Tag Archives: Government Contractors

A Pentagon Procurement Program That Seems Doomed to Fail

Image: “Greycampus.com


The Pentagon spends more money on federal contracts and relies more on private contractors to provide necessary support than all other U.S. government agencies combined.

With a potential ceiling of almost $8 billion dollars, the NGEN-R is one of the largest non-hardware contracts ever awarded. The problem with massive, long-duration IT contracts is that the pace of technological change often makes them out-of-date almost from the start.


“The primary objective of the contract is to manage, modernize and eventually merge several massive Navy and Marine Corps networks that collectively encompass some 400,000 computers and 800,000 users at 2,500 locations. NGEN-R will provide secure data and information technology services such as data storage, email, cloud services, and video teleconferencing for Navy and Marine Corps ships and locations around the world.

As if this were not in itself a major undertaking, the Navy acquisition bureaucracy decided to make the effort even more challenging. First, it decided to split what had been for twenty years a single contract into two: a smaller hardware-centric section, and a larger one focused on services and support. Second, the Navy chose to assume the responsibility for overall management of the two contracts. Third, it awarded the services contract to Leidos, a company with no prior experience in providing support to major Navy/Marine Corps networks. Fourth, the new contract sets an extremely aggressive schedule for transferring responsibility for multiple networks from the existing contractors, who have some 30 years of experience in this field.

The NGEN-R award repeats an often-seen pattern in defense acquisitions, particularly those involving IT services and support contracts. The acquisition bureaucracy isn’t satisfied with incremental advancements; it wants to preside over “transformational change.” As a consequence, it dispenses with experienced contractors and tried-and-true approaches in favor of modernizing complex networks. This same bureaucracy buys into the new contractor’s promises that it can effortlessly take over for its predecessors, and then simultaneously integrate and modernize the Navy’s networks—all while lowering costs. We’ve seen this movie many times before and it never ends well.

When an IT network procurement goes wrong, a lot of bad things can happen. The most immediate impacts will be slow responses to individual needs and major events alike. In the former case, this results in increased dissatisfaction and frustration; in the latter case, missions are endangered when Sailors and Marines can’t get data or effectively communicate. Furthermore, it’s less than helpful when the “green” service desk team—the place where one goes for IT support—is struggling to understand how things work. Compounding this demand for IT help is the age of the technology, as refresh cycles for replacement laptops and PCs were likely put on hold until the new team was firmly in place. In the longer term, the Navy risks backsliding on everything it has accomplished over the last 20 years to consolidate its networks, standardize its technology and rein in IT spending. 

Were these normal times, the Navy and its new contractor might have the time and resources to weather the inevitable delays, service interruptions, and cost increases that will result from the acquisition bureaucracy’s desire to have the new contractors do it faster, better and cheaper. However, these are extraordinary times. We are in a crisis in which clear communications and a reliable network are much more important than they were when the contract was awarded. Like everyone else in the world, the Department of the Navy faced a massive challenge in getting several hundred thousand Sailors, Marines and civilians set up to telework and unlike a business, the important mission—protecting the United States—did not stop to wait for the IT to catch up with this radical change. The Navy’s networks have had to be reconfigured in real time while adding new nodes (such as two hospital ships deployed to support New York and Los Angeles’ health systems) and ensuring that both the Navy’s networks and connections to medical networks across the country are viable and secure.

There are already signs that the NGEN-R contract is heading for difficult times. The most notable was the early talk by the winning bidder about changing the solution that they proposed. In a recent interview, Gerry Fasano, head of Leidos’s Defense Group, acknowledged that the network “has continued to evolve, and so we’ll update ourselves from what we proposed and then worked through our transition plans.” Read this to mean: get ready for lots of change orders as the company attempts to make good on all its commitments.

In late April, the Department of the Navy’s Chief Information Officer, Aaron Weis, said in an interview that the Navy has been looking to “jumpstart” modernization—which is the right thinking—but expressed concern that the recently-awarded NGEN contract was the best path forward: “One of the first things we really talked about was do we stop NGEN-R and reset it given what we thought we needed to do. The reality is, given the acquisition timeframes, it probably would’ve set us back another year.” In hindsight, that would not have been a high price to pay.

The Navy’s plan to modernize its IT networks is likely to be dead in the water for an extended period while the NGEN contract transitions and networks struggle to deal with the new reality of communications in the era of COVID-19. While the acquisitions folks won’t feel a bit of pain, the Sailors and Marines and the state and local communities they are trying to help certainly will.

The NGEN-R award is currently in protest. But whatever the outcome, the Navy should take the opportunity to reconsider its rush towards an unpredictable future. The Navy needs a different approach, one that doesn’t put its networks and thus its pandemic response at risk, much less the security of the Nation and tens of thousands of Sailors and Marines. It would be wise for the Navy to suspend the NGEN-R contract and pursue a new competition.”


