Tag Archives: technology

New Cybersecurity Regulations ‘On Track’ Despite Virus



Katie Arrington, chief information security officer at the office of the undersecretary of defense acquisition, said CMMC is still on track despite hurdles created by the ongoing COVID-19 pandemic that has roiled the world.

“We are on track, but we’re having to retool some of the training because the actual inspections … [do] have to happen,” she said. “The actual audit has to be done on site.”


“Work on the Defense Department’s highly anticipated set of new cybersecurity standards — known as the Cybersecurity Maturity Model Certification version 1.0 — is still on track despite the ongoing COVID-19 pandemic, said an official in charge of the effort April 22.

The new rules, which the Defense Department rolled out earlier this year, are meant to force the defense industrial base to better protect its networks and controlled unclassified information against cyberattacks and theft by competitors such as China. The rules will eventually be baked into contracts, and the Pentagon had targeted including them in requests for information as early as this summer on pathfinder programs.

Under the plan, CMMC third-party assessment organizations, known as C3PAOs, will be trained and approved by a new accreditation body. They will have to certify that a company has met the CMMC standards before it can win contracts. CMMC features different levels, with the level 1 standards being the least demanding and level 5 the most burdensome.

“We are on track, but we’re having to retool some of the training because the actual inspections … [do] have to happen,” she said. “The actual audit has to be done on site.”

The Pentagon is working on ways around that, she said during a webinar called “Protecting Small Business in a COVID-19 Environment” hosted by Project Spectrum, which is part of the Cyber Integrity Initiative and is supported by the Pentagon’s Office of Small Business Programs.

“We’re still on track,” she said. “We’re still doing the pathfinders. We’re working through those. We’re still on target to release some initial RFIs in June with the CMMC in it so we can all kind of get a feel for it.”

Additionally, the Pentagon still plans to get the first class of C3PAOs rolling out in late May or early June, she said.

The biggest sticking point will be conducting in person audits, as is required, Arrington said.

“Until we get the directive from the president and from Secretary [of Defense Mark] Esper with the DoD we have our stay-at-home orders,” she said. However, “the work hasn’t stopped and we’re still doing our absolute best to stay on track.”

Last week, speaking during a Bloomberg Government webinar, Arrington said potential delays of a couple of weeks would be insignificant to the overall program. 
“A two-week push on something is not going to … have a massive impact to our rollout of this,” she said. “I don’t think it’s going to be impactful to the schedule. I think maybe we’ll have a two, three week slip on actually doing the first audits, the pathfinders, but nothing of significance.” Auditors may have to wear masks or social distance while conducting their work, she said.

Meanwhile, Arrington noted that businesses should consider implementing the first level of the CMMC requirements now to protect themselves as more employees in the defense industrial base work from home.

“CMMC level one are 17 controls, no cost, that you can implement today that can help you be secure,” she said. “Waiting isn’t an option for any of us right now.”
 She also stressed the importance of good cyber hygiene, and recommended that employees frequently change their passwords and be mindful of spearphising attempts. 
“Do your best to be diligent and remember that … the weakest link is where the adversary will come in,” she said. “Don’t be the weakest link.”

Nathan Magniex, a senior cybersecurity expert at Project Spectrum, also noted during the webinar that contractors should be wary of conducting meetings on the popular video platform Zoom.

“I would not use it as a business owner,” Magniex said. “There are certain red flags. There are connections with China that are concerning especially for the defense industrial base.”

Project Spectrum recently released a white paper on potential security risks with Zoom which said, “Zoom’s numerous vulnerabilities are not unique to them because every software company and application has them. Zoom’s links to China, however, are particularly concerning because those links expose the DIB and its supply chain, thus jeopardizing American innovation, IP and proprietary information.”

Project Spectrum recommended Cisco Webex, Facebook Workplace, Google Hangouts, GoToMeeting and Microsoft Teams as potential alternatives.”




The table of contents below reflects free small business federal government contracting books and reference materials.   You may download the book, Small Business Federal Government Contracting and its supplement from the first, vertical “Box” in the left margin of http://www.smalltofeds.com. Blue topic titles are the basic book and red topics are contained in the Supplement.

