$6.8B NASA Contract Gets Green Light Despite GAO Protest

Law360, New York (October 22, 2014, 5:30 PM EDT) — A federal judge on Tuesday allowed NASA to move forward with a $6.8 billion space transport contract awarded to SpaceX and Boeing Co., letting the agency take the unusual step of overriding the automatic stay that is triggered by protests at the Government Accountability Office.

Losing bidder Sierra Nevada Corp. had protested at the GAO after being denied a chance for further work on a contract to develop privately owned space vehicles that will be used to transport NASA astronauts to the International Space Station and back …

Read the full article on Law360 (subscription)

Cyber Risks Loom Ever Larger For Government Contractors

By Dietrich Knauth

Law360, New York (September 23, 2014, 4:30 PM ET) — Government contractors’ cybersecurity practices are coming under increasing scrutiny from the government, and recent events highlight the unique risks and vulnerabilities that companies face when they hold valuable government data.

Government and contractor networks are under continuous threat from cyberattack, and security and reporting remain serious challenges, as shown by a Sept. 17 Senate report on successful attacks on the networks and databases of U.S. Transportation Command contractors.

The fallout for contractors, especially ones that rely principally on the government for business, can be significant if cyberattacks cause the government to lose faith in them, as has happened to embattled U.S. Investigative Services, which lost its Office of Personnel Management contracts earlier this month.

“What’s happened with USIS should be a wake-up call to industry,” said Robert Nichols, co-chair of Covington & Burling LLP’s government contracts group. “USIS won’t be the last company that suffers from this. I think major contractors will be put out of business to set an example for other contractors.”

USIS had a history of contracting woes dating back to its background checks for NSA leaker Edward Snowden and Navy Yard shooter Aaron Alexis and continuing with a massive fraud suit that accuses the company of filing incomplete background check reports while billing the government for completed work.

But a state-sponsored cyberattack that breached USIS’ systems was apparently the straw that broke the camel’s back, with the OPM and the Department of Homeland Security suspending USIS’ contracts in its wake. OPM, which was USIS’ primary customer, decided Sept. 9 that it would not renew USIS’ background check contract, putting a serious dent in the company’s revenues.

To truly protect themselves, contractors should not relegate cybersecurity just to their IT departments and should instead embrace a top-down approach that recruits all a company’s employees into the effort, according to Michael Chertoff, a former Secretary of Homeland Security who now heads a security consulting group.

Chertoff and Nichols, who are partnering with George Washington University for a Sept. 29 seminar on cybersecurity for government contractors, said the recent events re-emphasized the need for bigger thinking from vulnerable companies.

“There is a bit of a tendency to think of this as if it’s just a technical issue, but you’ve got to take a broader view of this than just finding the right piece of equipment or software to put on your network,” Chertoff said.

Before investing in software or other technical solutions, companies should think long and hard about the types of data that could be an attractive target and come up with a comprehensive strategy to limit access to that data, Chertoff said. That strategy could include steps like limiting access to data within the company, limiting remote access or preventing downloads of certain data, Chertoff said.

“Once you’ve laid the rules down, you can then configure your hardware and your software to enforce those rules,” Chertoff said. “What you can’t do is just buy hardware and software and put it on a network and think that solves the problem.”

Ray Aghaian, co-chair of McKenna Long & Aldridge LLP’s cybersecurity practice, also advocates a broad approach where employees, “from the executives on down, place a strict emphasis on security.”

Without high-level executive attention, companies may not be able to align their cybersecurity budgets to their actual needs and may not be able to move quickly enough to respond to breaches, Aghaian said. Employee sloppiness can create vulnerabilities if training isn’t seen as a high priority, as can overemphasizing static defenses over more demanding but more responsive approaches, he added.

“The mistake that a lot of folks make is that there’s a lot of emphasis placed on the intrusion protection system,” Aghaian said. “People often forget about their IDS, their intrusion detection system — and that is just as important, if not more, because you need to very quickly understand if you’ve been compromised.”