Telework Security Checklist

Image: National Institute of Standards And Technology.gov


“What are the compliance implications of mass telework? Six questions to ask (and answer) to help you stay compliant while your employees are working remotely”


“Government and contractors were unprepared for COVID-19 to so abruptly push so many employees to remote work. Even now, as businesses start to contemplate how to reopen their offices, the continued need for social distancing means many employees will be choosing or required to continue remote work for the foreseeable future. It’s a fundamental change in how organizations operate, fraught with inconsistencies, challenges and distractions.

Yet, while the pandemic is causing modifications and deviations to contracts and regulations, it will not serve as a “Get Out of Jail FREE” card. Government contractors must still comply with their contracts and protect government information.

What are the compliance implications of mass telework? Here are six questions to ask (and answer) to help you stay compliant while your employees are working remotely:

  1. Are your telework policies and procedures up to date?

Resist the temptation to ignore telework policies that are suddenly impractical. In the absence of clear guidance, employees will be inconsistent in their behavior and performance. Take the guesswork out of the mix by updating and publishing revised policies. Provide clear, concise direction for what employees should do under current conditions (and new conditions, as government guidance evolves).

  1. Is your IT infrastructure ready and secure?

A cyber-secure IT infrastructure built to support thousands of employees from a few offices will have vastly different loads and threats when most workers are suddenly piping in remotely. Is your VPN set up for the additional traffic? Do your security models and controls need to be adapted for the increased number of employees working remotely? Consider allowing access into the system for extended hours, so employees with family obligations have flexibility about when to do their work. Be sure your team fully appreciates the risks of relaxing some security controls (such as reducing keystroke monitoring) to improve your system’s responsiveness.

  1. Do employees have the technology and guidelines to work securely from home?

Most employees will do their best to serve government customers and be productive, even if they don’t have the same technology at home as at work. But the bad guys in cyberspace are exploiting this crisis and are increasingly determined to test the security boundaries of governments, businesses and citizens. Some employee “best effort” behaviors could introduce unwanted compliance and security issues.

Remind employees of how to protect sensitive information at home. Re-publish policies about home network security, strong passwords, use of personal email accounts, unknown email attachments and other best practices. Consider home burn bags to store confidential papers until employees return to the office. Remind employees to disengage smart speakers in spaces where work-related conversations are happening. Use passwords and other added security measures for all video conferencing.

  1. How are you managing and monitoring the productivity of remote workers?

Even veteran teleworkers have been disrupted by the sudden appearance of a spouse, children and/or roommates who are all competing for space, time, attention and internet bandwidth. Employees who are teleworking for the first time may have a home environment that is more casual, less vigilant, and filled with more distractions than an office setting.

It’s important, though, to proactively manage and document the work employees are doing. Be sure employees understand policies about work hours, time tracking and status updates. Share tips and expectations for productive and professional telework. Task your managers to understand obstacles their employees are facing – and to communicate clearly about whether any temporary job accommodations are approved. Then, closely monitor performance to ensure that you’re delivering on your contracts and billing the government appropriately for the completed work.

  1. Are key employees cross-trained?

Anticipate that key personnel may become unavailable to perform mission-critical duties at some point in the pandemic. If you haven’t already, identify and cross-train employees who can step in should the need arise. Remember to obtain your customer’s approval of these key employees, so work can continue uninterrupted. Keep an updated and centralized list or database to consult as your situation changes.

  1. Are you monitoring your procedures and controls, especially the updated ones?

When so much is new and changing, monitoring your controls is a must to ensure timely corrective actions and prevent material non-compliances. Periodically test your company compliance hotlines to verify that they are accessible, appropriately staffed and supported. Keep your governance program (board of directors and executive committees) active, engaged, and available to address anything that might go awry.

COVID-19 has created a remote working scenario that most government contractors never could have envisioned. While it’s different from anything we’ve experienced before, the government will not consider these changes an excuse for significant noncompliance. It is more challenging, but with planning, creativity and vigilance, companies, employees, and customers will be well served. In fact, you may find that some changes you make to accommodate the pandemic ultimately improve your operations and should endure after the crisis has resolved.”


The Federal Government’s Identity Crisis



As quarantines and self-isolation guidelines have taken hold, not everyone has workstations or agency-issued laptops with card readers at home, leaving some feds and contractors with no easy way to fulfill the government’s primary identity and access requirement.


“The coronavirus outbreak has shuttered federal office buildings and sent employees to work from home. While most expect those facilities to eventually reopen, the shift to telework is changing how agencies and contractors conduct identity and access management.

