Category Archives: Small Business

Need For Security Clearances May Drop As Teleworking Expands

Standard
Image: Startacybercareer.com

FCW

Having a top-secret clearance may no longer be the insignia of an intel worker, according to the intelligence community’s national counterintelligence chief.

The IC’s [Intelligence Community] culture used to look at having a top-secret clearance as a “pass-fail” test to get in, [William] Evanina said, but that doesn’t mean employees can’t do their jobs from home — as long as it’s done securely.”

______________________________________________________________________________

“We are just as successful, with some exceptions, with people working at home than we were before. And I think we have to be flexible and look at our private-sector model and maybe extrapolate that into our intelligence community,” National Counterintelligence and Security Center Director William Evanina said during a May 13 INSA virtual event.

Evanina said he could see not requiring clearances for some positions in the next few years due to teleworking abilities. “Just because you work in the IC, and just because you have a top-secret clearance, does that mean that everything you do is classified?”

“Right now, our communications from home to work is not safe, whether it’s in the private sector, especially not in the government,” he said. “We have to find effective security solutions to get to where we want to be.”

The federal government has been working to improve the security clearance process and reduce its backlog, which once reached more than 700,000 active investigations on agency personnel and contractors that handle sensitive materials.

The government rolled out its much-criticized Trusted Workforce 2.0 framework in 2019, aiming to reduce the amount of time needed to clear new employees and re-investigate those moving across agencies.

The IC merged two hiring processes, for security clearances and employee suitability, into one earlier this year. The move was meant to clarify the role of human resource officers in ensuring candidates were right for job demands.

Evanina said the security clearance backlog has dropped to 180,000, with upwards of 50% more new applications coming in compared to 2019. That target beats the one set by the President’s Management Agenda at a 200,000 caseload of active investigations, and it is a significant dip from the reported 231,000 cases in January.”

New Frontier In “Challenge Procurement” At Veterans Administration

Standard
Image: Shutterstock

FCW By Steve Kelman

The basic idea behind a procurement challenge is that the government announces a problem it seeks to have solved. Anyone may then submit their solution, and the government chooses a winner or winners. 

You don’t need to be an expert on government procurement to submit an entry. There is no proposal — it is a great example of the idea of “show, don’t tell” that should be more important in government procurement in general.

_____________________________________________________________________________

“Many blog readers will be aware that I have over the years been a big fan of challenges (also known as prizes) as a procurement technique. 

When it announces a challenge, the government also specifies a monetary prize (hence the moniker “contest”) and further steps the government might take to support the winner or winners.

I first wrote enthusiastically about these way back in 2009, based on a DARPA contest for developing an all-terrain vehicle. Most recently I wrote about the Army using a challenge to develop a better and cheaper ventilator in the context of COVID-19. I have written, and continue to believe, that the use of challenges in procurement is the most significant procurement innovation of the last decade.

Challenges have varied from very elementary and not very consequential (e.g. a contest to develop an agency logo) to much more mission-critical. For example, a few years ago the IRS conducted a challenge to design an online experience that more clearly and easily organizes and presents a person’s tax information, including ways to more easily use tax data to help people with other financial decisions, such as applying for a loan.

However, even more difficult and complex challenges have up to now been one-off efforts: the government publishes the challenge, bidders respond, and the government chooses winners. Now, though, the Department of Veterans Affairs has published an RFI for a challenge that will take this procurement tool where it has never been before. VA officials are seeking to develop approaches to reduce suicide among veterans

The agency is envisioning creation of a user-friendly platform where veterans (and possibly others in at-risk groups) can gain enhanced access to a range of suicide-prevention services, such as scheduling, assessments and mental health resources, while preserving their identities and privacy. The VA also hopes to personalize and customize services to directly meet veterans’ needs and recognize certain risks in users’ personal lives, information about care paths and more.

The VA’s vision is that the platform would involve automated learning to update information provided the user. Data analytics and AI would learn from the “user journey” through the VA ecosystem, adapting and responding to the individual user’s needs, fears and concerns. Over time, the information presented to that user would be increasingly curated for their specific needs. 

Not only is the topic of the challenge difficult and high-visibility — about as far from designing an agency logo as you can get — but the way the challenge will be organized will be far more ambitious than any the government has attempted in the past. The VA will be doing a procurement not for the challenge itself but to manage challenges that then would be put out for submissions.

As the VA puts it in their RFI, “the chosen partner would need to provide management support services necessary to help build the program from the ground up—and seamlessly execute the competition from beginning to end. The dedicated collaborator would support the delivery of everything from the timeline, scope and design of the complex challenge, to technical support, Though VA would provide some of those funds, said. in raising money for the prizes winners will receive. “the hope is the vendor would be able to facilitate outreach and increase fundraising for the prize purse, so that it’s not just taxpayer-funded money that goes to support this effort, but actually potentially private funds from companies and others who are interested in solving this problem,” the VA states.

This will be a complex and large enough activity that the VA doesn’t have the bandwidth to do it with in-house resources. So, to allow development of challenges at scale, it is actually seeking to let a contractor organize that effort.