Use the links beneath the table to access more recent articles since the publication of the book and the supplement.

(Please click on image to enlarge)

RECENT MATERIAL LINKS (Not included in Above)










You may also benefit from the free “Reference Materials” in the second, vertical “Box” in the left margin of the site.   Contract agreements, incorporation instructions for all the US states, guidance on marketing and business planning are all included.

Other books by Ken available as free downloads in the “Box” include:

“A Veteran’s Photo/Poetry Journal of Recovery
From Post Traumatic Stress Disorder ” 

“Odyssey of Armaments” My Journey Through the Defense Industrial Complex”

Sole Source Contractor With Non-Competitive $16 Billion VA Records Integration Contract Calls It “Immense Challenge”


Image: FCW.com


“This won’t be easy,” the prime contractor said Tuesday of the $16 billion effort to overcome decades of failure and finally make veteran and military health records compatible with a few computer clicks.

We must deploy to 117 sites, train over 300,000 VA employees, collaborate with DoD, interoperate with the community, aggregate decades of clinical data and update technology,” he told a hearing of the House Veterans Subcommittee on Technology. “


“It carries risk, and we don’t take the challenges lightly” in implementing Electronic Health Record Modernization (EHRM) programs across the Departments of Veterans Affairs and Defense”, said Travis Dalton, president of government services for Cerner Corp. of Kansas City.

In addition, the new system will have to link with additional community health care providers expected to come onboard with the June 6 rollout of the VA Mission Act, which will expand private health care options for veterans, said Rep. Jim Banks, R-Indiana, the ranking member of the subcommittee.

“Interoperability with the community providers is still the elephant in the room,” he said.

About 30% of veterans currently get health care at taxpayer expense in the private sector, and they “rightfully expect their records to follow them,” Banks said. He said his main concern is that a “half-baked system” will be rushed into use.

Rep. Susie Lee, D-Nevada, chairwoman of the subcommittee, said that Cerner and partners Leidos and Booz Allen Hamilton are attempting to create “one seamless lifetime record for our service members as they transition from military to veteran status,” but “this effort also has the potential to fail.”

“The VA unfortunately does not have a great track record when it comes to implementing information technology,” she said, “and it threatens EHRM.”

Previous attempts to mesh VA and DoD records have either failed or been abandoned, most recently in 2013 when then-Defense Secretary Leon Panetta and then-VA Secretary Eric Shinseki dropped an integration plan after a four-year effort and the expenditure of about $1 billion.

“This won’t be easy, but it is achievable and we are making progress” in the overall effort to let “providers have access to records wherever they deliver care,” Dalton said.

Jon Scholl, president of the Leidos Health Group and a Navy veteran, said the example to follow is the MHS Genesis system, the new electronic health record for the Military Health System. “MHS Genesis is the solution,” he said at the hearing.

However, Lee said that “a suitable single management structure has yet to emerge” for EHRM since then-Acting VA Secretary Robert Wilkie awarded a $10 billion, 10-year contract to Cerner in May 2018. The cost estimate for the contract has since risen to $16 billion.

At a hearing last month of the House Defense Appropriations Subcommittee, Acting Defense Secretary Patrick Shanahan was challenged on the DoD’s efforts to work with the VA on EHRM.

“I don’t ever recall being as outraged about an issue than I am about the electronic health record program,” Rep. Kay Granger, R-Texas, told him.

“Personally, I spend quite a bit of time on how do we merge together” with the VA on the records, Shanahan assured her.

He said pilot programs on making the records compatible are underway in Washington state at Joint Base Lewis-McChordNaval Base KitsapNaval Air Station Whidbey Island and Fairchild Air Force Base.

The “rollout and implementation” of the fix to the electronic health records has shown promise at those installations, Shanahan said, adding that the next step is to put the programs in place at California installations in the fall.”


America Must Secure Its Supply Chains Against A Vulnerability Of Its Own Making

Image: EFT.com


Today’s U.S. defense-industrial base is reliant on a globally integrated supply chain. Over the last 20 years, an embrace of the “free market” has created a fragile network of supply for countless critical materials that are the backbone of many major defense systems.


