Category Archives: Business Success

Adaptive Acquisition Framework — Ready, Set, Contract?

Standard
Image: Defense Acquisition University

NATIONAL DEFENSE MAGAZINEBy Dr. William A. Schleckser

This new Adaptive Acquisition Framework displays a patent willingness to put substantial trust in program managers by moving decision-making authority as close to the program manager as possible.

For this new framework to prevail, there must be trust in contracting officers by moving authority for actions as close to the decision-maker — the contracting officer — as possible.

_____________________________________________________________________________

“Undersecretary of Defense for Acquisition and Sustainment Ellen Lord has called the Adaptive Acquisition Framework “the most transformational change to acquisition policy in decades.” Her statement is difficult to argue given the revolutionary nature of the framework’s alterations to acquisition policy and the lack of truly transformational changes seen in acquisition policy and statute over the past 25 years. 

For decades, Defense Department leaders have lamented the laborious, bureaucratic acquisition process and its hindrance to innovative breakthroughs within weapon systems programs.

Many defense technologies, once fielded, lose a non-trivial portion of their relevance due to acquisition delays, a concept identified by former Defense Secretary James Mattis in the 2018 National Defense Strategy. The document pointed to processes’ non-responsiveness and a department over-optimized for exceptional performance, both of which come at the expense of providing timely capability delivery to the warfighter.

In response, Lord rapidly pushed out sweeping new guidance in the form of a six-pathway framework — the Adaptive Acquisition Framework — which is designed to put authority and agility back in the hands of program managers. With this newfound ability, executives will transition between pathways in order to speed delivery of capabilities to the warfighter.

Still, acquisition is not a solo sport. Program managers must rely on their team of acquisition professionals to embrace this new paradigm of speed, agility and risk management for this “transformation” to result in real change in capability delivery. But increasing speed, agility and risk sends a measure of anxiety through the vertebrae of the many contracting professionals who have focused on delivering contracts that are protest-proof and rigidly built to withstand the assaults of indistinct scope and performance.

Nonetheless, for the framework to deliver capabilities at the speed of relevance, contracting professionals at all levels must be willing to embrace this revolutionary change.

This change comes with a prerequisite to develop not only new and inventive processes, but an expanded tool box of soft skills necessary to bring about innovation, active management of risk, and corporate synergy to the contracting community that will result in high-speed, low-drag contracting.

The “Contracting Professional’s Career Roadmap” is a nine-step list published by the Federal Acquisition Institute. It provides contracting professionals a succinct overview of gates through which a contracting professional must successfully pass in order to be effective. Curiously, the first stop on this path, “become familiar with the federal acquisition process,” is not a contract-centric element. The federal acquisition process is not contracting, but contracting is a major subset. The process is the overarching method encompassing all relevant skills and functions by which the federal government acquires products and services.

Ironically, the second stop on the roadmap is “understand your role as a contracting professional” within this process. It was not by chance these items are numbers one and two on the path. That is because federal acquisition is a team sport, of which contracting is one player among many. As with any team sport, each player must understand his or her place and responsibilities within the team framework, otherwise the team will fail. The first thing a youth football coach should do is line up new players in formation — both offense and defense — so they can gain an understanding of where their position is in relation to all the other players. A single player lining up incorrectly could result in a penalty or failure for the team to properly execute the play.

Understanding where a manager fits in the overall formation is just as important in the acquisition team. Taking it to another level, each player also needs to understand how his play impacts his teammates. Commentators often praise a great player for their “knowledge of the game.” It isn’t just their knowledge of their specific responsibilities as a player, but the interrelation of how their play improves the play of those around them.

In federal acquisition, each team member must perform with that level of understanding in order for this new transformation to be successful. This may be even more imperative for contracting team members as the contracting processes tend to consume a significant portion of time while they deliberate source selection and performance risk.

Assistant Secretary of Defense for Acquisition Kevin Fahey identified a need to develop a culture of innovation and creative compliance, and enable critical thinking. In order to be innovative, creatively compliant and critical thinkers, department leadership wants acquisition teams to take calculated risks. As Gen. George S. Patton said, taking risks “is quite different from being rash.”

One tool that transforms rash behavior to measured performance is risk management. To take calculated risks, contracting professionals will need to learn how to actively manage risks. Program managers routinely manage risks and, as a programmatic community, have become comfortable mitigating, accepting, transferring or avoiding risks within their programs.