This is a first, and an amazing innovation by the VA. The idea has been shepherded by the VA’s Chief Innovation Officer Michael Akinyele. It was in the works before COVID-19, but the explosion of unemployment will make the suicide problem worse and hence has prompted the VA to move the effort faster.

If this works, it will add an important new tool to the government’s contracting toolkit, available to others across government. VA, congratulations on a great idea, and good luck making it work.”

https://fcw.com/blogs/lectern/2020/05/kelman-va-challenge-at-scale.aspx

Is Short Term Economic Focus On Earnings Killing U.S. Innovation?

Standard
Image: “Saracanaday.com

DEFENSE SYSTEMS

The U.S. risks losing its competitive edge over China in terms of technology because companies care more about quarterly earnings than research and development.

Solutions involve incentivizing U.S. companies to focus on long-term investments and research.

______________________________________________________________________________

“That’s the message Michael Brown, director of the Defense Innovation Unit, the Defense Department’s innovation arm, shared at a Brookings Institution virtual event May 8 on China’s technological impact worldwide.

“You’re never going to win in a technology race with defense,” Brown said. Instead, the U.S. needs to focus on being more productive and “invest in itself” with more basic research.

“What do we do to reform our business thinking and our capital markets to move away from short-term thinking to be more long-term oriented,” Brown said. Ways to focus U.S. companies on building and maintaining a competitive edge include stricter export controls and more scrutiny of foreign investments in U.S. companies, particularly technology startups.

Brown, formerly CEO of Symantec, said the corporate focus on quarterly earnings and stock prices is counterproductive to competing with China.

“They all feed into this short-term thinking in our business community,” said Brown, “we have to reform this or we’re not going to be successful in competing with China.”

Incentives could include tax advantages for focusing on long-term growth and research and development, Brown said. And on the punitive side, there is the possibility of establishing penalties for U.S. companies that off-shore manufacturing or spinning off hardware businesses whose domestic presence can support U.S. jobs and military production.

“The irony is that U.S. companies focus on profits often driven by market dominance ends up aiding China’s cause,” Tom Wheeler, former Federal Communications Commission chairman, said during the event. “The market control, market dominance that we’ve seen from the principal big tech companies thwarts competition driven innovation.”

“It is doubtful that we will be able to out implement China,” said Wheeler, referencing that country’s tightly controlled, one-party system of government. “But we can out-innovate China if we have policies that will encourage this competition driven innovation.”

The big question for DIU is whether it can take advantage of U.S. tech talent, startups and research dollars to maintain a long term advantage over China, which is able to dictate its priorities to industry.

“The Defense Innovation Unit spends all day every day trying to encourage innovative companies to work with the Defense Department,” Brown said. “And General Secretary Xi [Jinping] accomplishes this by fiat. So we have to recognize that there are some advantages to their system.”

Brown said he maintained some doubts about the ultimate success of the “civil-military fusion” practiced in China.

“I don’t know how well that’s going to work for them, but that certainly keeps me up at night,” he said.”

Other Transaction Agreements (OTA) Best Practices For Success

Standard

NATIONAL DEFENSE MAGAZINE

The intent of OTAs is to leverage commercial technologies for military purposes, improve the nation’s industrial base and allow for more cost effective and affordable solutions without extreme bureaucracy.

Opportunities are available to traditional defense industry partners and nontraditional defense contractors, such as academia, non-profits and other small businesses.

_________________________________________________________________________

“Imagine this. The Defense Department had an urgent need for armored vehicles to protect warfighters from new threats during a time of war. By applying a unique and tailored acquisition approach with specific attention to time and similar solutions already available in the commercial marketplace, it successfully started fielding new vehicles only 18 months after identifying the warfighter need.

The program referenced here was the mine-resistant ambush protected vehicle program, which began in 2006. Was the program a success? Absolutely. Was it a risk-free or perfect solution? No. Although the MRAP program was timely in helping mitigate the threat and associated warfighter casualties, there were challenges related to operating field conditions, training, sustainment, transportation and costs. The program, however, ultimately enabled the creation of other military vehicles that are still widely used today and supports how tailored acquisition approaches can produce successful outcomes.

A popular and continuously growing phenomenon within the department is the other transaction authority, or OTA. It permits Defense Department entities to award OTA agreements for research, prototyping and production efforts critical to national security. They are not an acquisition approach or strategy; however, they are flexible options that can support an acquisition approach or strategy.

Given leadership’s priorities for the increased application of adaptive acquisition methods, it is highly likely OTAs will be a key ingredient for success.

OTAs are binding agreements between Defense Department organizations and industry partners that are different than Federal Acquisition Regulation contracts, grants and cooperative agreements. While they are an innovative and flexible option that are not subject to all acquisition laws and regulations, they require vigorous program management.

Here are some points to remember:

OTAs are not new to the department. Although it received limited authority in 1989, the authority has significantly expanded since 2015. As a result, more agencies and industry partners are working together on the agreements. OTAs vastly differ from contracts because negotiations are not limited by FAR-based restrictions and allow for more robust terms between parties. This includes, but is not limited to, intellectual property rights, title to property, payment terms, project schedule or duration, cost or price analysis, financial and project status reporting, disputes, remedies and termination.

