Industry Event: Doing Business with DoD and the Intelligence Community
Published: December 06, 2017
Industry experts provide advice on doing business with DoD and the Intel Community.
At an event on November 28, 2017 hosted by Virginia PTAP and Jennifer Schaus & Associates, several industry experts gathered to discuss the DoD and Intelligence environment. In addition to describing the trends in both markets, experts focused on the cyber space in Defense and DFAR security requirements for contractors. Presenters targeted those unfamiliar or just starting to do business within the DoD and Intel spaces.
Contracting with DoD
At an eagle’s eye view, Army contracting has fallen behind Air Force and Navy acquisition spending in recent years since the country’s decreased involvement in wars. However, Brian Friel from BD Squared believes that trend may change with major, forthcoming operations and maintenance needs from the Army. Moreover, while the Navy is expected to receive modest increases in its budget, contracting is expected to soar with opportunities in ship building and aircraft requirements. Overall though, FY 2018 is anticipated to be one focused on smaller orders and IDIQs rather than large contract vehicle acquisitions- with the exception of the SeaPort-E recompete. Thus far, NAVSEA, USMC, ONR, SPAWAR and MSC have stated commitment to the new vehicle while NAVAIR and NAVSOC may use it but with no guarantees. Referred to as the Next Generation SeaPort procurement, the follow-on requirement seeks to change the current state of the SeaPort-E vehicle. While SeaPort-E contains about 6,000 companies under it, only about 800 actually have awarded work. To combat this, changes under Next Generation SeaPort will:
- Require bidders to have DoD prime experience
- Establish one national contract versus seven separate zones
- Institute two functional areas, program management and IT support, versus the current 22
- Launch off ramps to remove any non-bidding primes
- Use a scorecard methodology
Cyber and DFARS Requirements for Contractors
Cyber is becoming increasingly important to a contractor’s competitive edge within DoD, so much that DoD has been requesting entire cyber sections within proposals. A clear indication of the rising importance of cyber requirements is seen in the changes under the new Defense Federal Acquisition Regulation Supplement (DFARS). Changes include adding the 7012 clause to safeguard covered defense information and cyber incident reporting. No exceptions of the changes will be given to small businesses and flow down requirements will be necessary for all subcontractors. Furthermore, contractors will be required to report to DoD a breach or incident no more than 72 hours of discovery. Subcontractors are allowed report incidents directly to the government and only notify primes to ensure privacy. The deadline to be compliant or to have a security plan in place for the new DFARS requirements is December 31, 2017.
In advice to prime contractors, Margaret Cassidy from Cassidy Law warns that prime contractors are responsible not only for their own security compliance to the government but for the compliance of all subcontractors. In other words, if there is a noncompliance issue with a subcontractor, the penalties will be applied to the prime contractor. Thus, flow down requirements to subs are vital. To remedy this, the speaker gives five key steps to ensure DFAR compliance for DoD contractors: grasp and organize the DFAR for complete understanding, know your subs, plan for a global marketplace, manage security and develop an overall compliance plan that includes ethical mandates. Mandatory flow down clauses for subs can be found in several places: FAR Part 52 and DFAR Part 252. Flow downs must be passed to all subs including distributers, suppliers or commercial item subcontracts. In summary, when it comes to cyber requirements for Defense contractors, Mary Beth Bosco from Holland & Knight, LLP offers the following advice:
- Maintain a current inventory of what controlled unclassified information (CUI) is in systems and what is stated in contracts
- Maintain an updated description of the network
- Review existing policies to ensure consistency with cyber policies
- Train employees on applicable requirements
- Ensure cloud service providers (CSP) meet FedRamp certifications
- CSP is subject to similar reporting requirements as contractors
- All data (including other data with CSP must be housed in the U.S.)
- Be sure to flow down relevant cyber provisions to all subs
Doing business with the Intelligence Community
Open, transparent and simple are not common adjectives when it comes to the Intelligence community and neither is contracting within that market. A panel consisting of a large business expert, an investor and two small business owners doing work with Intel attempted to help the event’s audience navigate the Intel contracting environment. A key piece of advice given by all is to have little expectation that a business will be a prime in the Intel space right away without first being a subcontractor. Moreover, small businesses should know what their limitations are rather than chase every opportunity that comes out. Focusing on a niche capability since parts of the Intel community do not buy in bulk and being on the leading, rather than bleeding, edge of technology are vital to a company’s success. When it comes to opportunities, gone are the days when cyber lead the way in cutting edge technology. These days, machine learning and artificial intelligence to automate data collection and cyber activities are at the forefront of technology within the Intel community. Other emerging technologies such as blockchain are also of current interest to Intel agencies. The Intel community is working towards an information sharing and enterprise-wide IT environment and contractors should understand how data flows from one Intel agency to another. Therefore, solutions presented to an Intel agency should take into consideration applications in other Intel systems and siloed solutions should be avoided.
Throughout the event, various speakers stressed that success for those entering the DoD and Intel contracting spaces is directly related to teaming. Small businesses should truthfully consider the resources they have when trying to prime for opportunities. Companies should also try to understand where DoD/Intel agencies and technology are headed and meet them there rather than trying to push agencies in a different direction. In order to understand where the government is going, businesses should identify partners already in the space to partner with. Teaming or subcontracting is also important when it comes to getting a sponsorship for security clearances. Unless an urgent need is being fulfilled, it is not likely that DoD and Intel will sponsor clearances. Mentor and protégé programs are a good way to obtain sponsorship. Lastly, teaming brings the most success because federal customers do not typically have one interest. In other words, businesses should look at every part of the RFP and identify their perspective and then find a partner(s) with different perspectives so that the RFP is covered at all angles.