Contracting professionals must learn and implement these skills as they execute contractual actions. No longer will the acquisition community idly await the perfect contract. Perfection late is perfection lost. Too often contract award timeliness was sacrificed in an effort to gain contractual perfection through overly cumbersome approval chains and non-value-added reviews.

Timeliness has also been assaulted by excessive “documentation,” which has been a watchword for the contracting community and for good reason. However, as with any good thing, it tends to be overdone. In some ways the acquisition community may have become overly obsessive and unreasonably compulsive with its documentation, and some streamlining may be in order.

Procedural changes to contracting are only a first step. The real gains may be seen in a closer coupling of the acquisition team functional communities. In today’s continuously changing environment, requirements can no longer be developed in a vacuum only to be thrown over the fence to the next team. Requirement generators, program managers and contracting officers must integrate early and intimately in the requirements process to develop requirements, discuss possible options, perform market research, consider acquisition plans and jointly produce acquisition timelines. Contracting professionals often enter or are invited late into the acquisition process. Contracting organizations do it to themselves when they demand customers only turn over a requirement once it has been fully detailed with the finalized work statement, funding documents and cost estimates.

In today’s rapidly changing environment, contracting professionals better serve customers by entering as early in the requirements generation process as possible. The team must come together so closely and early that it would be difficult for an outsider to identify where program management stops and contracting starts.

If the first time a contracting professional sees a requirement is when it has been fully documented in a formal work statement, an opportunity to bring value to the process has been lost. Additionally, synergies that come from synchronized market research and critical thinking amid the program manager, contracting officer and other acquisition team members are missed; and with it early considerations for competition, innovative contracting and/or small business participation because the requirement has been fixed making change too difficult or time consuming.

Failing to capture the synergistic effects of close coordination, contracting will struggle to regain any status as an innovation enabler, and may continue to be relegated to chasing acquisition timelines and contract perfection.

The Adaptive Acquisition Framework is an opportunity to inject innovation, creativity and critical thinking into the federal acquisition process by placing authority and agility into the hands of program managers. However, this transformational change to acquisitions will not create true transformation unless the players are willing to embrace the change. Program and product managers can only deliver capability as fast as their team supports.

Although the framework is program management focused, it also presents a challenge to — and opportunity for — the contracting community. As a critical component to the delivery of products and services, the contracting community must get on board with the new vision being promoted by leadership. It is a vision overdue given the speed at which technological capabilities are progressing.

More specifically, contracting professionals must understand that timeliness can no longer be held hostage by contractual perfection, overly cumbersome approval chains and non-value-added reviews. Perfection late is perfection lost. As a result, contracting professionals must become intimately integrated early into the acquisition process starting at the notion of the requirement. Otherwise, they risk being a deterrent to the innovation and creativity crucial in today’s fast-moving environment.”

https://www.nationaldefensemagazine.org/articles/2020/5/29/adaptive-acquisition-framework-ready-set-contract

Dr. William A. Schleckser is a professor of contract management at the Defense Acquisition University. He is Defense Department Level III certified in contracting and program management.

US-Mexico-Canada Agreement Enters into Force, Officially Replacing NAFTA

Standard
Image: “U.S. Grains Council

U.S. SMALL BUSINESS ADMINISTRATION “- By Loretta Greene, Associate Administrator

“On July 1, 2020, the U.S.-Mexico-Canada Agreement (USMCA) enters into force, officially replacing the North American Free Trade Agreement (NAFTA).

USMCA is a ground-breaking achievement for U.S. small businesses and is the first trade agreement ever to include a full chapter dedicated to small business interests.”

____________________________________________________________________________

“Supporting and expanding U.S. small business trade with Mexico and Canada is a top priority for me as the new Associate Administrator for SBA’s Office of International Trade (OIT).  SBA OIT has a team of talented trade finance specialists and finance products to help small businesses involved in international trade to access capital, purchase inventory as a manufacturer or supplier, and expand through trade.  OIT helps ensure small businesses are adequately represented in trade negotiations led by the Office of the U.S. Trade Representative and educates U.S. small businesses on the wide range of federal and state resources that can increase their ability to compete in international trade. 