“Over the past few decades, through an intentional dominance of the global rare earth market, China has cultivated immense leverage over the United States. As the current trade warescalates, China is poised to capitalize on its strategic plan — and indeed recent brinkmanship via Chinese President Xi Jinping’s visit to a major rare earth processing facility suggests it may.

If China’s rare earth leverage over the U.S. is one part strategic foresight, it is two parts American strategic miscalculation and shortsightedness. Today’s U.S. defense-industrial baseis reliant on a globally integrated supply chain.

A failure by the U.S. to take the long view of history — as has been taken by the Chinese for centuries — is manifesting itself in an uncomfortable realization that past industrial policy has left our military glaringly susceptible to supply chain disruption. As Chinese philosopher Sun Tzu wrote: “He will win who, prepared himself, waits to take the enemy unprepared.” Alarmingly, U.S. lack of preparation is now evident in the latest rare earth crisis, the second of the past decade.

The first crisis occurred in 2010 when a dispute over the Senkaku Islands resulted in an “unofficial” embargo on rare earth exports from China to Japan. That embargo shocked global supply chains, spiking rare earth prices. However, confident that trade ties between the U.S. and China would obviate any direct threat to the U.S., administration officials adopted a policy to “reduce, reuse, recycle and substitute” rare earths, while waiting for Wall Street to leverage the price spike into a “mine to magnets” supply chain. To promote this strategy, the U.S. government awarded a few small research and development contracts, conducted studies, and filed a World Trade Organization case against China.

In retrospect, this light-touch strategy was a national security disaster. Reduction, reuse and substitution efforts arguably took some of the best materials away from our defense engineers and resulted in no new domestic production. Relying on private investment resulted in over 200 rare earth “projects” on stock exchanges, the vast majority never producing anything.

The U.S. exception, Molycorp, imploded in less than five years, crashing from a $6 billion market cap to a bankruptcy worth less than $500 million (where most of its technology was dismantled or sold off, including to Chinese interests). The WTO case seemingly accelerated the Molycorp implosion by driving down Chinese rare earth costs, undercutting fledgling American and Australian producers.

Since 2010 I have been arguing that the U.S. needs to adopt a national security and production-focused strategy to break the Chinese monopoly. This strategy would secure the defense supply chain by producing enough to sustain limited defense demand, creating new supply to support future commercial demand. The steps are simple.

Mine-permitting reform would improve the predictability and economics of the mining industry, allowing investments to occur immediately, rather than years or even decades after a crisis. Rare earth investment evaporated after the Molycorp collapse, in part because of mine-permitting delays. Reducing bureaucratic hurdles would lower barriers to entry, making U.S. mining more attractive to private investors, ultimately reducing government cost.

The government should encourage — either through direct investment, tax incentives or tariffs — the development of high-value-added domestic oxide and metal production. Commentators lament the Chinese monopoly on rare earth mining but fail to recognize China has even greater dominance in the separation of oxides and metal making. Addressing only one aspect of the supply chain would be ineffective.

Direct government investment in items used by the U.S. military, starting with rare earth magnets, is also necessary. Novel rare earth magnet recycling techniques show significant promise in the near term. Last year, Congress recognized the importance of sourcing domestic magnets by prohibiting U.S. Defense Department use of Chinese magnets (and tungsten) — Section 871 of the National Defense Authorization Act is stimulating defense demand and encouraging upstream growth of non-Chinese alloys and metals as well. These were steps needed to reinvigorate an entire supply chain.

The current administration and Department of Defense are taking welcome steps to finally address the issue, pursuant to Executive Order 13806; they should work with Congress to fully resource the Defense Production Act Title III program as well as assist new producers in securing needed qualifications, in addition to other actions to incentivize production.

Implementing these recommendations will significantly reduce supply chain risk for the military, improve manufacturing strength and mitigate vulnerability. All these steps can be implemented but will require readdressing old assumptions about how to maintain our industrial base in a global economy.

