Archives page

Posts Tagged ‘justin chiarodo’

Your “Preparedness Plan” for a Government Shutdown
Read More

Your “Preparedness Plan” for a Government Shutdown

by Strategic Partner Justin A. Chiarodo, Partner and Heather L. Petrovich, Dickstein Shapiro

With Congress quickly approaching a September 30 funding deadline with no adequate spending measures in place, and the Office of Management and Budget now directing agencies to prepare contingency plans, the possibility of a government shutdown is becoming increasingly likely. Unfortunately, government contractors faced these challenges just two short years ago during a 16-day shutdown. Among other challenges, contractors may face a lack of incremental funding; the inability to enter into new contracts or contract modifications; closed government facilities; furloughed government employees; delayed payments; increased indirect costs; and unexercised and deferred contract options. This alert highlights steps government contractors can take to protect their business interests in the event of a shutdown.

Review Your Contracts 

Reviewing your contracts is good advice in all times, but particularly so when facing a shutdown. Several key areas are worth reviewing before a shutdown. First, contractors should consider the amount and type of contract funding for each contract. A shutdown will affect incrementally funded contracts more than fully funded contracts. Though exceptions may apply, the funding for incrementally funded contracts may lapse in the event of a shutdown, which could cause the contract work to come to a halt. Fully funded contracts may be impacted by furloughed employees, facility closures, or other unexpected costs. Second, the place of contract performance may affect the ongoing work on a contract if the contractor is performing at a government facility. Many government facilities will close during a shutdown and furloughed employees or limited hours may affect those government facilities that do remain open. Third, the period of contract performance may affect a contract in that the government cannot exercise options and contract extensions during a shutdown. Fourth, the statement of work could also affect how the shutdown applies to a contract. For instance, national security and emergency preparedness contracts are much more likely to be funded during a shutdown than facility maintenance work. Nonetheless, even those exempt contracts may still be affected if the statement of work requires contractors or projects to interact with furloughed employees.

Communicate With Your Contracting Officers 

It is important for contractors to seek written guidance from their contracting officers before a shutdown about contract performance during a shutdown. Among other things, contractors should seek guidance on whether facilities will remain open, whether employees should continue working, and whether contract performance should continue. If the contracting officer informs contractors that contract performance should not continue during the shutdown, contractors should insist on a written stop-work order to protect their interests. Further, contractors should request a stop-work order for contracts that remain funded, but cannot be continued during the shutdown due to furloughed employees or closed government facilities. Finally, contractors should contemporaneously inform contracting officers in writing of any expected delays or added expenses to mitigate the potential for future disagreements regarding these expenses or delays.

Prepare Employees and Subcontractors 

Contractors should take steps to prepare employees and subcontractors if they determine there is a need to furlough employees or suspend subcontracts during a shutdown. These actions should be coordinated with appropriate legal and HR support. Once an action plan is in place, the contractor should take steps to diminish the effects of a shutdown. To mitigate risk to employees, contractors should consider reassigning idle employees to exempt or unaffected programs or requiring employees to use their accrued paid leave during the shutdown if there is no state law or agreement to the contrary.

Prepare for Lengthy Payment Delays 

Contractors should prepare to go without payment from the government for an extended period on their non-exempt contracts. To mitigate the possible effects of the shutdown, contractors should collect any possible government receivables before the shutdown occurs and contact and advise creditors about their situation. Further, contractors should consider methods of stretching cash flow by evaluating cash reserves, considering additional lines of credit, and reallocating non-essential budgetary resources, such as business development or advertising funds.

Make a Record 

A shutdown will likely lead to additional expenses or delays. These can occur through extra material and vendor costs, costs associated with ramping up or winding down contracts, unabsorbed overhead, delays from furloughed employees, or intervening contractual actions. Contractors should document these expenses as they occur and memorialize all correspondence with agencies, contracting officers, employees, and subcontractors in writing. Contractors should also record any unavoidable costs or actions taken to mitigate costs during the shutdown in order to validate subsequent requests for equitable adjustment that contractors may submit once the shutdown ends.

Comply With All Normal Deadlines 

Unless contractors are explicitly notified in writing otherwise, they should continue to comply with all government-related deadlines. This includes deadlines for solicitations, bid protests, claims, appeals of contracting officers’ final decisions, and any litigation deadlines. Although some deadlines may be tolled during a shutdown, these rules can vary among agencies. The safest way to avoid any missed deadlines is to assume they are not moving. On the flip side of this coin, contractors should also be aware that a shutdown may cause proposals to be awarded far later than expected due to shutdown-related delays.