The decades-long dominance of Personal Identity Verification (PIV) and Common Access Cards (CAC) as the preferred method to regulate employee access to physical and IT resources may be coming to an end.

According to a January 2020 estimate from the National Institute of Standards and Technology, the federal government and its base of contractors combined use nearly 5 million PIV cards. Digital security contractor Gemalto, which makes smart cards, estimates that the Department of Defense has approximately 4.5 million CAC cards in use at any given time.

Civilian agencies and the military are scrambling to purchase new computers and equipment, but they are competing with private industry and other organizations for limited supplies. The Army recently cited impending supply chain shortages to process an immediate sole source purchase of 200 Dell ruggedized laptops and docking stations that will “allow government workers to telework to avoid exposure to the potential COVID-19 while still completing the mission.” Other agencies like the Department of the Interior have made similar purchases.

“Every day that passes confirmed COVID-19 cases spike and the death toll increases,” the Army wrote in an April 10 justification. “It is imperative that these [notebooks] are obtained as quickly as possible to protect public health.”

Jeremy Grant, a coordinator with the Better Identity Coalition, a non-profit advocacy organization made up of companies across the financial, health care, telecommunications, payments and security sectors, said adjusting to the new reality has been particularly problematic for the federal government.

“On the government side, it’s definitely presenting some special challenges, given that while it’s a great model and very secure, everything about the PIV is premised on this very robust in-person identity and proofing process,” said Grant, a former senior executive advisor to NIST, in an interview. “The challenge has been that we built this policy assuming you can always have this in-person process. Now that it’s not feasible, what are you supposed to do to make things secure?”

Further, new hires normally go through a thorough onboarding process to obtain their cards that often includes in-person interactions to collect biometrics like fingerprints for their PIV credentials. In a March 25 memo, the Office of Personnel Management noted that many of the federal, state and local offices that vet newly hired government employees are “temporarily closed” due to the coronavirus outbreak, making it difficult or impossible to fulfill FBI-requirements for fingerprints to process background investigations and criminal history checks.

The memo advises agencies to use a number of alternatives during the crisis, such as deferring the fingerprint collection, delaying the final reporting and adjudication of a new employee’s background investigation or conducting temporary identity proofing through remote tools like video link, fax or email. New hires that vetted under the interim guidance will be required to undergo in-person identity-proofing when their agency returns to full capacity.

Just when that will be is the subject of much debate and speculation from epidemiologists and health experts, who have offered a wide range of estimates for when the world can expect to safely return to offices and resume group gatherings. Some experts have predicted the status quo could hold until next year or even 2022 if a new vaccine isn’t discovered quickly. That has some cybersecurity and tech companies predicting a broader shift in the global economy where remote work — and all its implications — could be here to stay.

“BYOD is now the reality and will continue to be in the future, because I don’t think we’re going back to that type of work environment that we used to be in,” said Greg Touhill, former federal CISO and current president of AppGate, during an April 15 webinar hosted by Billington CyberSecurity.

Duo Security, which makes and sells remote access tools, is betting that governments and private industry will use the crisis to restructure the way they conduct identity and access management — moving away from physical access cards and toward solutions that allow workers to use their personal devices. Most organizations, the company’s Advisory CISO Sean Frazier said in an interview, are looking for quick and easy ways to “keep the lights on” and ensure business continuity in the wake of the sudden switch.

“I think the PIV card of … 16 years ago when it came out was a really good idea, but we’ve kind of moved on from it from the perspective of agility,” said Frazier. “It’s not necessarily the easiest technology to ramp up quickly. So for example if you have some kind of event where all of a sudden your workers are remote and they’re working from home using personal technology, it was really never designed for that. People are right now kind of scrambling and looking for comparable controls.”

Frazier’s boss, Head of Advisory CISOs Wendy Nather, warned that organizations aren’t setting up their remote infrastructure for the long haul.

“A lot of organizations are thinking that this is a temporary aberration, and so when they put in an infrastructure to enable remote working they’re putting in the fastest and cheapest thing they can find and they figure they’ll just pull it back later when this is over,” she said. “We don’t know when this will be over. Even if it is over, we don’t know how many employees are going to be willing to come back into the office.”

Nather said agencies should also be increasing physical security to protect IT and other assets at their now largely empty office buildings and facilities. The Department of Veterans Affairs, for example, recently purchased new PIV card readers for one of its medical centers in Kansas City, Kan., and has cited the pandemic in multiple emergency procurements for security services to prevent unauthorized access to VA facilities during the COVID-19 outbreak.

Agencies that have historically avoided modernizing their IT and security infrastructure to handle large numbers of remote employees must now rush to implement ad-hoc protocols and purchase equipment to ensure their employees can access agency systems. The Department of Health and Human Services put out a special notice April 16 detailing an urgent COVID-related requirement for a multi-factor authentication and identity assurance solution that can provide remote access to agency resources.

