facts of this case relating to the commercial products and services preference. So on the first issue, the FASA task order protest bar, the majority held the Percipient’s protest was not in connection with the issuance or proposed issuance of a task or delivery order. And Precipient’s complaint didn’t ask the court to set aside CACI’s task order. Instead, they were saying, ‘Hey, you government NDAA should require CACI to look at our product and use it under the task order, but they weren’t trying to invalidate or challenge the task order itself. So the majority was convinced by this argument that wasn’t relating to the issuance were proposed issuance of task order.

Tom Temin: Right, a fine line there, basically, that they drew.

Dan Ramish: Exactly. And the dissenting judge totally disagreed with that and said that it went against the court’s precedent in a case called SRA International that really broadly precluded all protests that relate to work performed under a task order, and that this in connection with language is very broad, whereas the majority said, ‘Hey, if there didn’t need to be an issuance or proposed issuance was being challenged, then those words would have no meaning in the statute.’ So there was a real disagreement between the majority and the dissent on that point.

Tom Temin: We’re speaking with Dan Ramish, a procurement attorney with Haynes Boone. So how does the thing stand at this point then?

Dan Ramish: So the second issue, the majority and the dissent also disagreed as far as standing. So only an interested party has standing to bring a protest and the term interested party is defined in the Competition in Contracting Act for GAO protests. But the comparative statute for the Court of Federal Claims doesn’t include a definition. And so there’s case law from the Federal Circuit that applies the GAO CICA standard to the Court of Federal Claims. But here, the majority looked at that standard and said, ‘It wasn’t really appropriate to apply under these circumstances because the protester was bringing a challenge that wouldn’t be viable under CICA. They were challenging a stand-alone violation of law or regulation without challenging a solicitation or an award or proposed award of a contract.

Tom Temin: Right. So CICA by the way is Competition in Contracting Act. So therefore, what’s the end result here for Precipient? Are they done here?

Dan Ramish: No. So the majority said it was appropriate to create a new, broader test specific to these circumstances. And they also looked at the particular statute for statutory preferences for commercial products and services and said, ‘Hey, under these circumstances, the prime contractor has no incentive to look seriously at subcontractors providing commercial products and services because the alternative often is that they’ll develop their own products.’

Tom Temin: That’s slow and expensive and lots of revenue.

Dan Ramish: Precisely. So a clear conflict of interest on the part of the prime contractor and the majority was persuaded by that and said, you know, ‘unless we have a standard here with a subcontractor can bring protests in these kinds of circumstances, the statutes never going to be given proper effect.’ And so the majority said, ‘We’re a plaintiff invoking only a challenge based on a violation of law without challenging the solicitation or a proposed award of a contract brings a specific challenge under the statutory preference for commercial products or services.’ There’ll be an interested party if there an offer of a commercial product or commercial service that had a substantial chance of being acquired to meet the needs of the agency if the violation hadn’t occurred. That’s a totally new test.

Tom Temin: So that requires then what on the part of the NGA and of CACI if anything at this point?

Dan Ramish: Well, so the majority reversed and remanded the trial court and so the next natural step is that it would go back to the Court of Federal Claims. There is a very real possibility that there will be further action at the Federal Circuit, however, with an en banc review, which means the government is likely to ask for the full appellate court to do a review of this decision and issue a new decision, particularly because the dissenting opinion here said that the majority was misapplying the court’s precedent. And so those are the kinds of circumstances where the full court might consider doing a review. But the dissent also points out, ‘Hey, if this stands, this is going to be a big deal.’ In the dissent’s words, a very important government contracts case. And the dissent was pointing out, ‘Hey, this could lead to a flood of subcontractor protests that the government didn’t properly consider commercial products or services.’

Tom Temin: Every time the government then contracts for development of software, somebody somewhere could say, ‘Wait, I already do that function with my commercial software.’ And it can open a floodgate, basically, is what they’re worried about.

Dan Ramish: Commercial software, professional services, widgets across the board. The dissent is envisioning a new world where every company that offers a commercial product or service, watching the government develop something new or do its own thing without properly considering commercial alternatives could bring a lawsuit. The Court of Federal Claims using this new test.

Tom Temin: So at this point, though, the case is remanded to the Court of Federal Claims, which has to reconsider it basically.

Dan Ramish: Yes, they have to proceed with the protest. But as we say, I think this will be subject to further litigation. But it should stand unless it is overturned en bonk by the full appellate court.

The post What happens when a company that didn’t bid files an award protest? first appeared on Federal News Network.

Complaints are coming from contractors on the General Services Administration’s multiple-award schedule. They say contracting officers are trying to re-negotiate finished contracts and making unreasonable demands for information. For more, the Federal Drive with Tom Temin talked with federal sales and marketing consultant Larry Allen.

Interview transcript 

Tom Temin  And you have found that this is mainly happening in the information technology part of the Unified Schedules program.

Larry Allen That’s right. And at the outset, you know, I’ve worked on the GSA Schedules program for well over 30 years. And we certainly have seen things ebb and flow over that time. But recently, the level of industry discussion on problems, particularly with the IT schedule, has been pointing up close to an all-time high. And it’s time to get these issues out in front of people… get a little disinfecting sunshine on them, if you will, so that we have a program that works better not just for contractors, but for government customers.

Tom Temin Well, what is happening? What are contracting officers actually doing, that the contractors are complaining about?

Larry Allen  They’re doing several things. I think one of the most notable things, Tom, is that there seems to be no end to the amount of data that contracting officers feel that they are entitled to. Papering the record, just one more set of transactional data, and you know, all of that data…everything a contractor submits, it has to be accurate, current and complete. And the more you’re asked to submit, the more, you’ve got to keep track of everything and make sure you’re meeting that standard. And if you’re not, then you are setting yourself up for some future potential audit problems, not to mention the paperwork that you’re having to provide in an endless stream of requests that come. One of the other things that’s happening is — and you alluded to it in the setup — and that is (for) contracts that are already in place, GSA has already negotiated it, the contracting officer has found that to be a fair and reasonable price. Six months (or) a year later, a company comes in and asks for a contract modification. And the contracting officer now uses that as an occasion to reopen negotiations on everything and say, ‘Well, wait a minute, that maybe wasn’t a fair and reasonable price.’ And the contractor is left saying, ‘Well, wait a minute, this is how I’ve been selling. I’ve been doing this for the last year, people enjoy doing business with me this way.’ You know, there’s only so much blood in the turnip that you can give. And that’s an issue too. I think one of the things that every contractor ought to be concerned about as well, Tom is contracting officers asking companies who have their contract set up through GSA’s Transactional Data Reporting pilot, for contractor-based sales information. That’s not supposed to happen at all. And it’s a real danger for me, I think, look, when TDR was set up, I put a blackbox warning out on it on exactly this issue. And since then, things have you know, mitigated a little bit where TDR has proven to be a viable pathway for companies who can’t use the traditional method to get on scheduled. But if we’re getting into a situation where there’s no standard for what constitutes enough data, or how much data because there’s not supposed to be any data in the first place, that is a moment that every TDR contractor should wake up and say, ‘Stop. What’s going on here?’