For Additional Information

To learn more about how we can work with you to address the issues summarized above, please contact GTSC Strategic Partner Justin A. Chiarodo at [email protected] or (202) 420-2706, Heather L. Petrovich at [email protected] or (202) 420-2693.

Cyber Security Compliance for Government Contractors
Read More

Cyber Security Compliance for Government Contractors

In honor of National Cyber Security Awareness Month, join GTSC and Strategic Partner Dickstein Shapiro for a look at what you need to do today to be cyber compliant with government requirements.  Also learn what compliance issues may be ahead with several important initiatives from NIST and GSA-DOD.

“Cyber Security Compliance for Government contractors:  What You Need to Know to Stay Ahead of the Curve”

SPEAKERS:

Justin Chiarodo, Partner

Andrew Smith, Associate

dickstein-shapiro-451x392

Click here to hear this important Webinar.

DOD & GSA Issue Final Report on Improving Cybersecurity & Resilience through Acquisition
Read More

DOD & GSA Issue Final Report on Improving Cybersecurity & Resilience through Acquisition

On January 23, 2014, the Department of Defense (DoD) and General Services Administration (GSA) Joint Working Group on Improving Cybersecurity and Resilience Through Acquisition (Working Group) submitted its eagerly anticipated final report on integrating cybersecurity requirements into all federal procurements. This report, which satisfies Executive Order (EO) 13636 and Presidential Policy Directive (PPD) 21, includes recommendations on the increased use of cybersecurity standards in all federal acquisition activities, including strategic planning, capabilities needs assessment, systems acquisitions, and program and budget development. 

The final report is perhaps most notable as another step toward an era where most every government contractor must satisfy baseline cybersecurity requirements. While the final report does not provide explicit guidance on the details of creating such a new procurement environment, in light of recent, imminent and forthcoming government activity, including the final rule imposing cybersecurity and reporting obligations on DoD contractors (issued November 18, 2013 and summarized here), the upcoming final cybersecurity framework of the National Institute of Standards and Technology (NIST) (to be released in mid-February), and the forthcoming final rule governing the safeguarding of government contractor information systems (likely finalized next year), we view this final report as a bellwether. Government contractors who ignore the final report and the course it has set do so at their own peril.

Cybersecurity issues will increasingly affect agency standard setting, coverage issues and incentives, government audits and investigations, security breach litigation, and other business drivers. Government contractors and other companies that handle government information or supply components that could be compromised electronically must begin, to the extent they have not already done so, to think both strategically and pragmatically about developing an integrated approach to these cybersecurity issues.

Background

On February 12, 2013, President Obama issued EO 13636 – Improving Critical Infrastructure Cybersecurity. Section 8(e) mandated that the Working Group, in consultation with the Department of Homeland Security (DHS) and the Federal Acquisition Regulatory (FAR) Council, “make recommendations to the President . . . on the feasibility, security benefits, and relative merits of incorporating security standards into acquisition planning and contract administration.” Section 8(e) also directed the Working Group to “address what steps can be taken to harmonize and make consistent existing procurement requirements related to cybersecurity.”

On May 13, 2013, the Working Group published a request for information (RFI), inviting public comment on the appropriate cybersecurity measures and parameters for federal procurements (summarized here). The Working Group also consulted with representatives from the DoD, GSA, DHS, FAR Council, the Office of Federal Procurement Policy, NIST, and others before issuing the final report.

Working Group Recommendations

The final report makes six recommendations, including that the federal government and/or contractors, as appropriate, should:

(1) institute baseline cybersecurity requirements as a condition of contract award for appropriate acquisitions;

(2) address cybersecurity in relevant training;

(3) develop common cybersecurity definitions for federal acquisitions;

(4) institute a federal acquisition cyber risk management strategy;

(5) include a requirement to purchase from original equipment or component manufacturers (OEM), their authorized resellers, or other trusted sources, when available, for appropriate acquisitions; and

(6) increase government accountability for cyber risk management.

For contractors, the most helpful recommendations ask the government to clarify, with more specificity, the standards to which contractors will be held accountable. For example, the first recommendation correctly observes that, “[o]ften, cybersecurity requirements are expressed in terms of compliance with broadly stated standards and are included in a section of the contract that is not part of the technical description of the product or service the government seeks to acquire.” This, the report concedes, “leaves too much ambiguity as to which cybersecurity measures are actually required in the delivered item.” Accordingly, the report recommends expressing baseline cybersecurity requirements as part of the acquisition’s technical requirements and including performance measures to ensure the baseline is maintained and risks are identified. The final report also recommends common cybersecurity definitions, which if adopted would dramatically advance anxiety about contractors’ and the government’s current and near-future cybersecurity obligations.