“There’s a lot of employees who were never approved for remote working. Now they’re signing in through their personal devices,” Grant said. “What information do you let them access? Odds are their home device is not going to have a smart card reader built in, so how do you build in some multifactor authentication?”

There are a number of ideas to bridge the access gap in the short term, from implementing new multifactor authentication processes, using app-based solutions, leveraging one-time passwords or even purchasing and distributing Yubikeys and other authentication hardware to agency personnel. Another option could be a larger move to rely more on authenticators that are already embedded in many of today’s commercial computers and phones, allowing employees to use their personal devices to verify their identity.

Shifting your organization’s security mindset from protecting data, not devices, could also help.

“Yes, [employees] may use their own personal technology but I as a business or agency still have to protect my data, so I’ve got to make sure that if they’re coming in with a personal device, I know that device’s software is up to date, that encryption is turned on, that they’re using enabled biometrics so I can provide identity … comparable to what a PIV might provide,” said Frazier.”


DOD’s Telework Surge Could Be Permanent

Image: Sarayut Tanerus Getty Images


A new emphasis on telework at the Defense Department in response to the COVID-19 pandemic could change work culture at the Pentagon, officials said.

DOD rolled out the CVR or Commercial Virtual Remote environment to handle the deluge of teleworkers March 27.


“It now has 900,000 user accounts with 250,000 added in a single day, officials said at an April 13 briefing. CVR is a collaboration suite based on Microsoft Teams that enables video, voice and text communications.

“The department has always been telework-ready long before the pandemic,” DOD CIO Dana Deasy said, but noted full-time telework was the exception and not the rule, so that a lot of education about tools and best practices was needed.

“There will be some permanency to what we have here. Specifically, I think more on the network side, and we will also have to create a base of teleworking equipment that we’ll be able to, in some cases, reuse for other purposes,” Deasy said. “There is going to be an enhanced teleworking capability that will be sustained at the end of COVID-19,” he added.

About 2,000 DOD personnel have gotten additional devices, officials said, with virtual internet service provider connections increasing 30%. Call capacity in the Pentagon has increased 50% and the Defense Information Systems Agency has increased end point capability three-fold.

The Navy’s telework capacity has exploded with 65,000 new telework users on mobile and desktops. The Navy’s telework capacity grew 150% to 250,000 workers due to COVID-19 measures, and there are additional plans to bring the total to 500,000 remote workers. The Marines increased their virtual private network capacity to 60,000 simultaneous workers, up about 80%.

This activity is creating a surge of data, and it’s still unclear what happens to CVR information after the crisis.

“We recognize that a lot of data is being created, it’s going onto an unclassified environment,” DOD CIO Dana Deasy said, in response to a question about how CVR data will be treated after the COVID-19 crisis is over. “We are looking at options on how do we take this data and preserve it and-or port it into other collaboration environments, going forward. That decision has not been taken, but I would also not pre-conclude that we’ve taken the decision the data will just be flat-out destroyed.”

Cybersecurity concerns, and the increased data risk, have risen in tandem with teleworking and is compounded by DOD not implementing all of its cyber hygiene initiatives.

Air Force Lt. Gen. Bradford Shwedo, Joint Staff CIO, said DOD has seen a “surge of spearphishing related to COVID-19” across the organization.

Essye Miller, DOD’s principal deputy CIO, first noted the uptick in cyberattacks in March when the department began encouraging mass telework, discouraging personnel from using streaming services on DOD’s network and encouraging better cyber hygiene practices.

A Government Accountability Office report released April 13 found that DOD has fallen short when it comes implementing proper cyber hygiene methods across the organization.

The GAO said DOD had not fully implemented cyber training briefings for DOD leadership or developed educational and training requirements for cyber workers. Additionally, a component of Cyber Command charged with network operations, the Joint Force Headquarters Department of Defense Information Network, hadn’t developed a plan for scheduled and unannounced cybersecurity inspections, according to the report.

In a letter responding to the report, Deasy said DOD would combine existing scorecards to improve data needed for senior leadership’s decision making, but that it was not possible to eliminate risk.

“Risk is a function of multiple variables and these variables are continually evolving,” Deasy wrote to GAO. “Timely, relevant, and correlated information is the best that can be expected.”


Senate Seeks Industry’s Help With Internal Cyber Threats

The Senate sergeant-at-arms is looking to industry for help with cybersecurity. (J. David Ake/AP)


The Senate’s sergeant-at-arms is seeking industry assistance with insider-threat and privacy assessments for Senate networks, according to an April 6 solicitation.