Tom Temin We’re speaking with Larry Allen, president of Allen Federal Business Partners. I mean, there are legal restrictions on what the government can ask for — correct? — in what are basically totally commercial products. This is not cost plus contracts or development contracts, but simply commercial items available widely.

Larry Allen Right. And I think this is one of the disconnects, Tom. First of all, the Paperwork Reduction Act is a rule that even the schedules program has to adhere to, where the government is only supposed to make reasonable data requests. And in fact, GSA has to go out every so often, and renew its authority to collect data from contractors. Usually, that type of request is rubber stamped at the FAR Council. But right now, I don’t think it should be. It seems like if it just sales through the rulemaking process, then the idea is that whatever we’re asking for is fine, and we’re not asking for anything more than we should be. And that’s manifestly not the case. Ironically, we’re talking about this at a time when GSA is trying to be pro-environment, but there are a lot of trees that are losing their lives to provide the paperwork, the contracting officers want. Are you aware that GSA management is aware of this? And maybe we’ll do something to mitigate it… get some word out to their CEOs? Tom, I think they weren’t aware of it before this, but they’re aware of it now. I know that the schedules program management office is aware of these issues. They’ve already indicated that they want to have discussions with the contracting officer management team at the IT part of GSA. I think that’s a good idea. But I do think it’s going to take some senior level intervention here to say, ‘Hey, look, this program worked best when it’s a partnership. When contractors and GSA work together to serve our common federal customer. This is not a program that works well of contractors have a target on their back.’  And just because you’re doing $20 billions a year today through this program, from the IT schedule doesn’t mean that thus now and forevermore, it shall be. One need look no further, Tom, than the Oasis Plus Program and the fact that Oasis overtook the GSA professional services schedule in terms of sales a couple of years ago. So you can actually kill the goose that lays the golden egg.

Tom Temin All right, well, we’ll keep an eye on that one and see what develops. Especially as you say, there’s a lot of G wax around that people can use alternatively to the to the schedules. Also your reporting that whistleblower lawsuits are reaching companies in greater frequency, especially to help enforce the cybersecurity regime.

Larry Allen That’s right, Tom, we’d forecast when all the cybersecurity rules started coming down, that the primary way that they would be enforced would be through whistleblower cases. And we’re just starting now to get some evidence that that’s actually what’s playing out. We had a whistleblower, this time, blowing the whistle against SAIC alleging that on one of their government contracts, they didn’t fulfill all the cybersecurity duties they were supposed to adhere to. We don’t know whether that’s true or not. But what we can say is that once the allegations were made, the contractor in this case acted in a way that is probably not a best practice. You don’t solely isolate the employee, you don’t take away their rights, you don’t fire them for blowing the whistle. There are FAR rules on that type of stuff. And you can actually make the situation worse for yourself. Because now instead of just having to defend against the cybersecurity allegations, you’ve got a retaliation suit that you’re gonna have to settle as well. So it’s just really full employment for your legal staff.

Tom Temin Yeah. So, what’s your best advice for companies then, besides making sure the cyber procedures are in place that are required to start with?

Larry Allen Well, I think at a basic level, if you have whistle — every company has, on paper anyway, whistleblower protections. Those whistleblower protections actually have to be operational. It’s nice to have them on a piece of paper, it’s nice to have them in a policy document, but they actually have to be lived. And don’t fear the people who blow the whistle. Look if, at a minimum, if you’d listened to the whistleblower in this case, you would have an opportunity to know whether or not the allegations were valid or not. Now you’ve got lawyers involved and the Department of Justice, it’s going to cost you a lot of money, it’s probably going to cost at least one person, their job in the company. And you didn’t need to do it. So, my advice is to relax, work through it, follow the rules that you’re supposed to follow. They’re there for a reason. And they can actually save you some time and aggravation.

Tom Temin I guess that’s our theme today. Stay within your guidelines and your lanes of travel, whether you’re government or industry.

Larry Allen I think that’s a good takeaway. These things exist for a reason and they help make sure that we have a good government market. And that’s really what the outline is. We want to be able to have the business of government run smoothly.

The post GSA contracting officers are driving schedule holders crazy first appeared on Federal News Network.

The Government Accountability Office (GAO) recently reiterated something it has been pointing out for years: The government wastes billions and billions of dollars on duplicative and overlapping activities. The Federal Drive with Tom Temin‘s guest says the GAO overlooked a crucial way to stop the waste, namely shared services. Steve Goodrich is the Chairman of the Shared Services Leadership Coalition.

Interview Transcript: 

Tom Temin  The Government Accountability Office recently reiterated something it’s been pointing out for years. The government wastes billions and billions on duplicative and overlapping activities. My next guest says the GAO overlooked a crucial way to stop the waste, namely, shared services. The chairman of the Shared Services Leadership Coalition, Steve Goodrich, joins me in studio now. Steve, good to have you in.

Steve Goodrich  Thanks, Tom. And thanks for having me.

Tom Temin  And just briefly, tell us about the coalition. You’ve been around for more than last week?

Steve Goodrich  I certainly have. I’ve been around government working on these kinds of reforms for over 40 years. The Shared Services Leadership Coalition was formed to specifically focus on shared services and improving the efficiency and effectiveness of government founded by John Marshall.

Tom Temin  And John is still around.

Steve Goodrich  He’s our president and CEO.

Tom Temin  And the idea of shared services goes back. Well, I mean, there’s the National Finance Center and places like that, that go back generations, really of government, but it was called lines of service, I think.  Lines of business. That’s correct. In the George W. Bush administration as a way when electronic government started really becoming something of a thing, and government was going online. Why do you think there has been not so much progress in expanding shared services?