Congress specifically provided the authority to foster business flexibility for certain circumstances. Unfortunately, there is not a universal process or checklist for all parties to follow when planning or executing the agreements. This is intentional because universal processes across the department could hinder innovation and expanded industry participation.

Since OTAs will differ between agencies, these entities should individually create and maintain some form of standard business processes to support how to execute them from initial planning through completion. Examples of standard business processes include organizational policies, instructions, directives, guidebooks and standard operating procedures. These resources are foundational for success as they can provide tremendous assistance and value to not only the parties seeking to do business with the defense organization, but also the personnel leading or supporting the process.

There can also be immense benefits for industry partners who have not previously done business with the department. It currently has an “OT Guide” published in November 2018 available to the public; however, it is very broad and not unique to individual DoD organizations. Creating and maintaining standard processes can enable consistent and efficient operations, prevent miscommunication, minimize noncompliance with laws and assist organizations during evaluations or audits.

Since there is not a one-size-fits-all option to execute OTAs, defense authorities and industry partners should be aware of the various options available. Specific to prototype OTs, the most widely used type of OT, there are primarily four options for execution. Figure 1 provides helpful information associated with each option.

Agencies should carefully evaluate all options prior to option selection, depending on the specific need or the entity’s experience with OTAs. Evaluation can be done by market research and other means to effectively support the strategy and objectives. For example, if an organization is seeking a prototype that could be created by start-up companies or existing commercial firms, it may be in the best interest to award an OTA on its own, through the Defense Innovation Unit, or to a consortium.

Alternatively, if an agency is seeking a prototype similar to one another government agency is concurrently seeking through its own prototype OTA, it may be in the best interest — and the most economical option — for it to leverage the other government agency’s agreement. The Government Accountability Office reported in 2019 that the majority of funding for prototype OTAs between fiscal year 2016 and fiscal year 2018 was awarded to consortiums.

Further, the GAO reported that the department — in response to congressional direction — is improving its reports on OTA usage to provide more data and transparency. Given the options available for executing OTAs, it is critical that both defense organizations and interested industry partners are cognizant of the options and their individual characteristics.

Another factor for success is sound planning and identification of technical performance parameters.

Failing to plan is planning to fail. Since parties can negotiate and tailor many OTA elements, it is critical for all parties involved to complete sound planning efforts prior to execution. Also, because they promote “outside the box” business practices, risk management is not a choice, but the backbone of the effort from cradle to grave. Agencies should start planning with a clear needs statement or defined problem supporting a capability gap.

Next, the entity must perform adequate market research and requirements analysis to determine if solutions already exist or whether the capability is possible among industry partners. Adequate market research efforts must consider existing commercial products and practices, technological stability and current similar Defense Department or federal government efforts.

Entities must ensure OTAs will comply with codes, depending on the effort’s characteristics. The agency must collectively and clearly articulate what success looks like and how success or performance will be measured. Is the end game a report as a result of extensive research? Or is the end game follow-on production if the prototype OTA successfully meets the capability gap?

The government shall give full consideration to key areas related to cost, schedule and performance throughout the project’s life since OTAs do not eliminate the need for effective program management. Thus, consideration shall be given to vital technical characteristics or performance parameters, such as cybersecurity, intellectual property, technology transfer, testing, integration, interoperability and life cycle sustainment/supportability. Parties involved should continually ascertain when to continue or terminate the effort based on cost-benefit analysis.

Planning efforts should also encompass the means by which the government will publicize and solicit OTAs. Publicizing activities should target relevant and capable industry partners identified from market research. Solicitation activities must be creative, through fair and reasonable methods, to foster maximum competition. Methods include white papers, commercial solutions openings, requests for proposals, panel pitches, industry days, LinkedIn and Twitter.

OTAs require critical thinking and can be incredibly complex. Besides the many aspects of cost, schedule and performance to be considered and evaluated, they have minimum predefined requirements and are accompanied with unique negotiations requiring advanced levels of business acumen from various perspectives. OTAs are a team sport and should have diverse participation by technical and non-technical personnel.

Standardized OTA training or credential programs are not widely available to Defense Department or industry personnel. Personnel should seek to complete some form of OTA training. Nontraditional contractors should also complete training on the electronic invoicing system that will be used to submit invoices for work performed on OTAs. Invoicing the department can be cumbersome, especially for smaller firms with operations largely dependent on timely cash flows.

OTAs also require sufficient documentation since they have more flexibility and fewer internal controls when compared to other business options. Documentation is also vital to support OTA-related actions were fair, reasonable, transparent and legal. The need for sufficient documentation applies to both government and industry partners.

Appropriate documentation assists organizations in establishing beneficial continuous feedback loop mechanisms to replicate best practices and learn from shortcomings. Documentation also allows independent or unbiased individuals to follow OTA-related business decisions and funding. Documentation is even more meaningful as defense organizations spend greater amounts of taxpayer funds on OTAs and Congress seeks additional details on their usage.