While heeding the lessons of Sun Tzu, today’s Pentagon might find inspiration from former U.S. Marine Corps Commandant Robert Barrow — “Amateurs think about tactics, but professionals think about logistics” — and take the steps necessary to secure our supply chains against a vulnerability of our own making.”


DOD Is Taking Applications for 2019’s Rapid Innovation Fund

Image: “GCN.com”


“The Department of Defense has opened applications for the 2019 edition of its Rapid Innovation Fund (RIF) — a program that offers up to $3 million in funding for “innovative technologies” that “meet critical national security needs.”

“The defense agency posted its broad agency announcement on FedBizOpps on Friday and will be taking white paper submissions until March 8.”


“What’s the DOD looking for?

Per the announcement, the agency is seeking tech solutions to support the ambitions of the National Defense Strategy. The technologies proposed should be innovative but “mature” — ready for final testing and deployment. The required white paper describing a vendor’s tech solution should address how it can contribute to one or more of five key goals: enhancing military capability; accelerating DOD system development capability; reducing costs; reducing technical risks; or improving the timeliness of testing and evaluation.

The white paper should also include a description of the technical approach, timeframe and costs. White papers, once submitted, will be reviewed and select teams will be invited to stage two of the RIF process — the proposal.

Respondents from across industry and academia are invited to send in white papers, but the DOD places a special emphasis on working with small businesses.

The RIF process was first created in 2011 to support “rapid” procurement of innovative technologies. The program was made permanent by the 2017 edition of the National Defense Authorization Act. Examples of technology funded through the RIF in the past include a pocket-sized electroencephalogram to test for brain injury while in the field, a handheld device that records aircraft vibration data to help quickly identify component failure and more.”

Veterans Weigh In Heavily In New Tech Congress Fellows


Fellows+2019+collage+borderstech cogress Cap-Hill.jpg

Image:  Tech Congress I.O Blog                        Image:  “FEDSCOOP”


“The mission of TechCongress is simple: to bring more tech expertise to the legislative body that, while in charge of making impactful technology policy decisions, often lacks the behind-the-scenes knowledge necessary to do so well,

Fellows work in congressional offices or as staff of congressional committees during their year on Capitol Hill.”

“Following months of applications and review, TechCongress has selected a group of eight technologists for the 2019 Congressional Innovation Fellowship. The class is TechCongress’ biggest to date.

Among the class’ diverse origins and areas of expertise are military service, including Nate Wilkins, a former Navy SEAL and information systems technician; Frank Reyes, a former U.S. Navy electronics technician more recently working at Dun & Bradstreet; Aaron Barruga, who served as a Green Beret in Army Special Forces; and Maggi Molina, a former Air Force radar technician. Additionally, Leisel Bogan previously served as former Secretary of State Condoleezza Rice’s chief of staff; Allison Hutchings is a former senior project engineer from ATA Engineering; Emily Paul is a user experience researcher most recently at Salesforce; and Eric Mill has been with the General Services Administration’s 18F tech team since 2014, most recently working on the single sign-on system Login.gov.

Past fellows have worked for Sens. Ron Wyden, Cory Gardner, Kristen Gillibrand and the House Oversight Committee, to name just a few placements.

TechCongress launched in 2016 with its inaugural class of just two fellows, but since then the lack of tech expertise in Congress has become a significantly more popular talking point. “The Zuckerberg hearings were a game changer,” TechCongress founder Travis Moore told FedScoop this summer, referring to the Facebook CEO’s April appearance before senators. “We shouldn’t let a good crisis go to waste.”

With TechCongress, Moore is doing his “small part” to meet this big challenge, as he put it in a blog post introducing the 2019 fellows.

The new class will begin with a two-week orientation in January, during which Moore and his staff will give the fellows the basic lay of the legislative land. During this time, fellows will meet with offices that are interested in hosting them and will eventually choose where they’d like to be stationed.

The fellows are funded by TechCongress for the duration of the year. In November the organization announced a $1 million investment from the Knight Foundation, which will go to support this class of 2019.