The modernization of trade with Mexico and Canada under USMCA is designed to benefit U.S. small businesses and to ensure more balanced trade. U.S. companies with fewer than 500 employees comprise 65 to 70 percent of all identified U.S. companies trading goods with our closest neighbors, according to the most recent statistics. 

Companies selling goods to Mexico and Canada can now achieve expanded export opportunities under the USMCA.   In 2019, U.S. companies sold $292.6 billion in U.S. goods to Canada and $256.5 billion in U.S. goods to Mexico. 

As part of USMCA, SBA OIT launched a new international sales information resource sitewww.sba.gov/tradetools, which is part of the http://www.trade.gov/usmca to assist small businesses to use USMCA. Both links also connect to pages created by Mexico and Canada.  Small businesses can explore the agreement, learn about the rules, and identify where to direct questions and find resources through these information sharing platforms. Resources include a new Customs and Border Protection’s USMCA Center staffed with experts.

As small businesses use the USMCA, they will find important commitments across the agreement including:

  • The Small and Medium-Sized Enterprise Chapter creates a SME Dialogue to consider small business trade opportunities and challenges across the three countries.  This is an important innovation to ensure U.S. small businesses will continue to be heard and considered.
  • The USMCA Cross-Border Trade in ServicesChapter enhances market access.  U.S. small business services can now be provided market access across North America without requirements for a foreign office or foreign representative.
  • The Customs and Trade Facilitation Chapter increases certainty by providing for advance rulings commitments with expanded scope and a free, publicly accessible websites for advance rulings.  
  • Furthermore, to decrease unintended trade costs, this Chapter also provides procedures to correct errors.
  • To support small e-commerce sellers shipping with express services, Canada has raised its de minimis level for North American express shipments for the first time in decades, doubling it from $C20 to $C40 for taxes.
  • Canada will also provide for duty free shipments up to $C150.
  • Mexico will continue to provide tax free treatment for shipments up to $US50 and will provide duty free treatment for shipments up to US$117.
  • The Good Regulatory Practices Chapter, a first in a U.S. trade agreement, specifically includes provisions encouraging the Parties to take into consideration the effects on small businesses in the development and implementation of regulations.  The USMCA’s prioritization of small business traders is exciting as it will increase small business friendly ecosystems in North America and facilitate more trade.

SBA is proud to be part of this achievement. We look forward to helping more U.S. small businesses trade with Mexico and Canada, while supporting those already exporting to further expand their sales. To learn more, visit www.sba.gov/tradetools or contact the SBA International Trade Ombudsman Hotline at (855) 722-4877 or international@sba.gov with questions.”

ABOUT THE AUTHOR:

Loretta Greene

Loretta Greene is the Associate Administrator for SBA’s Office of International Trade https://www.sba.gov/person/loretta-greene/

MicroMentor – A Free Business Mentoring Program For Entrepreneurs

Standard
https://www.micromentor.org/

It has been a pleasure being part of the MicroMentor Team for the last 9 years of our dramatic growth in volunteer mentoring services worldwide. 

https://www.smalltofeds.com/2019/09/micromentor-free-business-mentoring.html

Five Regulatory Changes For Government Contractors to Watch

Standard
Image: Mastercontrol.com

“WASHINGTON TECHNOLOGY”

In recent years, both Congress and the Executive Branch have made it a key priority to mitigate risks across the industrial and innovation supply chains that provide hardware, software, and services to the U.S. government.

Five of these initiatives are likely to result in new regulations in 2020, each of which could have a fundamental impact on companies’ ability to sell Information, Communications, Technology and Services to the USG.

______________________________________________________________________________

“In recent years, both Congress and the Executive Branch have made it a key priority to mitigate risks across the industrial and innovation supply chains that provide hardware, software, and services to the U.S. government.

Five of these initiatives are likely to result in new regulations in 2020, each of which could have a fundamental impact on companies’ ability to sell Information, Communications, Technology and Services to the USG. As these requirements begin to take hold, federal contractors should be mindful of potential impacts and the actions that can be taken now to prepare for increased USG scrutiny of their supply chain security.