“The SAA wants a vendor to evaluate two aspects of insider threat prevention efforts: SAA’s protection of Senate data, which can include personally identifiable information or health data; and assessment of the SAA cybersecurity department’s procedures to ensure SAA’s data protection efforts can be audited.

“The assessment will also include evaluation and detection of anomalous user behavior that may represent abuse of their administrative privileges,” the solicitation read.

According to the solicitation, the sergeant-at-arms also wants the vendor to help with the Senate’s ability to hunt threats on its networks. The office is looking for a vendor who can “conduct a comprehensive evaluation of network and systems resources for evidence of unwanted activity and cyber-threat actor persistence,” the solicitation said.

The Office of the Sergeant at Arms also expects the vendor to perform a cybersecurity resiliency test that focuses on “resiliency to effectively identify, protect, detect, react and recover from the advanced cyber threat,” the notice said.

“The Cybersecurity Department expects relevant, comprehensive and actionable improvement recommendations to refine and continue maturing its cybersecurity defense program,” the solicitation said.

While the solicitation is for insider-threat assessments, the posting comes as Senate staff, and congressional staffers more broadly, work from home amid the new coronavirus pandemic. Telework has highlighted several vulnerabilities in the Zoom videoconferencing platform. According to a tweet from a CNN reporter, the Senate’s sergeant-at-arms sent an alert to Senate offices urging them not to use Zoom.

The Office of the Sergeant at Arms has also posted several open cybersecurity jobs.”


CARES Act Impact On Government Contracting Costs



The newly minted CARES Act has plenty that will impact government contractors and one area to pay attention to is how allowable costs will be handled.


“President Trump signed the Coronavirus Aid, Relief and Economic Security Act on March 27. Other than the employee retention and other relief available to all businesses that I’ll leave to my colleagues, here’s what that means and what it doesn’t mean for federal government contractors.

First, generally, CARES provides about $3.8 billion for the Defense Health Program (i.e., R&D, test and evaluation and operation and maintenance), about $1 billion for defense purchases pursuant to the TRICARE program and an additional $1 billion for Defense Production Act purchases, as well as funds to improve information technology services at numerous federal government departments.

These appropriations may relieve the tension in the government technology and other services business who may be falling behind because of delayed contract awards due to COVID-19.

Second, it gives various federal agencies and state/local governments significant financial assistance in countering COVID-19. That might be good for contractors providing those directly related COVID-19 goods or services, but it may also benefit other contractors such as those providing supporting or ancillary IT products and services, program management and facility operations-type services (i.e., much of what is the GovCon business around the Beltway).

Third, CARES provides funds to allow agencies to amend contracts, without legal consideration (meaning requiring something of value in return), to require the government to reimburse paid leave paid from Jan. 1 through Sept. 30. The reimbursement cannot exceed an average of 40 hours per week per employee and cannot exceed the contract’s minimum billing rates.

Also, to be considered for the reimbursement, the employee or subcontractor employee (1) cannot perform work on most government facilities due to closures or access restrictions; and (2) must be unable to telework because his or her job duties cannot be performed remotely during the emergency.

So far, this relief extends to Sept. 30. There are also some offsets for any credits received under CARES or the prior Families First Coronavirus Response Act. Put another way, Congress is agreeing to reimburse contractors to keep employees “in a ready state” if the employee is unable to work at certain federal facilities or telework because their duties cannot be performed remotely.

But alas, this relief is not mandated by CARES, but rather it is within the agency’s discretion. And CARES doesn’t address other non-employee cost increases caused by COVID. That really means that any COVID related contract cost increase still need to pass muster under current FAR Cost Principles and the contract modification will still need formal contracting officer approval.

As I said in my last commentary, keep detailed documentation of your costs and efforts to minimize them for purposes of invoking the FAR Changes and Excusable Delays clauses.

The employee paid leave provision deserves particular accolades because it strikes at the very issue threatening contractor financial viability, on top of other challenges facing other American business. Many employers have limited or no paid leave. And not everyone banks — and I bet the HR people would say few bank — their paid leave or PTO. That extra leave may very well relieve much financial stress for these employees as well as financial stress on employers, and have more of a positive impact on productivity later on.

Much of that is because the cost of that stress may be outweighed by the benefits CARES or other COVID-related relief measures may provide. Equally important is that teleworking is not as easy as it sounds, especially for people with little children, or a caregiver, or foremost those who have the virus.

And I’m saying this not just as a lawyer advising clients about these matters but also being personally familiar with some of the employees’ plights. For example, the one where both spouses with little children are direct charge government contractor personnel and a caretaker for the elderly, also in the business.

All are teleworking with added family duties 24/7 because most if not all of the day care or elderly care centers are closed. So, CARES is a positive step for government contractors.