Also, the law requires that all prototype OTs above $5 million include a clause that provides the GAO full access to records. As a result, all parties involved need to make documentation efforts a priority throughout the life of every OTA. Lack of existent or appropriate documentation could cause all the parties to receive undesired scrutiny from

Congress and defense leadership. Congress could also reduce or eliminate the authority if parties do not create or maintain sufficient OTA documentation.

The ability for the nation to maintain a sustainable competitive advantage and efficiently leverage adaptive acquisition methods depends on OTAs. It is all but certain they will continue to grow in popularity.

Although they are a bright and shiny object drawing significant attention from expanded usage, the department, its agencies and industry partners must carefully plan and execute OTAs from cradle to grave.

While they are flexible alternatives, they are accompanied by risks, not appropriate for every situation, and do not have a universal pathway for guaranteed success. OTAs must be treated as a privilege rather than an authority that will remain indefinitely.

Appropriate use in accordance with Congress’ intent could produce tremendous value for the Defense Department and industry partners. Alternatively, inappropriate use could result in inefficient use of taxpayer resources and Congress limiting or eliminating the modernized authority.”

https://www.nationaldefensemagazine.org/articles/2020/4/15/other-transactions-best-practices-to-enable-success

How The Private Sector Including IBM Is Pivoting To “Distance Work”

Standard
Image: “Digday.com

WASHINGTON TECHNOLOGY By  John M. Kamensky

As coronavirus has disrupted society over the last few weeks, some of the distancing measures that once seemed drastic have become acceptable — in a few cases even preferable to the way things worked before.

Nowhere has this been truer than the workplace, where companies and employees have found remote operations far more feasible than expected.”

____________________________________________________________________________

“University of Chicago researchers recently analyzed government employment and income data by industry and concluded that 34 percent of U.S. jobs can “plausibly be performed at home.” Journalist Liz Farmer predicts that “the long-expressed resistance of companies and individual bosses to WFH arrangements will decline markedly after they see how well the arrangement has worked.”

But COVID has also taught us that leading an entire organization through the transition to distance work in a matter of days or weeks can be wrenching, akin to passing through the five stages of grief. In an article about how corporations are adjusting to COVID-mandated remote working arrangements, Australian start-up accelerator Steve Glaveski sees a broad spectrum of adaptation beyond pre-COVID practices:

  • No deliberate action. This is where most companies were at the beginning of the COVID-19 outbreak, with little to no capacity for widespread remote work.
  • Recreating the office online. This is where most traditional organizations have landed. More effective companies offer access to e-tools, but without any redesign of how work gets done.
  • Adapting to the medium. These companies are investing in better equipment (for example, they may provide employees a cash grant to improve their lighting for video calls). Their work favors text-based communication, with fewer meetings that have clear agendas and include only ‘must have’ participants.
  • Asynchronous communication. These companies are structured more in line with how work gets done than where or when. They are typically global and recognize that presence does not equate to productivity.
  • These companies field purely distributed teams that work better than in-person teams. There are a handful of companies like this, and most are in the tech industry.

Glaveski acknowledges that moving across this spectrum won’t work for all industries, and he notes three common challenges to effective distance work that need to be addressed: team building and bonding, the value of informal office communication, and endpoint security.

How IBM Made the Transition

Fletcher Previn — IBM’s chief information officer — recently offered a candid description of how he and his colleagues grappled with these challenges and others as they pivoted the organization’s global workforce of 350,000 people to working from home over a four-week period this spring. Pre-COVID, Previn said, about 30 percent of IBM’s global workforce predominantly worked from “other than a traditional office” (i.e., from a client site or home). This figure shifted to about 95 percent within a matter of days.

He explained that there were two key components to this transition – technological and cultural.

Previn says that the company benefited from having a longer-term internal IT strategy to enable workers to self-service. This began with mailing employees their mobile devices instead of delivering them in person, and creating an internal app store to distribute software. Those measures meant that all employee hardware and software could be delivered outside the office, making it easier to transition quickly to remote work.

IBM had also adopted a standardized set of tech tools to enable collaborative work across the globe through remote meetings, file sharing, remote access and cybersecurity (the company is shifting from a VPN-based to a zero-trust model). Over the past year, Previn created a common “tool box” that employees can access based on their job function (e.g., consultant, scientist, analyst):

  • Slack for collaboration
  • Box for document repository
  • Trello for project management
  • WebEx for meetings
  • Mural for design thinking and whiteboarding

In terms of security, Previn says that his team detects a lot more cyberattacks and fraud attempts on home-based workers. In response, they’ve increasing training to identify phishing and tightened endpoint controls on inbound emails and other traffic. In addition, they are using AI to look for unusual behavior based on a user identity, location and the device being used.

While the tech tools are a necessary prerequisite for working from home, Previn noted that there are also cultural issues. For example, traditional ways of balancing work and personal life need to be redefined as employees work in new settings with new routines. He advocated a model of small three-person teams interacting with each other and with other teams not only through scheduled meetings but spontaneous communications that help maintain human bonds and trust. Previn said he schedules virtual happy hours with his team to bring people together informally rather than just for agenda-driven meetings.