Steve Goodrich  Lines of business.

Tom Temin  And I would think in some ways, shared services would be more efficient now than in the past. If you take something like the National Finance Center, and its counterparts, these are big buildings with capital expenditure and data centers that have to be updated. It’s expensive to operate. Whereas it could all be in the cloud now, where the government pays for it, it still could be a shared service, but without all the capital infrastructure needed.

Steve Goodrich  There needs to be a real focus on building the infrastructure required to get there. There’s nobody in charge. There’s nothing statutory about shared services. And it needs to be brought together. I mean, it really started with a push in the Reagan administration. But every administration has had it, it’s been part of the President’s management agenda in the past, but it hasn’t quite gotten legs yet. Because it is an investment and a transition that has to take place. Well, not only in the cloud, but you have a real opportunity to reduce the number of platforms around government. And with the advent of generational AI, bots, the advanced technologies that are out there, there’s tremendous opportunity for cost savings, efficiency and effectiveness with shared services.

Tom Temin  Now, some agencies do share services, and you’ve got some examples of where it’s working and the savings have been documented.

Steve Goodrich  Oh, sure, absolutely. So if you look at NASA, for example, they’ve saved over $200 million in putting together a shared service. They actually borrowed about $40 million to put it together and paid that back within just several years. You know, almost 90% of large corporations in the private sector are doing shared services now. You know, Johnson and Johnson has saved, with only 150,000 employees, has saved almost $2 billion now.

Tom Temin  That’s a lot of shampoo.

Steve Goodrich  That’s an awful lot of shampoo. You’re absolutely right. So there’s great opportunity for government to do this right.

Tom Temin  And if you look at NASA, what services do they share, and with whom? Or is it among the centers of NASA that had been duplicating the same thing?

Steve Goodrich  Well, NASA is primarily within the walls of NASA. So they’re doing HR and IT and finance and and those kinds of things. You also have, you mentioned NFC, which is external, if you will, in the Interior Business Center, supporting other agencies, PSC at HHS, Arc at Treasury. You have a number of them. They haven’t all yet been required to measure their performance, and that’s absolutely a critical element. You know, Commerce has enterprise services, you know, DoD has defense. So we’ve made, for example, with payroll, you know, back in the early 2000s, when it was reduced from 26 payroll centers to four, over $1.6 billion was saved in doing that. And it’s not just about the money, it’s real opportunity to consolidate and reduce the number of technology platforms we have.

Tom Temin  We’re speaking with Steve Goodrich. He is chairman of the Shared Services Leadership Coalition. And it’s not like this is totally unfamiliar to government in the larger sense. I’m thinking of the Bureau of the Fiscal Service. Otherwise, you’d have every agency with a checking account. But no matter who you have been paid for in the government, your check says Treasury.

Steve Goodrich  Your check all comes through Treasury. Payroll comes through four centers. So whether you’re talking HR procurement, IT services, financial services, imagine consolidating and reducing the number of platforms the number of resources required and getting better service. As we all know, this government is overspending and constantly. Now, I get it. No Congressman has ever gotten elected saying, I’m for shared services. That just doesn’t get votes. It’s not the sexy stuff. But the opportunity to increase government performance, serve the mission of agencies and save a heck of a lot of money is there.

Tom Temin  Well, that’s right, too, and even though it’s not a subject of interest in the parades and the speeches back home, Congress nevertheless deals with thousands of such items as it is. Nobody back home on the congressional trail of reelection would be excited by 99% of what’s in the defense authorization bill, for example. All those 800-series provisions on procurement, yet Congress does those. So it seems like they could take on shared services, even though it’s not exciting, because of their track record with a thousand other things that aren’t exciting.

Steve Goodrich  They could, and you know, Congress is very good at looking at individual agency budgets. They’re not very good at looking cross-government. And that’s where we need to focus them. That’s where we need some statutory requirements to get there. And that’s where we need a person, an individual with the accountability and responsibility and authority to make this happen across government. Those are the things that are missing.

Tom Temin  And what would a statute cause to happen, do you think?

Steve Goodrich  Well, one, it’ll make it mandatory, because as I said, it’s not a mandatory factor now. Two, it’ll provide the resources necessary to make the transition from here to there. And, like anything else, an investment is required. But we need to do the analysis. We need to put the business model together. And we need to identify what the ROI is, and demonstrate to the government that is possible.

Tom Temin  Because mandatory is easy to say, but what exactly would be mandatory? Payroll? Or, I mean, we’d have to specify what services need to be shared, and among whom, wouldn’t it?

Steve Goodrich  We do, and I don’t think we boil the ocean. You know, I think we establish shared service for a clear definition of what it is, making it mandatory. And then let’s start with one, develop the business model, make the adjustments that are necessary, and then start migrating that model from line of business to line of business.

Tom Temin  And is there one particular service that you think is particularly ripe for being the guinea pig?

Steve Goodrich  Well, I think there’s a number of them that are ripe, you know. Procurement would work, you can do something small, like travel management. HR is the one a lot of people go to, but it’s very complex. I think we should be working on that. And there are folks like at OPM who are working on building the foundations out for the marketplace, the standards, things like that are getting there, as well as for, you know, grants is another possibility, to really push on grants. Again, you don’t want to boil the ocean, because you want to get this right. And make sure, you know, in Washington, you know, our memory fades after a number of years. We need to keep it in the limelight. And our policy recommendation is to establish a role in GSA at the commissioner level, to have the authority to pull this off and make it happen.

Tom Temin  Because they used to have GSA consolidating all of the information technology procurement. And if you wanted to do it as an agency, you had to get that delegation.

Steve Goodrich  Correct.

Tom Temin  So that went away, I think, when the Brooks Act was repealed.

Steve Goodrich  Yeah, you know, it happens in different ways, because agencies still have the focus and the authority to do what they want, when they want to do it. And so, you know, GSA can come out with a new, great, really efficient procurement vehicle, and agencies can choose to use it or not. Okay. And that’s part of the mandatory part. But there has to be a migration, and this is a 10 to 15 year migration to make it work.

Tom Temin  Are there any members that are sympathetic that you kind of leverage into the rest of Congress?