“It’s clear that more expertise of how tech works is needed at our highest levels of government,” Lilian Coral, Knight Foundation director for national strategy and technology innovation, said in a statement at the time. “TechCongress is helping to answer that call, working side-by-side with both major political parties to ensure Congress gets better, faster and smarter when it comes to grappling with new digital age demands.”


GSA Proposes New Cyber Security Reporting Rules For Contractors


GSA Cyber Security Rules GettyImages-.jpg

“Getty Images”


“The General Services Administration is proposing new rules shaping how contractors protect government information on the IT systems they manage.

GSAR Case 2016-G511 and 2016-G515 — call for amending the General Services Administration Acquisition Regulation to include requirements for contractors to safeguard GSA information in a solicitation’s statement of work, as well as the procedures for they inform the agency of a potential breach.”

“GSAR Case 2016-G511 allows contracting officers to implement agency cyber requirements and standards into each solicitation, providing a centralized cybersecurity guidance across the enterprise for contractors to adhere to.

“This rule will require contracting officers to incorporate applicable GSA cybersecurity requirements within the statement of work to ensure compliance with federal cybersecurity requirements and implement best practices for preventing cyber incidents,” the Federal Register post said.

GSAR Case 2016-G515 seeks to update the nearly two-year-old GSA policy, 9297.2C, on how the agency, and the contractors overseeing its and its customer agencies’ IT systems, safeguard Personally Identifiable Information and other confidential information, in addition to the procedures taken when a breach is discovered.

Because 9297.2C didn’t go through the rulemaking process when it was established in 2017, it wasn’t open for public comment. By moving it to the GSAR, GSA can seek public and industry input on how the rule can be improved.

“Further, it establishes the requirement for contractors to preserve images of affected systems and ensure contractor employees receive appropriate training for reporting cyber incidents,” the post said. “The rule also outlines how contractor attributional/proprietary information provided as part of the cyber incident reporting process will be protected and used.”

GSA officials detailed in the post their plans to release notices of proposed rulemaking in February 2019 for GSAR Case 2016-G511 and in April for GSAR Case 2016-G515, with comment periods running for two months for each respective rule.”


Leading For-Profit Prison And Immigration Detention Medical Company Sued At Least 1,395 Times



(Photo: Flickr / Charles Williams; Illustration by POGO)


“A company whose medical care of immigrant detainees at one of the nation’s largest detention centers was criticized in a recent Department of Homeland Security watchdog report has been sued a staggering 1,395 times in federal courts.”

Inside The 5 Segments Of The Burgeoning Government “Internet of Things” (IOT) Market


Government IOT

Image:  Blogs Oracle.com


“From a technology maturation and adoption perspective, IoT is today where cloud was five years ago. And if that holds true, we will see government agencies continue embracing IoT …

While the public sector tends to lag behind the commercial world in terms of technological adoption, the U.S. government has made surprisingly large strides in taking advantage of IoT to improve its mission effectiveness. “

“At this point everyone in the tech industry has undoubtedly heard the staggering forecasts around the Internet of Things. Most leading market analysis firms estimate that by 2021 there will be over 20 billion connected devices globally making up an IoT market worth over $2.5 trillion.

What is not as freely discussed, however, is just what constitutes that IoT market, and what that opportunity looks like in the public sector.


At its most basic level, the IoT is a network that connects devices and allows them to link and exchange data. One of the reasons for such high market estimates is because IoT is not a discrete technology like business applications, or infrastructure or even cybersecurity. Rather, it’s a wrapper that exists around all other technologies, enabling them to work together for a specific purpose.

Functionally, IoT is comprised of five major elements:

  • The Edge: The devices, nodes, and sensors actually collecting data
  • The Gateway: Either a physical device or software that allows data to flow from the edge to the platform; the gateway improves network performance and response times by analyzing data at the edge prior to transmission, thereby limiting the volume of data sent to the cloud
  • The IoT Platform: The Cloud, but more; an IoT Platform is the operating environment, storage, computing power, and development tools that receive data from the gateway and then support applications and programs that users leverage
  • Software Applications: Programs that users leverage to solve their business problems working with data stored in the IoT platform
  • Cybersecurity: The tools that protect all the nodes/sensors/devices at the edge, and that protect the data as it’s transmitted through the gateway, platform, all the way to the user

Each element of IoT is necessary for the functioning of an end-to-end solution, and each element can behave as an independent market unto itself.