Section 889 of the Fiscal Year 2019 National Defense Authorization Act

As many USG contractors are now painfully aware, Section 889 of the Fiscal Year 2019 National Defense Authorization Act establishes two constraints on telecommunications supply chains. Subsection 889(a)(1)(A), effective as of August 13, 2019, prohibits USG agencies from acquiring certain telecommunications equipment or services from Huawei, ZTE, Hytera Communications Corporation, Hikvision, or Dahua, or any of their subsidiaries or affiliates.

Section 889(a)(1)(B), effective August 13, 2020, prohibits USG agencies from “enter[ing] into a contract (or extend[ing] or renew[ing] a contract) with an entity that uses any equipment, system, or service that uses covered telecommunications equipment or services as a substantial or essential component of any system, or as critical technology as part of any system.” As drafted, the statute is broad enough to apply in cases where a company uses such equipment or services solely in connection with its commercial sales outside of work the company does for the USG.

The interim rule for Section 889(a)(1)(A) was released last August and opened for comment. The FAR Council has indicated that it will provide feedback to those comments when it issues the proposed regulations for Section 889(a)(1)(B), which have not yet been released. This means that key terms, such as “entity”and “use” remain undefined. Accordingly, contractors, especially those with a mix of commercial and government business, must take educated guesses in preparing compliance programs to begin to address these requirements.

SECURE Technology Act

On December 21, 2018, the President signed into law the Strengthening and Enhancing Cyber-capabilities by Utilizing Risk Exposure Technology Act. The Act establishes the Federal Acquisition Security Council, which is charged with building greater cybersecurity resilience into federal procurement and acquisition rules.

The Act also gives the Secretary of the Department of Homeland Security, the Secretary of Defense, and the Director of National Intelligence the authority to issue exclusion and removal orders for information technology products and/or companies that supply such products if the FASC determines that they represent a risk to the USG’s supply chain. The Act also permits federal agencies to exclude companies or products they deem to pose a supply chain risk from individual procurements.

Recent reports indicate that the FASC is nearing completion of a final interim rule that would specify the exclusion criteria and detail the appeal process from an exclusion order. Although the Department of Defense and the Intelligence Community currently have the authority to exclude products in certain instances, this interim rule would apply government wide. Still to be seen is whether the exclusion determinations will be publicly available.

Cybersecurity Maturity Model Certification

On January 31, 2020, DoD released Version 1.0 (since updated to Version 1.02) of its Cybersecurity Maturity Model Certification. CMMC is DoD’s upcoming framework for managing cybersecurity risks in the Defense supply chain. Under the current paradigm, contractors that handle “Covered Defense Information” must self-attest to providing “adequate security” to protect that information, but are allowed to work toward implementing 110 NIST SP 800-171 security controls over time so long as the plans for doing so are appropriately documented.

Not only does the new CMMC add additional security controls (depending on the level of sensitivity assigned to the procurement), contactors must be in full compliance with each control at the time that contract performance begins. Most importantly, contractors will no longer be able to self-certify compliance. Instead, compliance with a particular CMMC level must be externally validated by trained auditors.

DoD is in the process of promulgating an update to the current Defense Federal Acquisition Regulation Supplement cybersecurity clause to account for the shift to CMMC requirements and is planning on choosing a subset of procurements where CMMC can be applied by the end of this year. DoD’s goal is to fully implement CMMC certification requirements in all DoD awards by Fiscal Year 2026. DoD has indicated, however, that COVID-19 could delay release of the DFARS clause.

Executive Order on Securing the ICTS Supply Chain

On May 15, 2019, the President issued an EO declaring a national emergency with respect to threats against ICTS in the United States. The EO authorizes the Secretary of Commerce to prohibit, block, unwind, or mitigate any transaction involving ICTS that is “designed, developed, manufactured, or supplied, by persons owned by, controlled by, or subject to the jurisdiction or direction of a foreign adversary.” Reviews of transactions will be conducted on a case-by-case basis.

Commerce received comments on a November 2019 proposed rule in January 2020. There has been no known use of the authority during the rulemaking process and an update is expected from Commerce soon.

Sections 1654 and 1655 of the Fiscal Year 2019 National Defense Authorization Act

Sections 1654 and 1655 of the FY19 NDAA generally require contractors to disclose whether they have allowed within the last five years a foreign government that poses a cybersecurity risk to USG defense and national security systems and infrastructure (or for non-commercial items, any foreign government) to review the source code of any product, system, or service that DoD is using or intends to use.