Steve Goodrich  Well, I think the oversight committees in both Houses are interested in this, as well as, you know, appropriations and budget. They want to figure out how to use shared services to create the efficiencies. And, you know, the TMF, the Technology Modernization Fund, allows for shared services, in fact, specifically states that will support shared services. It hasn’t to date, but there’s real opportunity, because the investment for this isn’t just Congress appropriating funds, and absolutely getting a return. You do have TMF. You do have the savings by not investing in all the many systems that the agencies are asking for right now. Give them the band-aids and paperclips right now, but pull money from existing opportunities in the budget. You know, the TMF and other areas, even customers can help support this and it won’t cost a whole heck of a lot and there is a return.

Tom Temin  Steve Goodrich is chairman of the Shared Services Leadership Coalition. Thanks so much for joining me.

Steve Goodrich  You’re welcome.

Tom Temin  We’ll post this interview along with a link to more information at federalnewsnetwork.com/federaldrive. Subscribe to the federal drive wherever you get your podcasts.

The post Why the government should use more shared services to reduce costs first appeared on Federal News Network.

The committee today voted to approve a bill from Rep. Carlos Gimenez (R-Fl.), “Decoupling from Foreign Adversarial Battery Dependence Act.” The bill would block DHS from procuring batteries from six Chinese companies over concerns about human rights abuses, as well as supply chain and cybersecurity concerns.

Under the legislation, the ban would begin on Oct. 1, 2027.

During today’s markup, Gimenez said he had engaged with DHS in developing the legislation over the past two months. “The committee incorporated nearly all of DHS’s inputs,” he said.

Gimenez also said he was expecting a report from DHS within the coming months describing the potential impacts of the proposed ban.

Under the bill, DHS would be able to waive the prohibition if it determines the battery purchases don’t pose a national security risk. DHS would also be able to issue a waiver if there are no viable alternatives.

The latest push targeting major Chinese battery manufacturers comes after the fiscal 2024 defense authorization act included a corresponding ban on the Defense Department buying batteries from the same six companies. The DoD ban will also go into effect on Oct. 1, 2027.

That law, however, gives the Pentagon the ability to waive the limitation for any reason.

TSA commuting legislation

The homeland security committee today also unanimously passed legislation that would explore better compensating Transportation Security Committee employees for the time they spend commuting to the job.

The “TSA Commuting Fairness Act,” introduced by Rep. Tim Kennedy (D-N.Y.), would require TSA to conduct a feasibility study on allowing employees to clock in for work when they arrive at airport parking lots or bus and transit stops. The study would evaluate whether such a program could rely on location data from employees’ phones.

“Doing so would reduce commuting costs and improve quality of life for employees while allowing TSA leadership to manage the workforce appropriately and maintain order and discipline,” Kennedy said during today’s mark-up.

Kennedy referenced how TSA employees typically have to navigate a lengthy secondary commute between airport parking lots and their assigned airport checkpoints. Many have to wait for bus or light rail connections, or they have to walk to the from the lot to the airport. “And if these hardworking Americans are just a few minutes late to clock in, they can face discipline and punishment,” he added.

“This study will help both TSA and Congress gain insight into ways to address these challenges and the potential costs and benefits of pursuing an innovative program along these lines,” Kennedy said.

Digital identity report

The committee also unanimously approved a bill introduced by Rep. Clay Higgins that would require TSA to submit a report on the current state of “digital identity” ecosystems, as well as the value of digital IDs in the transportation sector.

Higgins said he supports TSA’s digital ID initiatives. “It’s also important that we understand the full extent of the risks and benefits of utilizing this technology to advance the agency’s homeland security mission,” he added.

“Using a digital ID is not only more convenient, but also better for ensuring privacy protection as opposed to using conventional physical IDs,” Higgins said. “Digital IDs do not need to be handled by a [transportation security officer].”

TSA has started accepting digital IDs, such as mobile drivers licenses that are stored in a mobile phone’s electronic wallet, at some airport checkpoints. The agency this week announced it would begin accepting New York state-issued mobile drivers licenses at select airports. The announcement brings TSA’s digital ID initiative to nine states and 28 airports so far.

TSA’s work has represented a primary pathfinder in the federal government’s acceptance of digital IDs. Meanwhile, the National Institute of Standards and Technology is considering including mobile drivers licenses and other digital credentials in its revised digital identity guidelines.

The post Lawmakers advance DHS bills to ban Chinese batteries, help TSAers with commute first appeared on Federal News Network.

The Grants Quality Service Management Office over the last year helped several micro agencies buy award management services.

This pilot was part of how the QSMO is crawling before it tries to walk or run with larger agencies.

Andrea Sampanis, the acting director of the Grants Quality Service Management Office in the Department of Health and Human Services, said the procurement pilots with AmeriCorps, the Inter-American Foundation and the Northern Border Regional Commission opened the door to bigger possibilities to modernize federal grant services.

“We worked with them to explore the vendors on our Catalog of Market Research, making sure they were ready to meet their needs and helping to support them through the procurement process,” Sampanis said on Ask the CIO. “IAF and NBRC are live, on target and on budget, which is not an easy thing to do. AmeriCorps is expected to go live this fall. Huge kudos to these three agencies, as they were prepared to be good customers, willing to accept the system as-is and supported by great leaders in their chief information officer and chief procurement offices.  Their grants teams came together to support a great vendor product from our Catalog of Market Research.”

While the AmeriCorps, the Inter-American Foundation and the Northern Border Regional Commission are considered micro agencies, the amount of money each of them awards through grants is anything but small. Sampanis said the AmeriCorps is more like a medium-sized agency when looking at the amount of money it awards through grants. In fiscal 2024, for example, the agency expects to award $577 million in grants.

The Inter-American Foundation and NBRC are much smaller with IAF, awarding about $145 million and about $50 million in grants, respectively.

Grants QSMO aims to speed acquisition

While these three agencies don’t reach the billions HHS or the Education Department or the NASA hand out, Sampanis said demonstrating how the procurement assistance pilot works opens the door to improve and expand the QSMO’s efforts.

The QSMO marketplace current has approved seven grants management system providers and is in the middle of conducting market research to expand its services.