For example, today there are tens of thousands of devices users can choose from at the edge of their IoT environment, and there are thousands of gateways – but what good is the data that’s collected and processed if it doesn’t have a specialized platform to store and manage it?

Furthermore, what good does storing and managing data do if it can’t be secured and put to meaningful use? Thus, regardless of the element your company provides, it will be a necessity to any government agency attempting to implement an IoT solution.


For years, the Department of Agriculture has used an array of sensors to monitor precipitation, soil acidity, crop production and tree health. The National Oceanic and Atmospheric Administration has used smart buoys to monitor weather conditions at sea. State and local governments have equipped their law enforcement officers with wearables like body cameras, and cities have implemented gunshot detectors on street corners to improve police and medical response times when necessary.

And as far back as 2013 the Department of Defense has been developing the Tactical Light Operator Suit (TALOS) – which has been described as an “Iron Man” suit for warfighters – with embedded sensors and monitors, oxygen controls, temperature controls and ballistic protection that sends data back to a command center.

Today, IoT opportunities in the public sector total well over $30 billion – and that number will continue to increase as IoT globally is expected to grow at a 20 percent CAGR over the coming 3 years.

For vendors with a desire to get a piece of that pie, targeting the following opportunities would be a good place to start:

Department of Energy – Waggle. The Waggle program funds a wireless environmental sensing platform created at Argonne National Labs. As described above, data collected by sensors is processed at the gateway prior to being sent to the IoT platform. The Waggle program uses machine learning to drastically cut down the amount of raw data sent to the platform with more effective edge analytics. This principle can be applied to any number of federal projects from measuring waterflow of a particular river or predicting pedestrian traffic patterns or even monitoring air quality aboard spacecraft.

Department of Transportation – Terminal Automation Modernization and Replacement. The TAMR program has been an integral part of the Federal Aviation Administration’s NextGen initiative for years, but recently has made strides towards replacing legacy monitoring systems with modernized data linkage and long-range communication systems. TAMR is a perfect example of an “IoT Program” that may not be billed as such. It’s leveraging new sensors, gateways, cloud platforms, analytics tools, and cybersecurity tools to improve the effectiveness of FAA’s mission.

Navy – Information Warfare Research Project. IWRP is a six- company consortium run by the Space and Naval Warfare Systems Command to help the Navy adopt innovative solutions in 14 major technology areas, including embedded systems in the Internet of Things. Part of SPAWAR’s goal with IWRP is to create a network of connected sensors which will monitor both ashore and afloat systems.

Miami-Dade County – Strategic Miami Area Rapid Transit Plan. The SMART program exists to create and improve rapid transit corridors across Miami-Dade County. The county is pushing for a vehicle to infrastructure (V2I) connection that could work with vehicles and drivers to identify when a traffic signal is approaching, when an accident has occurred nearby or to use an alternative route to improve traffic flow.

State of North Carolina – North Carolina Government Data Analytics Center. The NCGDAC is evaluating sensors and connected devices to collect real time information to improve traffic patterns, as well as using machine learning for better freight management and leveraging artificial intelligence to analyze and improve defensive posture against cyberattacks.

The opportunities above represent a broad and diverse portfolio of government IoT initiatives, and by no means constitute a complete list. Needs for each element of the IoT ecosystem abound from all corners of government, whether defense or civilian, state or local.

Over time, public sector will need to deliberate over consistency of standards and governance, so that will be an issue for vendors to consider long term. But the most important consideration for technology vendors to make today is what the cost will be of not establishing a presence in the IoT space.

From a technology maturation and adoption perspective, IoT is today where cloud was five years ago. And if that holds true, we will see government agencies continue embracing IoT and there exists an enormous prospect for distributors, manufacturers, resellers, services and solutions providers to create an ecosystem that is profitable for all for years to come while helping government customers deliver on their missions.”