To help ease the cultural transition to distributed teams, IBM HR developed a series of training guides and online modules on how to lead remotely, and tips for remote workers and their managers.

Long-Term Benefits of the Transition

One factor that enabled IBM and many other companies to respond quickly to COVID was the longtime use of distance work tools to improve cross-organizational collaboration, even when the parties at both ends of the line sat in offices. A 2013 survey by McKinsey Consulting found multiple expected benefits to these measures, such as reduced travel costs and increased employee satisfaction.

But the survey also discovered that there was faster access to internal experts and corporate knowledge when using collaborative tools. This implies that in both the private sector and government contexts, it’s less important where you do knowledge-based work than it is how you do it – using collaborative tools in a team-based work environment.

In the last two months, the corporate world has gradually come to realize that it cannot wait to adapt these tools fully to an at-home workforce. Companies have shifted from a strategy of “do what is most urgent and feasible now and postpone everything else until we return to the office” to “we have to make everything work remotely because who knows how long this will last and we can’t push things off any longer.”

For most companies, that means mastering levels three and four of Glaveski’s remote work hierarchy by embracing text-based communication, fewer meetings and asynchronous schedules.

And a few small tech companies have even reached the “nirvana” state that Glaveski describes. For example, Pipedrive, a new software company with staff in both the United States and Europe, responded to COVID by becoming a completely virtual company inside of 24 hours, according to futurist Heather McGowen. And one tech company, Automattic (the company behind WordPress, which powers 35 percent of all websites on the internet), beat COVID to the punch. It is 15 years old and has nearly 1,200 staff scattered across 75 countries – and no offices!

It is easy to think of the current disruption in workplace operations as a temporary shift that will reverse itself after the COVID threat recedes. But as McGowan suggests in Forbes, this pandemic “might be the great catalyst for business transformation,” producing changes in months that might have otherwise taken years to transpire.

“We’re seeing changes that affect work, learning, and daily life,” she writes, “changes that will become a new normal and that take place against a backdrop of several fundamental shifts.”

For example, a slow evolution in corporate culture even before COVID was giving employees greater autonomy and an increased role in meeting business goals. Companies are beginning to recognize culture, creativity and innovation as ingredients of success, and managers increasingly trust their people to “do the right thing.” Corporations have started to consider employee welfare as a central goal in addition to profit. These trends too are bound to accelerate as social distancing continues, and will persist long after it ends.

Future columns will explore these distance work approaches further and how they can be adapted to a government context.”

https://washingtontechnology.com/articles/2020/05/08/insights-kamensky-adapting-to-home-work.aspx

* * * * * *

Note: This post is the second in a series on distance work. Click here to read part 1.

ABOUT THE AUTHOR:

John Kamensky (@JMKamensky) | Twitter

John M. Kamensky is a senior fellow at the IBM Center for the Business of Government and a fellow at the National Academy of Public Administration. He can be reached at john.kamensky@us.ibm.com.

New Cybersecurity Regulations ‘On Track’ Despite Virus

Standard

“NATIONAL DEFENSE MAGAZINE”

Katie Arrington, chief information security officer at the office of the undersecretary of defense acquisition, said CMMC is still on track despite hurdles created by the ongoing COVID-19 pandemic that has roiled the world.

“We are on track, but we’re having to retool some of the training because the actual inspections … [do] have to happen,” she said. “The actual audit has to be done on site.”

_________________________________________________________________________

“Work on the Defense Department’s highly anticipated set of new cybersecurity standards — known as the Cybersecurity Maturity Model Certification version 1.0 — is still on track despite the ongoing COVID-19 pandemic, said an official in charge of the effort April 22.

The new rules, which the Defense Department rolled out earlier this year, are meant to force the defense industrial base to better protect its networks and controlled unclassified information against cyberattacks and theft by competitors such as China. The rules will eventually be baked into contracts, and the Pentagon had targeted including them in requests for information as early as this summer on pathfinder programs.

Under the plan, CMMC third-party assessment organizations, known as C3PAOs, will be trained and approved by a new accreditation body. They will have to certify that a company has met the CMMC standards before it can win contracts. CMMC features different levels, with the level 1 standards being the least demanding and level 5 the most burdensome.

“We are on track, but we’re having to retool some of the training because the actual inspections … [do] have to happen,” she said. “The actual audit has to be done on site.”

The Pentagon is working on ways around that, she said during a webinar called “Protecting Small Business in a COVID-19 Environment” hosted by Project Spectrum, which is part of the Cyber Integrity Initiative and is supported by the Pentagon’s Office of Small Business Programs.

“We’re still on track,” she said. “We’re still doing the pathfinders. We’re working through those. We’re still on target to release some initial RFIs in June with the CMMC in it so we can all kind of get a feel for it.”

Additionally, the Pentagon still plans to get the first class of C3PAOs rolling out in late May or early June, she said.

The biggest sticking point will be conducting in person audits, as is required, Arrington said.

“Until we get the directive from the president and from Secretary [of Defense Mark] Esper with the DoD we have our stay-at-home orders,” she said. However, “the work hasn’t stopped and we’re still doing our absolute best to stay on track.”