“We have one quote that says having access to Grants QSMO market research puts you 1,000 steps ahead in your procurement. It’s our goal to speed up the acquisition process and give agencies more buying confidence as they are pursuing a vendor on our catalog.  The vendors on our catalog are selected to support meeting grants standards and align to 2CFR 200 requirements,” Sampanis said. “It just lets them really focus their attention on a fewer number of providers to really say, ‘Hey, this solution is purpose built for grants. It’s an award management solution that is software-as-a-service and very configurable.’ It should feel easy. They don’t have to go and renegotiate a contract.”

The QSMO also works with the agency’s CIO and security leadership, helps develop performance work statements and serves as advisors during the entire acquisition phase.

“I always encourage agencies to meet with all the vendors on our Catalog of Market Research to understand what’s out there and share their specific needs. I think they learn a lot about themselves by talking to the vendors,” Sampanis said. “I helped them all the way through the pilot because I’m learning a lot. Every time I hear a contracting officer ask a new question, I think, ‘hey, that’s something I need in my catalog because that’s true.’ I always say our goal is to speed up an agency’s acquisition and give them buying confidence.”

HHS has led the Grants QSMO since January 2021 and has been building its services over the last few years.

With the Office of Management and Budget finalizing the update to the governmentwide grants guidance under 2 CFR earlier this year, standardizing certain key areas like notices of funding opportunities and overall trying to expand access to more than $1.2 trillion in grants and cooperative assistance agencies pay out each year, Sampanis said the QSMO is ready to expand its services and offerings.

Two common drivers of grants modernization

Having that baseline understanding and confidence in the marketplace is a key factor in success, said Wagish Bhartiya, the chief growth officer for REI Systems, which helps agencies modernize their grant systems.

Bhartiya said there are two basic drivers of grant modernization. The first is budget and second is technology.

“There has been a greater focus on budget and how much of our budget goes towards grant funding and how that funding is being deployed? How much of that is serving management processes, some of the overhead aspects of grant management, which will exist inherently, versus how much should be deployed into the community? That analysis, I think, is getting more acute,” he said. “The technology itself has evolved and shipped in a way that, I think, is much more possible now to be thoughtful about performance and mission. The technology is enabling some of this some of these questions to be asked because we now have the potential and the power to look at it for the first time.”

These two big trends are part of how grants providers are shifting their mindsets away from being so compliance focused to spending more time and money on measuring and ensuring outcomes.

“There’s all these dollars flowing through our grant programs so we need to start to think just as much about the downside, protecting from a compliance and a risk mitigation perspective, as the upside into the mission impact in terms of what are the tangible and successful outcomes,” Bhartiya said. “The other big theme is customer experience and user experience, and now the grantee experience.”

He said this updated point of view is part of why many grant providers are more willing to change today than ever before. He said this means the singularity of the way grants management worked over the last few decades is going away.

“Every grant program thinks they’re a snowflake and they think they’re special or unique and actually bespoke. But when you zoom out, you see that actually 85% of what a grant making agency does is essentially the same in the core lifecycle design,” he said. “Convincing them that they don’t need to make everything bespoke and tailored to the Nth degree because they can leverage best practices, use what’s worked for other agencies because there’s a chance to reduce the burden on their staff and on the recipient community is part of the challenge.”

Bhartiya added that the benefits of an end-to-end system, that’s in the cloud are becoming more clear to agencies.

The post Grants procurement pilots demonstrate speed to modernization first appeared on Federal News Network.

• 62-year-old Robert Burke, a retired four-star admiral, is facing up to 30 years in prison for an alleged scheme to steer a government contract to a company in exchange for future employment. Burke, who served as the vice chief of naval operations from 2019 to 2020, has been arrested and charged with four felony counts, including bribery and conspiracy to commit bribery. He is also charged with performing acts affecting a personal financial interest and concealing material facts from the United States. Burke made his initial court appearance on Friday in Miami.
  (Former vice chief of naval operations accused of bribery - DoJ)
• The Nuclear Regulatory Commission (NRC) did not have to look far to find its new CIO, as it tapped Scott Flanders, the acting chief information officer since January, to take on the permanent job. His first day is today. Flanders, who has been the deputy CIO for the previous several years, will replace Dave Nelson, who retired at the end of January after eight years. Flanders has been with the NRC since 1991. Before joining the CIO's office, Flanders led the Division of Site Safety and Environmental Analysis in the then Office of New Reactors. The NRC's IT budget for 2024 is $170 million and the agency requested $190 million for 2025.
  (NRC hires acting CIO Flanders into permanent role - NRC News)
• The intelligence community has updated its technology plans, with a new information technology roadmap released last week, which indicates that the IC will embrace multiple cloud computing environments. But the document acknowledges that the IC’s efforts to tailor different cloud capabilities are still complex and nascent. The roadmap also commits to adopting DevSecOps software practices, enterprise data architectures, and artificial intelligence at scale. Intelligence officials said spy agencies need to quickly adopt emerging IT capabilities to stay ahead of U.S. adversaries.
  (ODNI releases IC information technology roadmap - ODNI)
• The Department of Health and Human Services is getting a head start on pooled hiring. HHS’s “hire now” platform, lets hiring managers view both internal agency applicants and governmentwide ones at the same time. Through that portal, HHS has hired about 900 candidates. Another 800 or so hires are currently making their way through the process. “It’s helping to bring in that acquisition workforce, that IT workforce of the future — it’s to ensure that we’re creating opportunities and really helping to attract that talent to public service writ large in addition to our own specific mission,” said Bob Leavitt, the chief human capital officer at HHS. About 11% of all HHS hires come from shared certificates.
  (Interview with HHS on recruitment and retention - Federal News Network)
• The Pentagon’s Chief Digital and Artificial Intelligence Office plans to bring in more vendors to further the department’s Combined Joint All Domain Command and Control (CJADC2) effort. The Defense Department is opening its doors to more companies as part of a new initiative called the Open Data and Applications Government-owned Interoperable Repositories. The initiative will allow the department to integrate industry solutions in a way where the DoD retains ownership of its data while letting companies develop applications using that data. The Pentagon will initially use this ecosystem to scale its data infrastructure, interoperability, artificial intelligence and analytics capabilities in support of the CJADC2 initiative.
  (CDAO will integrate more vendors through Open DAGIR initiative - Federal News Network)
• Agency program managers have some new best practices to protect their programs from fraud and abuse. A new report from the Pandemic Responsibility and Accountability Committee (PRAC), said agencies that took three broad steps, such as preparing for an emergency by maintaining a crisis-ready staff, were better prepared to limit improper payments during the COVID-19 emergency. The PRAC said developing strong internal controls, that include validating self-certifying criteria and implementing a risk-based monitoring approach, were among the other traits of successful programs. The PRAC report details resources, reports, and other documents agencies can refer to as they further develop their funding programs.
  (Pandemic lessons agencies can use to protect programs from fraud - Pandemic Response Accountability Committee)
• The Federal Housing Administration is the latest agency to issue cybersecurity reporting rules. FHA is requiring lenders of mortgages to report cyber incidents to the Department of Housing and Urban Development within 12 hours of detection. FHA’s rule joins a growing set of federal cyber incident reporting regulations, including new rules from the Cybersecurity and Infrastructure Security Agency that will require reporting across all 16 critical infrastructure sectors.
  (FHA: New cybersecurity incident reporting requirements effective immediately - FHA)
• Participants in the Thrift Savings Plan will now see a speedier withdrawal process in the TSP’s “My Account” online platform. After requesting a withdrawal from their TSP account, users no longer have to wait 30 days to request a second withdrawal. The Federal Retirement Thrift Investment Board said removing the 30-day waiting period should give participants more flexibility in how they manage their accounts.
  (No 30-day waiting period between withdrawal requests - Thrift Savings Plan)