HUBZone’s Beware The Too Good To Be True Offer


Hubzone 3 SBA

too good 1 McIntoshMD Rules

Free Lip Piercing Image:  “McIntosh MD”       Rules and Hub Zone Images “SBA”


“While the [HUBZone] program was designed to provide legitimate small businesses with a path to get their foot in the door with the federal government, it has become a prime target for fraud.

To retain their HUBZone eligibility and avoid potential civil or criminal liability, small business owners need to understand the potential pitfalls.”

I’m sure you’re familiar with the adage, “If it sounds too good to be true, it probably is.”

For owners of HUBZone businesses—small businesses that operate and employ people in Historically Underutilized Business Zones (HUBZones)—it’s a motto to keep in mind as they travel to one of the largest HUBZone matchmaking events in the country this October, the National HUBZone Conference in Chantilly, Virginia.

This annual conference provides a tremendous opportunity for HUBZone business owners and corporations to network and identify potential partners who can help them win business with the federal government. Unfortunately, such gatherings can also attract nefarious corporate executives who are on the hunt for a HUBZone business to illegally use as a pass-through to gain access to lucrative federal contracts that would otherwise be out of reach.

But there are proactive steps a HUBZone business can take to protect itself and the integrity of the HUBZone program.

Understandably, many small businesses are unable to comprehensively serve the needs of a federal contract on their own, so they partner with larger corporations. There are legitimate ways to engage in such a partnership and the SBA provides extensive guidance in how to do so. However, HUBZone businesses are sometimes approached with a proposal to sign off as a partner on a contract or bid without having to perform any of the actual work. That should raise a red flag. Experienced HUBZone businesses generally refuse to engage in these types of deals. But when large businesses are intent on establishing a pass-through with a HUBZone organization, they will often use conferences to shop the offer to many potential partners until someone says “yes.”

In other cases, large businesses and corporations are more covert about their intent to use a HUBZone organization as a pass through. In these instances, in the months immediately after partnering on a piece of business, a HUBZone organization may find their corporate partner slowly beginning to squeeze them out of performing the work for which they have been contracted, while still continuing to pay them. In these situations, when the work arrangement starts to look and feel less like a partnership and more like the HUBZone business is just being used for its HUBZone certification, it may be time to take a closer look at the engagement to see if the larger business is committing fraud.

Contractor fraud in HUBZone set-aside programs is a little bit like an iceberg. It can be difficult to detect and prove, which is why even though the problem is pervasive, only a small percentage of fraud cases ever make it to a courtroom. This is why HUBZone contractors play a key role in helping to police their industry. In particular, there are a number of ways for HUBZone business owners to protect themselves and the HUBZone program from these pervasive forms of fraud.

First, if you are a HUBZone business owner who is approached at a convention like the National HUBZone Conference to become a “pass through” for a larger corporation, keep your eyes and ears open. There is a strong likelihood that the corporate contact who offered you a “too good to be true” deal will pursue your peers until someone agrees to their terms. When you have knowledge of this type of fraud, it is important to reach out to an attorney who specializes in government contracting fraud cases and can help you share this information with the federal government. Often, by serving as a whistleblower, you may be entitled to monetary rewards if the government can prove the fraud occurred.

Second, if you are a HUBZone business that enters into a partnership with a larger organization, make sure you have a tightly defined contract and scope of work. This scope of work should clearly state the percentage of work that you are required to perform, as well as what the work will entail. By having these legal documents established at the beginning of a relationship, it will be very difficult for a corporate partner to illegally squeeze you out of a partnership.

Third, and most importantly, it is critical that HUBZone businesses have a strong backbone to stand-up to corporate executives rather than giving in and accepting payment in exchange for the use of their certification. If you’re in a partnership, insist that you perform the work—even if your corporate partner pressures you not to. And if you’re presented with a “too good to be true” offer, protect yourself and your business by walking away. When in doubt, talk to a lawyer.”



Andrew Miller is a shareholder and attorney at the firm Baron & Budd.