Last week, speaking during a Bloomberg Government webinar, Arrington said potential delays of a couple of weeks would be insignificant to the overall program. 
“A two-week push on something is not going to … have a massive impact to our rollout of this,” she said. “I don’t think it’s going to be impactful to the schedule. I think maybe we’ll have a two, three week slip on actually doing the first audits, the pathfinders, but nothing of significance.” Auditors may have to wear masks or social distance while conducting their work, she said.


Meanwhile, Arrington noted that businesses should consider implementing the first level of the CMMC requirements now to protect themselves as more employees in the defense industrial base work from home.

“CMMC level one are 17 controls, no cost, that you can implement today that can help you be secure,” she said. “Waiting isn’t an option for any of us right now.”
 She also stressed the importance of good cyber hygiene, and recommended that employees frequently change their passwords and be mindful of spearphising attempts. 
“Do your best to be diligent and remember that … the weakest link is where the adversary will come in,” she said. “Don’t be the weakest link.”


Nathan Magniex, a senior cybersecurity expert at Project Spectrum, also noted during the webinar that contractors should be wary of conducting meetings on the popular video platform Zoom.

“I would not use it as a business owner,” Magniex said. “There are certain red flags. There are connections with China that are concerning especially for the defense industrial base.”

Project Spectrum recently released a white paper on potential security risks with Zoom which said, “Zoom’s numerous vulnerabilities are not unique to them because every software company and application has them. Zoom’s links to China, however, are particularly concerning because those links expose the DIB and its supply chain, thus jeopardizing American innovation, IP and proprietary information.”

Project Spectrum recommended Cisco Webex, Facebook Workplace, Google Hangouts, GoToMeeting and Microsoft Teams as potential alternatives.”

https://www.nationaldefensemagazine.org/articles/2020/4/22/new-cybersecurity-regulations-on-track-despite-virus

Amid COVID-19 DOD Weighing Security And Other Transaction Agreement (OTA) Controls

Standard
Image: https://twitter.com/hashtag/othertransactionagreements?src=hash

DEFENSE SYSTEMS

OTAs are meant to speed the government buying process and allow DOD to buy new capabilities faster by allowing officials to sidestep competitive bidding in certain cases.

Rapid acquisitions for prototypes and experimental technology will be subject to the Defense Department’s unified cybersecurity standard.

_____________________________________________________________________________

“In an OTA, in the technical specs, they can actually call it [Cybersecurity Maturity Model Certification (CMMC)] out and say what they want,” said Katie Arrington, DOD’s chief information security officer for acquisition during an April 29 NextGov webinar on CMMC.

OTAs are meant to speed the government buying process and allow DOD to buy new capabilities faster by allowing officials to sidestep competitive bidding in certain cases. But there’s ample worry of potential overuse, which could invite congressional scrutiny.

Arrington’s comments come as DOD has begun pushing for the use of OTAs to find and execute on solutions that can help treat or prevent the spread of coronavirus. Ellen Lord, DOD’s acquisition chief, issued a memo in early April to ease the OTA process by delegating contracting authorities to heads of agencies and combatant commanders during the pandemic.

For example, the Army issued $100,000 contracts for innovative ventilator solutions that could be deployed in rural settings as part of its xTech COVID-19 Ventilator Challenge. The ongoing contest aims to produce 10,000 ventilators suitable for field operation in eight weeks and uses OTAs.

As for cyber concerns, Arrington said because OTAs operate “outside” the Federal Acquisition Regulation and largely benefit small businesses, which can be the most vulnerable when it comes to cybersecurity, CMMC is even more important.

“That’s where we need to ensure that we’re putting those levels of CMMC in,” she said. “If you’re doing some grant work, we do need to make sure the institution or the department or the network that you’re doing this work on understands the risk…Everybody’s vulnerable.”

https://defensesystems.com/articles/2020/05/06/cmmc-ota-cyber-williams.aspx

GSA “Lessons Learned” In Rocky FedBizOpps to SAM Conversion

Standard
Image: GSA
Image: cygnetise.com

FCW

“The General Services Administration learned some important lessons about modernizing critical back office contracting systems during the rough transition of contracting opportunity data from FedBizOpps to Beta SAM.

“We learned we needed to help the community come along with us,” in moving legacy contracting and grant management systems to GSA’s beta.SAM.gov system” – Judith Zawatsky, assistant commissioner of GSA’s Office of Systems Management Federal Acquisition Service.”

______________________________________________________________________________

“There were frustrations that kept me up at night” after FBO was moved, said Vicky Niblett, deputy assistant commissioner of GSA’s Office of the Integrated Award Environment during the webinar. “What comforted me was that all the contracting data had migrated perfectly,” meaning what users were searching for, was there. Users had to become more familiar with the system and GSA could use their feedback to tweak the capabilities, according to Zawatsky and Niblett.

The agency responded to user demands for a return of email notifications of contract opportunities, pushing the release of the capability to the head of the agile development line, said Niblett. “Users said loudly that was extremely important. We prioritized and pushed it out sooner than planned.”