The post Retired four-star admiral faces 30 years in prison on bribery charges first appeared on Federal News Network.

The Navy isn’t the only military service that struggles with big shipbuilding programs. Two of the Coast Guard’s biggest programs — the Offshore Patrol Cutter and the Polar Security Cutter — are years behind schedule and billions of dollars over budget. The Government Accountability Office (GAO) says those cost and schedule increases are signs of broader management and oversight problems. For more on the Federal Drive with Tom Temin, Federal News Networks Host of On DoD, Jared Serbu talked with Shelby Oakley, GAO’s Director for Contracting and National Security Issues.

Interview Transcript: 

Jared Serbu I think it’s fair to say the Coast Guard has really had major struggles over the years with these major acquisition programs. I know your recent testimony was focused really on just a couple of those, the offshore patrol cutter and the polar security cutter. So what did those programs sort of tell us about the state of play in major shipbuilding programs across the Coast Guard, and how much things have improved or not over the years?

Shelby Oakley Yeah, unfortunately, I think with OPC (Offshore Patrol Cutter) and PSC (Polar Security Cutter), they are kind of indicative of the things that we’ve seen as struggles for Coast Guard shipbuilding, but also Navy shipbuilding over the years. Just major challenges with achieving stable designs to support actually beginning construction, and what that often results in is rework and delays and that kind of thing. And I think, OPC and PSC are delayed four and five years respectively, are now 11 billion and at least $2 billion over budget. So these outcomes are just a bit of a challenge, especially for an organization like Coast Guard with such a small budget for acquisitions.

Jared Serbu Yeah. And you talk about concurrency in the testimony, is that really the main issue here, moving ahead into later phases of the program before you really have a clear picture of what you’re doing?

Shelby Oakley It’s a huge issue. We’ve done a lot of work over the years on commercial shipbuilding. And the outcomes that commercial shipbuilders achieve are nothing like we see in the Coast Guard and the Navy. They are on time and on budget. And it’s not kind of a question. And the common things that we see them do, or what we call leading practices for shipbuilding and ship design, and one of the main parameters is they just don’t move forward until they’re, key elements of their design are matured. This is like structural layouts, where the equipment’s going to go. All sorts of things like that need to be figured out before you move forward and start cutting steel or bending metal, as they say, because any changes at that point really result in reverberating bad effects. And we saw that on PSC. They had designed the height of the deck, for one of the lower decks of the ship incorrectly. And that had reverberating design change impacts throughout the ship. Had they have begun constructing that ship, at this point, we would have been in big trouble. But at least they’re just focused on redesigning those aspects at this point.

Jared Serbu You mentioned the agency size issue earlier, and that’s kind of where my head goes sometimes when I think about the Coast Guard challenges relatively small agency doing incredibly complex engineering and acquisition work. But then I remind myself, well, the Navy has an entire command that’s, I think, bigger than the whole Coast Guard that does this stuff. And they face many of the same issues. So is there just something inherent to naval shipbuilding or is this really all process improvement stuff?

Shelby Oakley Yeah. I think one of the key differences that we see, between like government shipbuilding and commercial shipbuilding is this issue of lack of discipline. And this is sometimes driven by, the industrial base. So with commercial shipbuilding they have a ship lined up right after one another. So they have to keep those ships moving through the shipyards, otherwise there’s severe financial ramifications for those companies. That’s just not what we see in government shipbuilding. And government shipbuilding, they’re allowed to proceed with design, with construction too early. Any challenges that we run into, we end up just throwing more money at these programs. There’s been a lack of incentive in the industrial base because of kind of fits and starts of demand signal from the Navy and the Coast Guard. And so there’s a lack of incentive to do and key investments, in technology or processes that could improve their performance in design and construction. And so there is something about government shipbuilding that’s a little bit different. But if you look at the practices that we outline, there really just kind of common sense, they’re not shocking to anybody. They’re like logical and disciplined approaches that anybody would apply to their own life if you were buying a house or designing a pool.

Jared Serbu One of the things in in your testimony that was striking to me, as you talk about these very long periods between milestone events, which are, I guess, the triggers that are designed to get senior leaders to really review a program in depth and make course corrections if they need to. They’re like 4 or 5 years apart on these programs, like how big a role does that play in letting these things kind of spin out of control?

Shelby Oakley Well, it’s the early warning signal. If you don’t have a milestone for several years, you’re not tracking anything. You’re not tracking delays to that. So it doesn’t trigger this oversight review from Coast Guard officials or even DHS officials to be able to say, hey, wait, we’re heading in the wrong direction or things aren’t going so great, maybe we need to figure it out. And so we’ve made a number of recommendations over the years for the Coast Guard to add milestones to their acquisition baselines, so that there can be closer tracking of that progress to give a sense of how well the program is doing.

Jared Serbu These two programs that we were talking about, specifically the OPC and the PSC. They’re pretty far down the line at this point. On those programs specifically, to what extent is the diet kind of cast by past decisions that have been made? And how much can they specifically do to improve on these two?