Though the recommendations are instructive, the final report does not actually mandate specific baseline requirements or propose common cybersecurity definitions. Nor does it propose a cyber risk management strategy or otherwise attempt to identify the acquisitions in which baseline requirements or OEM limitations are “appropriate.” Instead, the final report “intends” that others will harmonize these recommendations with ongoing rulemakings, cybersecurity standards, and statutory frameworks. In short: stay tuned.

Takeaways

First and foremost, change is coming. Although the final report recommendations are directed more toward government program managers and acquisition decision makers than industry, the harmonization of such recommendations with recent and forthcoming regulations, mandatory contract provisions, and other statutory requirements and protections will affect the industry directly and significantly.

Other critical points for government contractors to consider as the final report’s recommendations are implemented include:

  • What cybersecurity terms will be defined, and what will those definitions look like? Considering that the definitions will be used government-wide, it is imperative that contractors provide feedback lest a definition be issued that is contrary to their interests, much less defies common sense;
  • What topics will be covered in the cyber education program for the procurement work force? If procurement officials are not properly educated on a variety of threats, then they may fail to incorporate standards and requirements that are necessary for information protection;
  • How will federal risk management strategy be developed? And will it be flexible enough to account for the rapidly evolving threat environment?;
  • Are contractors prepared to fight back against cybersecurity requirements in federal acquisition programs that are being used to exclude otherwise acceptable vendors and technologies?; and
  • How deep will these requirements reach into federal contractors’ business? In other words, will the cybersecurity obligations be limited just to public-contracting programs, or will they effectively become company-wide requirements regardless of the buyer?

The final report is a clear signal that mandatory baseline standards, training protocols, and other risk-based requirements are on the horizon. Those standards will likely be based on the NIST framework or, in specialized areas, even stricter protocols. Government contractors and other companies that handle government information must implement an integrated strategy that mitigates the risks associated with these cybersecurity issues, and where viable, the opportunities that these changes might create.

By Contributing Authors:   Brian FinchJustin Chiarodo, and Daniel Broderick from GTSC Strategic Partner Dickstein Shapiro

Brian Finch

Brian Finch, a partner in Dickstein Shapiro’s Washington, DC office, is head of the firm’s Global Security Practice. Named by Washingtonian magazine in 2011 as one of the top 40 federal lobbyists under the age of 40, Brian is a recognized authority on global security matters who counsels clients on regulatory and government affairs issues involving the Department of Homeland Security, Congress, the Department of Defense, and other federal agencies.  Dickstein Shapiro is a Strategic Partner of the Government Technology & Services Coalition.   You can reach Brian at [email protected] (202)420-4823. 

Justin C


Justin Chiarodo represents clients in all aspects of federal, state, and local procurement law. Named by Law360 in 2013 as a “Rising Star” in Government Contracts, Justin has extensive experience in government contracts litigation, compliance, and regulatory matters, with particular expertise in the defense, health care, technology, and professional services sectors.

broderick
Daniel Broderick is a Washington, DC-based associate in Dickstein Shapiro’s Energy Practice. He focuses on regulatory and project development matters affecting clients in the electricity industry, including electric market design, municipalization, compliance, certification, and power purchase agreements. 

Key Cybersecurity Issues for Government Contractors
Read More

Key Cybersecurity Issues for Government Contractors

Dickstein Shapiro LLP and the Government Technology & Services Coalition (GTSC) held a webcast, “Key Cybersecurity Issues for Government Contractors.” This interactive program, of particular interest to government contractor compliance officers, CIOs, CISOs, General Counsel, and any other C-suite members, discussed how the federal government is planning on fundamentally altering its acquisition policies to make the cybersecurity of its contractors a top priority.

The discussion included:
– Proposed Federal Acquisitions Regulation (FAR) changes relating to President Obama’s Cybersecurity Executive Order;
– Planned changes to procurement requirements based on independent agency actions;
– Congressionally mandated cybersecurity requirements; and
Ways contractors can prepare for these changes

Speakers included:

Brian Finch, Partner, Global Security, Dickstein Shapiro LLP

Justin Chiarodo, Partner, Government Contracts, Dickstein Shapiro LLP

Emile Monette, Senior Action Officer for Cyber Security Policy, Government Services Administration

Kristina Tanasichuk, CEO, Government Technology & Services Coalition

View the slides here or watch the webinar by clicking the link below.

Screen Shot 2013-10-09 at 2.21.39 PM