“The challenge with some legacy sites is that they had their own interfaces. Users loved them or hated them, but they knew how to use them,” said Zawatsky. GSA, she said, is listening closely with a myriad of focus groups that look at specific user and contractor “personas” that consider capabilities and needs from differing perspectives. Zawatsky also said users had become more familiar with beta.SAM’s two factor authentication requirements, as those require requirements become more common.

Beta.SAM.gov is growing, she said. It has 173,000 registered users and about 1 million average daily direct views.

Since transitioning FedBizOpps, the moving additional systems has become more considered and studied, according to Zawatsky and Niblett. The agency’s shift of the Federal Procurement Data System began a with a “soft launch” for in March that allows contractors to use beta.SAM to get FPDS Contract Data Reports, but keeps search and data on the old FPDS until the full transition is made. The limited move, said Niblett, “allows users to familiarize themselves with the new reporting tool. There is a large learning curve” between some of the functionality of the old FPDS system to beta.SAM’s, she said.

GSA plans to complete its move SAM.gov in a year, while it plans to complete moving FPDS by year’s end, said Niblett.

GSA continues to seek out user input for the process, Zawatsky and Niblett said, through direct contact and through the GSA Interact portal.”

https://fcw.com/articles/2020/05/05/fbo-transition-rocky-rockwell.aspx?oly_enc_id=

COVID – 19 Adversarial Capital Threat to Defense Industry Small Business

Standard
Image: Investors Business Daily

FCW

“Adversarial capital” is the latest buzz phrase used to describe the security problem that can occur when foreign rivals, especially China, take advantage of the relatively open U.S. investment marketplace.

“We simply cannot afford this period of economic uncertainty to lead to loss of American know-how on critical technologies,” – Jennifer Santos, DOD’s deputy assistant secretary of defense for industrial policy.”

______________________________________________________________________________

“The Defense Department is hoping steadily engaging small businesses will help shield them from shady foreign investments during the global COVID-19 crisis.

[At risk are] nascent technology firms whose work may have security applications but don’t yet fall under the aegis of the cross-agency Committee on Foreign Investment in the United States (CFIUS).

“We simply cannot afford this period of economic uncertainty to lead to loss of American know-how on critical technologies,” Santos said during an April 28 webinar on coronavirus supply chain challenges hosted by the Intelligence and National Security Alliance.

Additionally, DOD has been hosting teleconferences multiple times per week with industry trade associations and continued to host virtual Trusted Capital Marketplace events to help ensure companies have access to “clean capital” and avoid foreign investment conflicts.

Ellen Lord, DOD’s acquisition chief, warned in March that the defense industry base, their technology, and intellectual property were vulnerable to “nefarious” foreign investors.

As the coronavirus pandemic worsened, DOD has struggled with multiple plant closures — 93 out of 10,509 prime companies with 141 that closed and reopened and 427 out of 11,413 vendors, with 237 that have closed and reopened. Those closures have significantly affected aviation, shipbuilding and small space launch supply chains.

Santos said several companies in Mexico have “impacted our major primes” and DOD is working to identify those companies and work with the Mexican government supporting various technologies, including airframe production.

But foreign investment remains one of the more pressing priorities in defense acquisition, Santos said, adding that suspicious transactions in vulnerable areas are mitigated or blocked if a risk is found regardless of the pandemic.

That is an acute problem for small manufacturers, Lord said.

“Typically the most problematic areas we have now are some of the smaller manufacturers who, maybe from a dollar value, don’t do huge numbers but they are providing critical components across aircraft and naval applications. That’s where my biggest concern is; sort of the weakest link in the system,” Lord told reporters April 30.

The acquisition chief also worried some smaller companies “might end up with some significant financial fragility” and is looking across interagency and in the Trusted Capital Marketplace, a partnership that links private investors with defense companies, to keep those with “critical technology, talent, and facilities together with those investors.”

Lord’s concern extends overseas, as well, particularly in Europe, regarding what Lord called “nefarious” mergers and acquisition, where shell companies have known U.S. adversaries as beneficial owners. To protect against that, the Pentagon wants stronger foreign legislation from Congress to make the CFIUS process more stringent, Lord said.

In addition to pursuing stronger legislation, DOD has bolstered and expanded national security investment reviews, which can take 45 days and are reviewed by the Director of National Intelligence, and increased engagement with businesses using the newly stood up industrial base council.

Santos said the council helps address the industry base’s existing gaps and risks by aligning their priorities with DOD’s, identifying authorities that can be used to solve any issues, and drawing up policy as needed.

“We need to protect our industrial base from what could be adversarial capital and during COVID, we maintain the same due diligence,” Santos said, “It’s what keeps me up at night most nights.”

https://fcw.com/articles/2020/05/04/dod-adversarial-capital-williams.aspx?oly_enc_id=

Defense Industry Needs New Small Business Entrants During Crisis

Standard
Image: “Fundinggates.com

DEFENSE NEWSBy: Venture capital community leaders

How can the Pentagon best preserve its innovation base and develop the most competitive and advanced technologies? The answer is simple: Buy commercial. New and emerging defense startups — and our men and women in uniform — don’t need symbolic gestures.