Some may be worried about those who abuse the paid leave. And I agree. I’ve seen this and conducted many internal investigations of alleged time reporting fraud and misuse of employee leave. True, abusers should be dealt with, but we have a bigger problem here. And this may be analogous to a shutdown (see my March 16 commentary) where the Congress shunned contractor employee paid leave, but it’s now much more serious.

Regarding the non-mandated or discretionary contract modifications, likely you will still need to submit a Request for Equitable Adjustment, or REA; don’t wait for the contracting officer to come to you. More importantly, the lack of more definitive guidance or relief from Congress regarding these contract “mods” should be of major concern, especially for small businesses, as COVID-related REA denials could financially harm these companies and have an adverse impact on the sector as a whole.

Cutting to the chase: why not soften the “allowability” standards under the FAR Cost Principles to facilitate REAs or later claims for those contractors having sufficient documentation to show that it did its best (aka made good faith efforts) to mitigate those costs?

Add to that an extra requirement at the REA stage to “certify” that the request is in good faith and the supporting data are accurate and complete. This is already required for REAs under DOD contracts. Here, the “reasonableness” of the costs will be essentially assumed; they should still be allocable to the contract, properly recorded and otherwise meet government accounting standards. Is this too draconian? Is it too vague?

I suspect a good many government lawyers are advising that it’s crazy to essentially hand out money like that. But then again, isn’t that what the CARES Act and its putative next chapter are intended to do? And I’ll add that after all this is a national and international emergency. A plausible reason against measures like this can be that there would be too much reliance on the good faith of the contractor. And of course they don’t call us “Beltway Bandits” for nothing.

The cynic in me wonders if that’s what some in Congress had in mind. And besides, each case is dependent on its own facts as we lawyers like to say. A better and more fundamental reason in favor of a more lenient allowability standard is that there are most certainly going to be COVID-related REAs. Period. And more than we may imagine, not to mention subsequent formal claims and appeals – which are often very expensive legal processes.

This is the worst plague since the 1918-20 Spanish Flu that reportedly killed tens of millions worldwide. And if these REAs prove to be in bad faith then that’s a matter for the agency inspectors general and DOJ. In any event, after 35 years as a GovCon lawyer I continue to believe that the vast, and I mean vast, majority of those in this business are good, honest and dedicated people. Those very few who aren’t will be needing more people like me.

I hope some of this makes its way into the Son (or Daughter) of CARES.

Stay safe.”


James Fontana


James C. Fontana is the managing member of Dempsey Fontana, PLLC. He can be reached at jfontana@deftlaw.com. The firm’s website can be found at http://www.deftlaw.com.

COVID-19 Government Contract Modification Impact

Image: MN Deed


Industry has faced challenges as it tries to simultaneously maintain the safety of its workforce and continue its defense work.

Officials are working with contractors to determine the impacts and feasibility of telework arrangements for meeting contract requirements. Contract terms might be modified as a result.”


“The Army may modify contracts if the novel coronavirus pandemic makes it difficult for contractors to fulfill their obligations, the service announced March 31.

On March 20, as states and cities throughout the country were forcing non-essential businesses to close, Undersecretary of Defense for Acquisition and Sustainment Ellen Lord issued a memo to the defense industrial base saying the Department of Homeland Security had identified it as a critical infrastructure sector.

“Companies aligned with the essential critical infrastructure workforce definition are expected to maintain their normal work schedules,” Lord said. “If your contract or subcontract supports the development, production, testing, fielding or sustainment of our weapon systems/software systems, or the infrastructure to support those activities, [your efforts] are considered critical infrastructure. If your efforts support manning, training, equipping, deploying, or supporting our military forces, your work is considered critical infrastructure.”

However, industry has faced challenges as it tries to simultaneously maintain the safety of its workforce and continue its defense work.

As the crisis escalates and the number of COVID-19 cases ramps up, state and local officials have put in place restrictions on movement, limited the size of gatherings and encouraged social distancing. Pentagon officials are expecting programs to be affected, and the Army is looking to see which companies might need some relief through contract modifications.

“Contracting officials are working to maintain robust and clear communications with contractors to determine impacts of the COVID-19 pandemic on performance of Army contracts,” the service said in a March 31 press release.

“Officials are also assessing the impacts of specific contract terms and conditions in cases where contractors request assistance. Assessments are being made on how contractors are impacted by state and local laws, regulations and orders governing access to offices and facilities, and contracting officials will be proactive and transparent in efforts to attempt to resolve or mitigate such impacts, as appropriate,” it added.

Officials are working with contractors to determine the impacts and feasibility of telework arrangements for meeting contract requirements. Contract terms might be modified as a result, according to the service.