The law also requires contractors to disclose whether they are under an agreement to allow a foreign government or a foreign person to review the source code of a product, system, or service that DoD is using or intends to use. DoD will be able to condition contract awards on contractors’ mitigation of any risks that DoD identifies because of the foreign source code review.

The DFARS regulatory implementation of this requirement is currently on hold “pending resolution of technical issues,” and specific countries of concern have not been publicly identified, but regulations are still expected within the next year.”

https://washingtontechnology.com/articles/2020/06/26/insights-covington-regulatory-changes.aspx

GSA Bumps STARS II Ceiling By $7 Billion

Standard
Image: “FCW

FCW

The General Services Administration raised the ceiling of its 8(a) Streamlined Technology Application Resource for Services (STARS) II contract by $7 billion, to $22 billion.

STARS II is a small business set-aside for customized IT services and IT-services-based solutions from 787 small business contractors that qualify under Small Business Administration standards. GSA said the contract is used by 50 federal agencies to plan and supply long-term IT projects.

_____________________________________________________________________________

“In early April, the GSA’s 8(a) STARS II governmentwide contract hit its $15 billion ordering obligation limit.

“By raising the 8(a) STARS II ceiling, GSA continues to ensure that we meet the needs of our federal agency customers,” said GSA Administrator Emily Murphy in a June 23 statement on the increase. “As agency demand for IT products and services has increased during the COVID-19 pandemic, GSA is proud that STARS II will remain available to help agencies deliver world class IT services.”

GSA started limiting task orders on the GWAC to agencies whose contracting officers had obtained a “control number” to use the contract vehicle, but it stopped issuing new control numbers.

All 787 contractors remain on the vehicle, GSA said in its announcement. Agencies can place new task orders through Aug. 30, 2021, and work can continue on those new orders through June 30, 2022.

GSA is working on a new iteration of the contract, 8(a)STARS III.

In a June 10 blog post, Laura Stanton, acting assistant commissioner of GSA’s Federal Acquisition Services’ Office of Information Technology Category, said the agency plans to issue the final solicitation for the STARS III contract by end of the federal government’s fiscal year on Sept. 30.

The initial STARS III request for information went out last August.

Stanton said the increase to STARS II wasn’t the first for the popular contract to accommodate agency demand.

“As we move into this contract’s fourth generation we can say for certain that this program is a huge success. A significant number of prior 8(a) STARS program participants have grown their businesses so much that we now see them thriving with the big companies on GSA’s Alliant 2 GWAC,” she said.”

https://fcw.com/articles/2020/06/24/rockwell-stars-ii-ceiling-bump.aspx?oly_enc_id=

Ways To Solve The Cyber Talent Gap

Standard
Image: “Itproportal

FCW

Two biggest impediments hindering the federal government’s cyber recruiting efforts are money and the lengthy hiring process that consumes most federal agencies.

Declining budgets and a lack of career development programs contributing factors for rising turnover rates among federal IT contractors.”

______________________________________________________________________________

“Federal agencies and Congress have increasingly looked to bug bounty programs to find and stamp out cybersecurity vulnerabilities in their software. A new survey of nearly 3,500 security researchers who use Bugcrowd’s platform offers a glimpse into the backgrounds and motivations of a highly coveted pool of emerging cyber talent that both government and industry are desperate to recruit.

More than half of those surveyed live in urban environments, and three out of four speak multiple languages. Despite efforts within the information security community in recent years to improve diversity, the average age of those who participated in the survey skewed overwhelmingly young and male.

According to the survey, higher education is an important feature for many security researchers and their families. They’re most likely to have obtained a college degree (49%), have parents who have done the same (36%) and are three times less likely to drop out than their parents. The survey data “suggests most security researchers are degree-qualified because they come from educated families that value the acquisition of worldly knowledge, skills, values, beliefs and habits.”

While the size of the average American household has been in decline for decades, nearly half (48%) of respondents come from large families with between 4-12 members. Even with more mouths to feed, 64% reported pulling down a median annual income of just $25,000 or less, though many also say they only chase bug bounties on a part-time basis. Perhaps not surprisingly, making money was cited as the most important issue, followed by flexible hours and improved skills.