Shelby Oakley Yeah. So I think there’s two separate answers there. So OPC as you know, has two stages. OPC stage one with just the first four ships are already underway and construction. OPC stage two is planning to start construction in September. And so we would suggest that the Coast Guard has an opportunity to make sure that the design of OPC stage two is matured sufficiently to be able to justify moving forward with that construction decision. And so if they do that, that could put them on a better path for OPC stage two. After those first 15 ships, the Coast Guard’s intending to buy 25 ships total. We think for that next ten, there’s an opportunity to really rethink how we’re going about building these ships and driving more of these commercial practices into their approaches for that. So we think that there will be an opportunity in the long run for this program to make some changes. With regard to PSC, they plan to start construction by the end of the year. And we made a recommendation that they ensure that their design is mature and they understand how everything’s working before they move forward with that. They concurred. But we have yet to have, confidence that they will actually ensure that the design is mature before they move forward. If they don’t, it’s going to lead to a lot of risky decisions and a lot of risky, risky outcomes that hopefully the Coast Guard at that point would more closely manage and ensure that we’re executing that program to the best extent possible, given the risk that we’ve accepted by moving forward.

Jared Serbu As you mentioned, these leading practices have been down on paper since 2009. Still not much evidence of them showing up in programs. Is this something Congress should consider getting involved in?

Shelby Oakley Yeah. So, we did our first tranche of work in 2009. And Congress has taken some action, specifically with regard to Navy programs, in requiring certain aspects of those leading practices. We have some matters for congressional consideration out there for Coast Guard programs that we’re hoping that the Congress takes a good look at, especially in light of our most recent report that we updated those practices, this spring. There are a lot of similarities, but some new nuances given ten years, ten plus years of advancements in technology that these commercial shipbuilders all around the world are really employing to a great extent and to great success.

Jared Serbu I did want to ask you one more question about the comparison between commercial and military. It seems like it wouldn’t be that easy for government work to just get plugged into one of these commercial shipyards that doesn’t already do much government work. That’s one of the issues here, you sort of do need people with government experience?

Shelby Oakley Yeah. I think we’ve seen on the, OPC and PSC that the shipbuilders have a lack of experience in government contracting. And that has led to some of the problems. They don’t have the systems or capacities available that a lot of these major shipbuilders have that are consistently in this kind of government space. And so with the commercial practices, we’re not necessarily saying go to commercial yards and have those ships built there. What we’re saying is these builders that work for the government, that’s their primary business, need to begin thinking about those practices that commercial builders use and how they could apply them in the government space to achieve better outcomes. And the DoD and the Coast Guard play a role in incentivizing them to do that, and requiring them to do that.

The post Coast Guard still struggling with major acquisition programs first appeared on Federal News Network.

Sometimes federal procurements don’t go according to the rules. Sometimes its worse, when bribes and kickbacks come into play. That’s what the Justice Department’s Procurement Collusion Strike Force tries to discover and prosecute. Now the strike force is expanding, with four new members. For details, the Federal Drive with Tom Temin spoke with the Dan Glad, the director of the Strike Force.

Interview Transcript: 

Tom Temin And just briefly review the task, the strike force, what it does and what its scope is and where it fits in the hierarchy of oversight here in the government.

Dan Glad Sure. The term collusion strike force, which is a mouthful. So, I’ll call it the PCSF or the strike force. That is the Department of Justice’s coordinated national and inter-agency response to anti-trust crimes and other related fraud schemes that impact government procurement, grant, and program funding at all levels of government, federal, state, and local. And we’ve been around since late 2019. And our mission is really two pronged. One is to enhance deterrence, trying to stop these schemes before they happen. And we do that through education, outreach, and training to both federal agents who investigate these crimes and procurement officers at all levels who are in the position to spot them. And then when deterrence fails and deterrence fails, men are no angels. We look to amplify the detection, investigation, and prosecution of these schemes. I think you asked, Tom, sort of sort of like what we actually do. I’ll tell you what I call our lane. And it’s really we use all the tools in the statutory toolbox, all the parts of the Criminal Code to go after any criminal conduct that distorts, perverts, subverts the competitive procurement process. When the government is going out into the market to buy stuff.

Tom Temin And how do you find out about the fallen angels? Is it mostly whistleblowers?

Dan Glad Whistleblowers are certainly part of the mix. It’s really a combination. We certainly will have whistleblowers who come in and who spot something. The Antitrust Division, which is the part of the Department of Justice I come from, has a long-standing policy of its leniency policy, which is essentially become a cooperator. Tell us about the crimes that you did. And if you do fully cooperate, you’ll get a benefit. The public, we rely on the public to send us tips and leads, and we have a public facing website where members of the public can submit information. Our federal agents and investigators are well positioned to using either confidential sources or just the things they see to refer these matters to us. And then finally, I think I would be remiss if I didn’t mention the people who are really there the procurement officers, the contracting officers, the people in government whose day-to-day job is buying stuff. They are able to spot the indicators, the red flags of these collusive schemes and report them. They often know something’s wrong, even if they can’t put a term on it. And so that’s part of our outreach mission. And since we were founded, we’ve reached more than 31,000 government employees as part of this outreach. That’s 31,000 sets of eyes.

Tom Temin And since 2019, how busy has the strike force been? How many cases have you actually come together and gone after?

Dan Glad We’ve been busy. Since 2019, we’ve opened more than 100 criminal investigations. We have prosecuted to conviction. So, either at trial or through a guilty plea, more than 50 individuals and companies and of our public matter, some cases that are filed. This touches on more than $500 million of government spending. And I will say, I think it’s just the tip of the iceberg.

Tom Temin Well, that was my question. And by the way, we’re speaking with Dan Glad he is director of the Procurement Collusion Strike Force at the Justice Department and the Antitrust Division. I mean, the federal procurement system in the United States is in many ways the gold standard for the world. And most people that participate believe that it’s fundamentally honest. It’s not like India or Russia where bribery and corruption is the norm. Are we still in that place? And these are still exceptions because you say it occurs a lot. Collusion and so forth.