“Each situation should be evaluated on a case-by-case basis in an effort to best promote the welfare and safety of the workforce while ensuring mission continuity,” Assistant Secretary of the Army for Acquisition, Logistics and Technology Bruce Jette said. “The resiliency and strength of our team is a national asset and is critical to our Army’s ability to meet mission requirements around the world. We must do what we can to support it.”

As of March 31, there are 72 COVID-19 cases among Defense Department contractors, including one death and four hospitalizations, according to the Pentagon. There have been a total of 1,259 cases across the military including servicemembers, civilians, dependents and contractors. That number is expected to rise as the pandemic continues and the amount of cases across the United States and the world increases.”


COVID-19 Government Contractor Short and Long Term Impacts

Image: C2essentials.com


Set a positive tone by focusing on and communicating how to take advantage of delays and downtime. Stay healthy, stay home, and stay alert to opportunity.


“The primary impact of the coronavirus is that everyone involved in federal procurement – acquisition professionals, federal contractors, and others – is busy rearranging personal affairs. Making sure you, those you love, and everyone in your community is safe should be the primary concern. But once the dust settles, the short- and long-term impacts on your business will become apparent.

Predictions and Best Guesses

While we can’t predict the full extent of the impact at this time, change is happening. Some best guesses:

  • Procurement delays: Upcoming procurements are slipping to the right, whether that means RFP release or due dates. These delays are due to the government focusing on emergency acquisitions as well as the loss of productivity as employees work and/or recover from illness at home.
  • Travel: Non-essential travel is banned as are large gatherings. The Government cannot host in-person industry days, site visits, information exchanges, orals, and technical challenges.
  • Face-to face meetings: Business development and capture professionals cannot schedule on-site non-essential meetings.
  • Procurement vehicles: Multiple award vehicles will continue to grow in popularity because they are the easiest path to procurement and award. Expect increased procurement activity on GSA Schedules; GWACs like Alliant, OASIS, CIOSP, SEWP; and other best in class (BIC) vehicles as well as existing single agency vehicles such as IDIQs and BPAs.
  • Contract performance: The Government and employers are telling most on-site employees to work from home. Payment processing could also face delays if there are absences in the government workforce.
  • Year-end Push: Expect a year-end selling to peak like never before given there will be a near-term slowdown that will push Federal spending to later in the year.

What Can Federal Contractors Do?

Once employees have settled into the new normal, Federal contractors must take advantage of delays and downtime. First, however, make sure teams have everything needed to work virtually, including home office space with good bandwidth, video-teleconferencing tools, computer headset, and the like. Second, when employees have downtime, encourage them to take advantage of free webinars as well as virtual training opportunities. Third, set up or reinforce existing Standard Operating Procedures (SOPs) for virtual teams to work on capture, solutioning, proposal management, proposal writing and review, and lessons learned.

Some Federal contractors are already quite adept at virtual capture and proposal processes, while others are not. Those who typically work in-person will have a harder time adapting and need to move quickly to establish SOPs to avoid confusion and productivity loss.

Seize the Opportunity

These weeks or months of uncertainty are an opportunity. Get ahead of acquisitions and the end of federal fiscal year push by assessing capture readiness. Hold solutioning sessions focused on identifying discriminating Strengths. Begin to outline, detail and write to each opportunity’s value proposition; hold focused color team reviews and perform proposal recovery; and then, perhaps, put the proposal on the shelf for later.

The current moment is also the perfect opportunity to perfect proposal repositories. Update and improve past performance, resumes and boilerplate. Specifically focus now, while you have time, on improving future past performance ratings as they are very impactful in building wins. Gather and categorize proof points needed for substantiation of discriminating Strengths. Position your company to be more agile in responding to procurements.

Finally, hold those proposal post-mortems and lessons learned meetings that your company postponed in favor of putting out fires on live bids. Post-mortem reviews of both winning and losing bids can identify best approaches for future procurements. Lessons learned reviews can improve processes, tools, templates and repositories. Analysis of Government debriefs enhance proposal quality. Use downtime and delays to make your proposals great.

Stay Positive

As long as your company has the virtual tools, SOPs, and workflows along with experienced facilitators (in-house or consultant), you can use this uncertain time to prepare for future wins.”


Lisa Pafe

Lisa Pafe is a capture strategy and proposal development consultant and is vice president of Lohfeld Consulting. She can be reached at LPafe@LohfeldConsulting.com

Small Tech Companies Got $1 Billion At USAF Virtual South By Southwest



The U.S. Air Force lost its chance to hang out at South by Southwest this week after the new coronavirus known as COVID-19 caused the cancellation of the festival.But the service still awarded nearly $1 billion in contracts during a virtual version of its event held March 12.


“[The event], included keynotes from Air Force Secretary Barbara Barrett, a “Pitch Bowl” where companies delivered short pitches in the hopes of receiving small contracts from the Air Force, and other events meant to deepen the Air Force’s connection to small commercial tech firms.