The report predicts that over the next six months, cybercriminals will exploit the widespread shift to remote telework in the wake of the COVID-19 pandemic, increasingly targeting vulnerable infrastructure through expanded reconnaissance activities and asset discovery. That in turn will lead to organizations boosting their reliance on white hat hackers over the next year as they race to identify and fix hidden software vulnerabilities.

The pandemic “has demystified many of the perceived differences between employees working remotely and security researchers” and emerging technologies such as machine learning that are not yet mature enough to meet the increased demand.

“This gap between automation and human adversarial creativity suggests organizations will increasingly seek to augment their human expertise in securing their assets via crowdsourcing, the most efficient and practical approach to finding available talent,” the company forecasts.

John Zangardi, former CIO at the Departments of Defense and Homeland Security, told FCW in an interview that in his experience, two biggest impediments hindering the federal government’s cyber recruiting efforts are money and the lengthy hiring process that consumes most federal agencies.

While they often cannot compete on pay, one potential advantage for federal agencies could be through supporting the continuing education goals of its IT and cyber employees. A recent study by government contracting intelligence firm Deltek cited declining budgets and a lack of career development programs as a contributing factor for rising turnover rates among federal IT contractors, while a majority of respondents to the Bugcrowd survey say they use the platform for personal development and improving their skills.

Last year the Trump administration issued an executive order creating a new rotational program for federal employees to detail at the Cybersecurity and Infrastructure Security Agency and other agencies to improve their technical skills. CISA has also sought ways to sidestep normal federal hiring procedures to more easily hire information security specialists and pay them more.

Zangardi said during his tenure, cyber retention incentive bonus programs at DHS that provided extra compensation to employees who complete new certifications acted as a partial salve to some of the government’s inherent recruiting challenges. However, he acknowledged that for many positions — particularly highly-skilled ones — individuals can still earn tens of thousands of dollars more per year by doing similar work in the private sector.

“I can’t change the GS federal pay scale, but we can take steps to ensure that we’re giving them what we can,” said Zangardi.”

https://fcw.com/articles/2020/06/23/johnson-cyber-workforce-survey.aspx?oly_enc_id=

Retention Woes Challenge Government Contractors

Standard
Image: “Association for Talent Development” Magazine

FCW

Finding, recruiting and retaining qualified talent continues to challenge the government contracting sector. Talent shortages and commercial competition for candidates have complicated matters for human capital management leaders.

Despite record-breaking levels of unemployment due to the COVID-19 pandemic, the need for personnel to fulfill government contracting roles remained the same.

_________________________________________________________________________

“According to a recent study from Deltek, government contractors are struggling to attract and retain qualified candidates.

Deltek’s 11th Government Contracting Industry Study, carried out between January and March 2020, said that turnover was common, and that the need for highly specialized roles in fields such as information technology made for a tight labor market.

Deltek’s report speculated that part of the issue were declining budgets and a lack of mechanisms in place to ensure career development, noting that 79% of responding companies did not have career development plans in place.

According to the study, 73% of respondents struggled to find qualified talent.

“These are highly specialized roles. The qualifications are highly regulated, in high demand and short supply,” Amy Champigny told FCW in an interview.

“For a lot of contractors, it’s been business as usual.”

Deltek also reported that turnover rates made a “considerable jump” from the previous year; 47% of large companies responded that they had 16% or higher turnover rates, though the report noted that the average amount of time it took to fill vacancies remained steady year over year.

The study noted that more and more firms were relying on outsourcing companies to recruit job candidates, “an expensive solution to a potentially broader problem.”

In attention to retention and an inability to compete with private companies’ compensation and benefits packages, both human resources and talent acquisition experts reported that complying with HR policies proved challenging.

“Producing reports and documentation to satisfy audit requests continues to challenge many organizations,” the report read, noting that this specified complying with “ever changing regulations” and understanding new policies and their impacts.

“Adequate tracking and reporting continue to be a hindrance for HR professionals using outdated or generic solutions.”

Champigny said that the pandemic illuminated the failings of conventional performance management techniques, as managers no longer had immediate access to their employees once offices pivoted to remote work.

“A lot of companies still do annual performance appraisals. How do you do that when people are working remotely?” she said, adding that continuous performance evaluations could be a solution.

She said she expected the pandemic to induce contractors to rethink current workplace arrangements and introduce new flexibilities to attract much needed talent.