What they need is concerted action to bring the latest and most advanced technologies — many of which are routinely used in industry — to dangerously antiquated defense weapons systems and internal IT infrastructure. This was true before COVID-19, it is true now and it will be true when the next crisis strikes.

__________________________________________________________________________

“The COVID-19 health crisis is quickly leading to an economic meltdown, throwing millions of Americans out of work and forcing strategic reevaluations across industries. The defense industry is no exception. We are praying for a swift end to the crisis, but its effects will linger, shaping the Pentagon’s priorities, organizational structure, military operations, logistics, supply chains and interactions with the defense-industrial base for years to come.

In the past few weeks, we have had numerous conversations with government officials about our venture and growth equity investments in the defense sector. These discussions have centered on the eligibility rules of the CARES Act’s Paycheck Protection Program and the risk of foreign capital seeking entry into defense technology startups desperate for investment in these trying times.

All too often the government has responded to crises by circling wagons around incumbent firms — the large prime contractors, whose political connections afford them bailouts in the name of “ensuring ongoing competition.” This process is already underway. After announcing its hope for a $60 billion relief package for the aerospace manufacturing industry, Boeing successfully lobbied for $17 billion worth of loans for firms “critical to maintaining national security.”

The CARES Act also announced provisions to streamline the Defense Department’s contracting process, which sounds promising, except for the fact that these provisions apply only to contracts worth over $100 million. This discriminates against smaller, more nimble innovators and providers of cutting-edge technology.

This isn’t how things have always been. After complaints about large horse dealers monopolizing military contracts during the Civil War, the government allowed quartermasters to purchase horses and mules from any dealer on the open market. In World War II, Congress created the Smaller War Plants Corporation, which awarded tens of thousands of contracts to small, competitive firms. Today, through innovative use of Small Business Innovation Research money, other transactional authorities, rapid work programs and the like, the Pentagon is certainly signaling interest in emerging technologies.

But let us be clear: We are not advocating continuing to invest larger dollar amounts into never-ending, short-term pilots and prototypes. The key to sustaining the innovation base through this crisis and any future crises is transitioning the best of these companies and products into real production contracts serving the day-to-day needs of the mission. Host tough, but fair competitions for new innovations, and then rapidly scale the winners.

America’s technological supremacy has afforded our country nearly a century of military hegemony, but it is not a law of nature. Sovereign states and peer competitors like Russia and China will quickly outpace us if we take our prowess for granted. We need new entrants into the defense industry more than ever, but without government support through crises like this one, the talent and capital simply won’t be there.

As the Department of Defense readily acknowledges, its mission is fundamentally changing. Breakthroughs in technological fields like artificial intelligence, autonomous systems, robotics, resilient networks and cyberwarfare mean that future conflicts will look nothing like those we have seen before. The DoD of tomorrow needs a fresh wave of technical expertise to understand and respond to these new kinds of threats.

That is not to say that legacy defense contractors are not needed; their expertise in large air and sea vehicles is currently unparalleled. But the expertise to build these new technologies resides in pockets of talent that the big and bureaucratic incumbents, who made their names with 20th century technology, lost access to decades ago.

The DoD has publicly exalted the importance of innovative defense startups for years. That is partly why we are so excited to invest capital into the defense sector at this moment in history. Silicon Valley has a chance to live up to its oft-ridiculed but sincere ambition to make the world a better place by investing in American national security.

However, we as venture capitalists and growth equity investors also have a duty to our limited partners who have entrusted us to invest and grow their capital. If we see the same old story of the government claiming to support small businesses but prioritizing its old incumbents, those investment dollars will disappear.

Times of rapid and unprecedented change, as COVID-19 has precipitated, also provide opportunities. The DoD and Congress can reshape budget priorities to put their money where their mouths have been and support innovative defense technologies. Each dollar awarded to a successful venture capital and growth equity-backed defense startup through a competitively awarded contract attracts several more dollars in private investment, providing the DoD significantly more leverage that if that same dollar was spent on a subsidy or loan to a large legacy contractor. This leverage of private capital means that every contract a startup receives accelerates by up to 10 times their ability to build technology and hire talent to support the DoD’s mission.

The bottom line is this: There’s no reason to let a health crisis today become a national security crisis tomorrow. The DoD has an opportunity to not only sustain but grow its innovation base, and give contracts, not lip service, to innovators. We, the undersigned, hope they do.”

The contributors to this commentary are: Steve Blank of Stanford University; Katherine Boyle of General Catalyst; James Cham of Bloomberg Beta; Ross Fubini of XYZ Capital; Antonio Gracias of Valor Equity Partners, who sits on the boards of Tesla and SpaceX; Joe Lonsdale of 8VC, who also co-founded Palantir; Raj Shah of Shield Capital, who is a former director of the U.S. Defense Innovation Unit; Trae Stephens of, Founders Fund; JD Vance of Narya Capital; Albert Wenger of Union Square Ventures; Josh Wolfe of Lux Capital; Hamlet Yousef of IronGate Capital; and Dan Gwak of Point72.

https://www.defensenews.com/opinion/commentary/2020/05/04/the-defense-industry-needs-new-entrants-and-a-supportive-government-during-crises/