Dan Glad They are exceptions. Federal government procurement is fundamentally sound. The majority of federal government procurement is not a set and attacked by bid rigging, price fixing and fraud schemes. But I think about it in the way it’s the law of large numbers. There’s so much federal procurement that even a fractional loss is substantial. Tom, there’s one study I’m aware of from an international NGO called the organization for Economic Co-operation and Development, or the OECD. And what the OECD tried to do is assess how much money is lost from bid rigging, price fixing and other collusive schemes at the outset from government spending. They looked at all governments around the world, and their assessment is that it’s 20%, that there was a 20% collusion tax imposed by criminal conspiracies on government spending around the world, and the US is probably right there in the middle of that 20% number as a whole. I would say there are parts of the United States that may be higher. Tom, I mentioned before we started talking today that my hometown of Chicago and I worked as the assistant inspector general for the city of Chicago before coming to the Department of Justice. And I can say based on my experience, I think my hometown, though I love it, is likely overperforming that 20% number. There’s another way to think about it. There’s this great quote from a recent 11th Circuit case where the judge opened the opinion by saying, and this is a quote like bears to honey. White collar criminals are drawn to billion-dollar government programs. And that’s true. And I’ll tell you the last way I think about, and I’ve mentioned this because it’s very recent, the GAO, the Government Accountability Office just put out a report where they were trying to estimate they were trying to answer this question. Tom, what is the cost of fraud across the government? And they came up with a numerical figure that’s quite broad, 233 billion to 521 billion every year. And what really stuck with me was the way they contextualized it. They said that if fraud were a government agency, it would be the sixth largest government agency in the United States if there were a U.S. Department of Fraud.

Tom Temin All right. Well, we could probably discuss that philosophically for hours. Let’s get to the operation of the task force. You’ve added new members. Who are they? And what does it mean when a new members added what’s incumbent upon them?

Dan Glad Maybe I took a step back, Tom, and explain sort of our structure. Our strike force includes federal prosecutors. So that’s folks from the Antitrust Division, and we’re now up to 25 US attorney’s offices. So those are the federal prosecutors who sit in cities and districts around the country. We have 12 national law enforcement partners. So, it’s 11 offices of inspector general at the federal level and the FBI. And so, we work together on that two-prong mission set. I’m really happy that we recently welcomed another office of inspector general, the US Department of Commerce, that is now one of our national partners, as well as three new US attorney’s offices to our collective effort. And that’s the District of New Jersey, the District of Alaska, and the Eastern District of Louisiana, which is headquartered in New Orleans. And they will be joining our existing collective effort and also doing environmental scans and being on the lookout and thinking strategically about what’s happening in the commerce world and also in those geographies and on commerce. The U.S. Department of Commerce is embarking on some pretty significant spending. Its second largest spending program in the history of the department is the Bipartisan Infrastructure Law, its number one spot program of all time since its existence is the Chips act. And those are two very recent spending bills.

Tom Temin And by the way, do you also look at state and local level corruption when that happens? Because sometimes the states and the cities don’t have the resources the federal government has.

Dan Glad Absolutely. Some of the core antitrust offenses bid rigging, price fixing, market allocation, criminal monopolization, those are federal offenses wherever they occur at any point in the market, private and public and within the public, which is really where I focus my efforts and my thinking local, state and federal. And we do rely on and work with our partners at that local and state level to uncover, investigate and prosecute crimes that are going after their funding. Relatedly, so much of the funding that comes in to the local and state governments is in whole or in part coming from the federal government. So, the federal government has a very vested interest in making sure that the programs have integrity.

Tom Temin Sure. And just any recent cases that come to mind that kind of stand out for you?

Dan Glad Yeah. Tom, very recently in the month of May, we had a guilty plea in our Idaho fire investigation. There. We indicted two executives with fraud and rigging bids that were submitted to the US Forest service for contracts to provide critical supplies used to fight forest fires. And this was after an investigation that involved court authorized wiretaps. And earlier this month, one of those executives pleaded guilty. Now, what happened here, Thomas? For at least eight years, two executives who were supposed to be competing were not. They conspired to rig bids. They conspired to allocate territories. And this is offering a crucial service that helps U.S. government fight fires in the Rocky Mountain region. And over time, the conspiracy evolved. And they inspired these competitors or anything but competitors. These executives conspired to monopolize the market and they conspired to push other people out. And I’ll say Tom, the evidence here was just really compelling. The executives would text each other talking about how they were going to, quote, squeeze, drown, punch, or lowball their competitors. The wiretap evidence where our federal agents were able to listen in real time due to a court order to the conspirators talking. We were able to hear the executives, and this is all, as alleged in the indictment, conspire about their upcoming bids, about what they would tell the FBI agent. So, the FBI came knocking and how they would hide their conduct. And this really gets to sort of why we do what we do. The U.S. Forest Service relies on a fair bidding process to secure the best deal at the best price for taxpayers. And when people like these executives as allegedly indictment, collude rather than compete, they wronged the public. And more than that time, they are wrong honest competitors who play by the rules. And are doing things fair and square.

Tom Temin Finally, you mentioned that contracting officers, COs 1102s, and people in that function in the federal government are kind of eyes and ears on this. What would you say are the top three signals that a CO should be watching for? That might indicate something bad going on with a contract or an acquisition.

Dan Glad I think the first is any indicators in the contract, in the bid documents, in the contract and documents, any tells that competitors are anything but that two or more bidders are working together. And sometimes that can be the sloppiness that can result. Where you can see a classic example is the same typo. That is, it’s not proof positive, but it’s a lawyer would say it’s probative of a collusive conspiracy. The other thing I always tell contracting officers, and it sort of goes back to my thought that humans are pattern recognition machines. We can recognize patterns even if we can’t articulate it. If a contracting officer has this sense that they know who’s going to win before they, in the old days, open the envelopes with the bid. But today sort of go into the procurement platform to open the bids. I would ask a contracting officer sort of pause. And as they said in Star Wars, search your feelings, figure out what’s going on, why you have this inclination that someone’s going to win. Again, not proof positive, but these schemes are iterative. They are pattern. They happen over time. There’s no such thing Tom as a bid rigging Crime of passion. You have. Over time, when you are procurement professional, you’re invested, and you will have been able to spot that pattern. And the third thing is sort of look in the pricing, look at the information you have. If pricing is all going up lockstep that’s a red flag not proof positive but it’s a red flag. There may be an innocent explanation for it. If pricing is very, very close or it’s off by round numbers or round percentages, that can be an indicator of a collusive scheme bid rigging, price fixing, or some other kind of fraud.

The post Justice Department expands its procurement fraud strike force first appeared on Federal News Network.