“It’s been interesting to watch this year and for next and see how organizations are going to adopt a hybrid approach [of remote work and in-person offices]. We haven’t seen government contractors do this before. There are some sectors where that’s not possible, but the market might now demand it.”

https://fcw.com/articles/2020/06/19/russell-contract-workforce-study.aspx?oly_enc_id=

DARPA’s First Bug Bounty: Find Vulnerabilities In Hardware-Based Security

Standard

GCN”

DARPA’s first bug bounty program, called the Finding Exploits to Thwart Tampering (FETT) program, will be held in partnership with the Department of Defense’s Defense Digital Service and Synack, a crowdsourcing security company.

__________________________________________________________________________

“The Defense Advanced Research Projects Agency is inviting security researchers to find vulnerabilities in its System Security Integration Through Hardware and Firmware systems.

Launched in 2017, SSITH aims to secure electronic systems with hardware security architectures and tools that protect against common classes of hardware vulnerabilities regularly exploited through software.

Participants will try to penetrate the SSITH hardware security schemes developed by researchers at SRI International, the University of Cambridge, the Massachusetts Institute of Technology, the University of Michigan and Lockheed Martin. Their approaches generally involve providing the hardware with more information about what the attacking software is trying to do so it can become an active participant in its own defense, DARPA officials said. The SSITH development teams are working with Galois, a computer science research and development company, to move the hardware instances systems to the cloud for the evaluations.

The emulated systems will be running in an Amazon Web Services EC2 F1 cloud. Each emulated system is based on field-programmable gate array semiconductors and includes a RISC-V processor core that has been modified to include the SSITH hardware security.

According to DARPA, each emulated system’s software stack will contain SSITH hardware security protections as well as common vulnerabilities, such as buffer errors, information leakage, resource management and numeric errors. Security researchers will be tasked to devise exploit mechanisms that bypass the hardware security protections.

The FETT challenge is expected to run from July to September 2020.

“There is a lot of complexity associated with hardware architectures, which is why we wanted to provide ample time for interested researchers to understand, explore, and evaluate the SSITH protections,” said Keith Rebello, the DARPA program manager leading SSITH and FETT. 

Before security researchers and ethical hackers can join the FETT program as a Synack red team members, they must first qualify through a capture-the-flag challenge. After they are approved, participants will see a number of applications using SSITH defenses, including a medical records database system, a password authentication system for PCs and a web-based voter registration system that aims to “protect the underlying voter information from manipulation or disclosure, even in the presence of vulnerabilities in the system’s software,” Rebello said.  

More information on FETT can be found here.”

https://gcn.com/articles/2020/06/15/darpa-ssith-bug-bounty.aspx?oly_enc_id=

3 Government Contract Marketing Tactics To Employ As The Fiscal Year Ends

Standard
Image: KDJcommunications.com

WASHINGTON TECHNOLOGYBy Mark Amtower

Each of these tactics works regardless of the Covid 19 crisis, but they are more important now that we do not currently have the face-to-face option of our normal end-of-fiscal year.

__________________________________________________________________________

“The Covid 19 crisis has forced Feds and contractors alike to a new level of “digital transformation,” a forced migration to tools we were aware of but not necessarily using often or well: online meetings, telework, and leveraging social networks like LinkedIn, Twitter and Facebook more fully and more frequently.

With the physical re-opening of federal sites still in question, the need to adapt has never been greater. I have heard from different sources that federal offices will not return to any semblance of normal in this fiscal year, and possible not until calendar 2021.

In the meantime, here are a few ideas to win more business at the end of fiscal 2020 on Sept. 30.

First, relevant content, well written or produced, then properly deployed after production. Content can take many forms, from articles and blog posts, to videos and podcasts, from webinars to white papers, and much more. Studies from Market Connections, Inc, Hinge Marketing and others have not only demonstrated the value of content in the procurement process, but have shown it to be a critical factor when you are targeting specific contracts, going after business with a specific agency, or developing and showcasing an area of expertise.

Producing the content is step one, putting it where your target audience will find it is step two.

All content should be resident on your web site under a “Resources” button. After that, share it via social sharing and email. If you post it on LinkedIn, it automatically goes to your 1st degree connections via their “Home” page. If someone else shares it, it goes into their 1st degree network the same way.