The largest contracts — worth more than $550 million total — went to 21 companies to develop “big bet” technologies. Those companies are Aerial Applications, Analytical Space, Anduril Industries, Applied Minds, Elroy Air, Enview, Edgybees, Essentium, Falkonry, ICON Technology, Orbital Insight, Orbital Sidekick, Pison, Privoro, Shift.org, Swarm Technologies, Tectus Corp., Virtualitics, Wickr, Wafer and one company that the Air Force has not disclosed.

“For all these awardees, you’re on a four-year, fixed-price contract that we believe, if successful, will disrupt part of our mission in a way that will give a huge advantage for our future airmen,” said Will Roper, the Air Force’s acquisition executive.

The value of the contracts awarded by AFWERX may seem small compared to the multibillion awards for major defense programs. However, these awards go a long way in helping technology firms overcome the “valley of death” between technology development and production, when a lot of companies are vulnerable to failure, said Chris Brose, head of strategy for Anduril Industries, which specializes in developing artificial intelligence technologies.

“For a company like ours or companies of that size, It’s quite significant. It allows us to really kind of do more of the good work that we’re doing, to scale and grow and work with new partners, and it makes a huge difference,” Brose said.

Brose declined to detail the precise nature of Anduril’s contract with the Air Force, but said that the general objective is to prove that an unmanned aerial system can deliver a mass of swarming drones capable of performing complex missions. While a human would still be “in the loop” overseeing the network, certain tasks — such as steering the drones, moving their sensors and processing gathered data — would be automated.”


Pentagon Raises Contractor Progress Payment Threshold To Keep Cash Flowing

Image: Levelset.com


The Pentagon, in a move to boost cash flow to large and small defense companies during the coronavirus crisis, will temporarily increase the percentages paid to contractors, known as periodic progress payments.

For small businesses the rate will go to 95% from 90% of incurred cost.”


“Public interest groups called for the policy to be closely monitored.

The change comes as the U.S. Department of Defense was touched by a coronavirus fatality for the first time. A contractor who tested positive for the virus and worked at the Defense Security Cooperation Agency in Crystal City, Virginia, died on Saturday, the Pentagon said.

The Pentagon’s Director of Defense Pricing and Contracting issued a “Deviation on Progress Payments” memo late Friday that increases the rate for contracts to 90% of incurred costs from 80% for large businesses, Pentagon spokesman Air Force Lt. Col. Mike Andrews said in a statement on Sunday.

For small businesses the rate will go to 95% from 90%.

“This is an important avenue where industry cash flow can be improved,” Andrews said. The department also “is accelerating payments through several means to prime contracts, and directing prime contracts to expedite payments to subcontractors,” Andrews said.

In addition, the agency that manages contracts is working with the Pentagon’s accounting organization that makes the payments “to ensure that invoices are continuing to be paid in a timely manner,” Andrews said.

Blow-Back Possible

Pentagon acquisition head Ellen Lord on Friday issued guidance to industry that defense contractors are “expected to maintain their normal work schedules” — within recommended guidelines from the U.S. Centers for Disease Control and Prevention — amid the coronavirus outbreak because they’re considered “critical infrastructure.”

Byron Callan, a defense industry analyst for Capital Alpha Partners, said in an email that the new policy “will work if the large contractors assist smaller ones that are typically small and private. Think of the $50 million machining parts company that has 70% of sales for commercial aerospace and 30% of defense.”

The industry also risks negative blow-back if the increased payments are abused, he said. “If the large public companies use this change to accelerate share buybacks, I would expect management to be tarred and feathered,” he said.

“It’s important to help employers to keep paying people during this crisis, but the Pentagon needs to do more than just trust the better angels of these companies’ nature to prevail,” Mandy Smithberger, a director for the Project on Government Oversight, which monitors military spending, said in an email.


“They should require companies that receive these funds to commit that this money won’t go to dividends, salaries, and stock buybacks, but to the employees on the front lines who are most vulnerable.”

Shay Assad, the Pentagon’s long-time top official on pricing and contracts financing, said in an email the new effort reflects a fundamental misunderstanding of the regulations already in place that already provide for generous reimbursement rates. Assad retired in 2019.

“The fact is that cost of borrowing” from banks “is negligible” and doesn’t require additional Pentagon intervention, Assad said. “There is absolutely no reason to change the progress payment rates for large businesses. Large business is more than capable of using their own cash or borrowing at minimal interest rates. This is a taxpayer rip-off.”

Assad estimated that the top five defense contractors generated $93 billion in free cash flow between 2012 and 2017. “They bought $90.5 billion of their own stock during that same time frame,” he said. “There is no cash-flow intervention required.”