Your content should be educational in nature and avoid any overt sales message. Just include contact info at the end and encourage readers and viewers to share.

Second, virtual events. By this time we should all be ZOOM-masters, right? I had been on ZOOM before Covid 19 sequestered us, but now I feel like I cannot live without it. ZOOM is massively more personal than a call.

Many events, even larger ones, have gone virtual with varying degrees of success. For those that didn’t quite make it, the problem may have been the tech backbone or the partner you chose to produce the event.

Vetting your virtual event provider and testing capacity is key, so start by asking your peers who they are using. If you attend an event that works, or that does not work so well, find out which platform was used.

If you are hosting an event for govies, make certain it is on a platform approved by their agency. If it is FedRAMP compliant, you should be OK. If not, rethink your platform.

Virtual events are here to stay.

Third, social selling. Social selling has been growing in importance over the last few years, but has now become critical. LinkedIn is the primary venue for this and the traffic on LinkedIn since the “stay at home” order has risen significantly.

Social selling is not traditional selling. It is the art and science of getting on the radar of a defined audience and staying on the radar in a non-intrusive way by leveraging social networks. It is not designed to replace traditional sales or business development, but to supplement and support them.

Sharing the content you develop is a social selling technique. Finding, liking and commenting on content shared by your prospects, is another technique. “Following” your prospects before reaching out is yet another. There are several easy-to-do social selling tactics.

Reaching out to connect with your prospect audience can be a social selling technique as long as you don’t send the LinkedIn connection “form letter.” Find a way to put the connection request in context of what the prospect does and what you bring to the table, but not a sales context.

Best of fortunes for your federal “busy season”!”

https://washingtontechnology.com/articles/2020/06/17/insights-amtower-covid-fiscal-end-selling.aspx

ABOUT THE AUTHOR:

Mark Amtower

Mark Amtower advises government contractors on all facets of business-to-government (B2G) marketing and leveraging LinkedIn. Find Mark on LinkedIn at http://www.linkedin.com/in/markamtower.

New SBA On-Line Tool Matches Small Business to Lenders

Standard
Image: SBA

SBA

SBA’s Lender Match is an additional resource for pandemic-affected small businesses who have not applied for or received an approved PPP loan to connect with lenders.  

A dedicated online tool for small businesses and non-profits to be matched with Community Development Financial Institutions (CDFIs), Minority Depository Institutions (MDIs), Certified Development Companies (CDCs), Farm Credit System lenders, Microlenders, as well as traditional smaller asset size lenders in the Paycheck Protection Program (PPP).

______________________________________________________________________________

“The SBA is focused on assisting eligible borrowers in underserved and disadvantaged communities and connecting them with forgivable PPP loans, especially before the June 30, 2020, application deadline,” said SBA Administrator Jovita Carranza.  “As communities begin to carefully reopen across the country, there are still many more opportunities to provide this assistance to businesses who have yet to access these forgivable loans.  SBA is utilizing these partnerships with CDFIs, MDIs, CDCs, Farm Credit System lenders, Microlenders and many other participating small asset lenders to ensure that access to this emergency funding reaches the most small businesses and their employees in need.”

Lender Match Background

Within two business days after entering their information into the Lender Match platform, a borrower receives an email from lenders who have been matched with them.  The borrower can see lenders’ requests for them to begin an application.  Borrowers are then able to begin the application process directly from the email they receive.

Lender Match was on pause due to CARES Act implementation priorities and loan volume. It is now being reinstated for CDFIs and other Small Asset Lenders.  Leads will only be forwarded to CDFIs and Lenders with < $10b in assets until the PPP program ends on June 30, 2020, at which time Lender Match will be open to all participating SBA Lenders.  Lender Match not only connects borrowers with accessing PPP loans, but also other SBA lending products, such as 7(a), 504, Microloans, and Community Advantage loans which are currently offering debt relief.

About the U.S. Small Business Administration
The U.S. Small Business Administration makes the American dream of business ownership a reality. As the only go-to resource and voice for small businesses backed by the strength of the federal government, the SBA empowers entrepreneurs and small business owners with the resources and support they need to start, grow or expand their businesses, or recover from a declared disaster. It delivers services through an extensive network of SBA field offices and partnerships with public and private organizations. To learn more, visit www.sba.gov.­”