Contractor cybersecurity remains a high priority for the government. In the week after the USIS decision, the Senate passed legislation that would grant DHS additional hiring and compensation authority to help recruit and retain cybersecurity experts. It also released a report on cyberattacks launched on U.S. Transportation Command contractors, which carry valuable intellectual property and sensitive information about military personnel movement and cargo transportation.

“These peacetime intrusions into the networks of key defense contractors are more evidence of China’s aggressive actions in cyberspace,” Sen. Carl Levin, D-Mich., said when announcing the report’s findings. “Our findings are a warning that we must do much more to protect strategically significant systems from attack and to share information about intrusions when they do occur.”

The public version of the report revealed that Chinese hackers had stolen emails, documents, passwords and other sensitive information from Transcom contractor networks multiple times between 2008 and 2014. The report called for a tightening of information sharing and disclosure requirements, noting that Transcom heard about only two of the intrusions, even when the FBI and other federal agencies had learned of the successful attacks.

Contractors holding government data are often the “weak link” for potential cyberattackers, and agencies are attempting to enforce better security through several pieces of regulation, as well as through ad hoc contract clauses, according to Nichols.

Because the penalties for a failure can be so steep — terminated contracts, negative past performance ratings, and the threat of suspension and debarment — contracting attorneys need to take care to look

for cybersecurity clauses that could impact their clients’ business, Nichols said.

“Different agencies are putting clauses into contracts that shift enormous risk to contractors, without the contractors really understanding what they are agreeing to,” Nichols said. “Because they don’t understand it, they’re not getting insurance for it, so what they are effectively doing is putting the viability [of] the continued existence of their companies at risk.”

Lawyers can help companies set up insurance policies covering cyberattacks and data breaches — a market that remains somewhat underdeveloped — and help them seek DHS certification under the Support Anti-terrorism by Fostering Effective Technologies Act, or SAFETY Act, according to Aghaian. The SAFETY Act limits liability for “claims arising out of, relating to, or resulting from an act of terrorism” and allows the DHS to designate certain cyberattacks as acts of terrorism.

“It’s a very powerful form of liability protection to have, but surprisingly, most companies aren’t making use of that,” Aghaian said.

In the near term, the USIS breach should be a stark reminder that companies face significant risk and uncertainty even when they appear to have handled a cyberattack responsibly, according to Anuj Vohra, a senior associate at Covington.

“Because this is such an evolving threat and the government hasn’t gotten its hands around it, it’s hard for contractors to know what to do,” Vohra said. “USIS is obviously its own discrete circumstance because of everything else it had going on, but it seemed to take all the right steps following the breach to work with the government and address the threat and the breach in an efficient and responsible way, and it still ended up in the same place.”

Published by Law360

5 Tips For Internal False Claims Act Investigations

Contractors are required to report credible evidence of fraud or significant overpayments on their contracts, but sometimes they struggle with ways to protect themselves during internal FCA investigations. The topic was the subject of a panel discussion involving representatives from law firms, in-house counsel and the government, moderated by Marcia Madsen of Mayer Brown LLP, at the American Bar Association‘s recent meeting in Boston.

Here are some tips that emerged for balancing the competing interests in such investigations and minimizing potential liability:

Take Care When Interviewing Employees

Interviewing employees can require a delicate touch, as it’s easy for an internal investigation to scare employees and disrupt their work. The right approach requires careful coordination between in-house attorneys and outside counsel on a range of issues, from explaining the purpose of interviews to employees to agreeing on who should keep interview notes, attorneys say.

Angela Styles, co-chair of Crowell & Moring LLP’s government contracts group, said that outside attorneys like her often have to overcome a poor first impression with the employees they’re interviewing.

“I don’t think I’m scary, but apparently lots of employees do, and I think outside counsel has that problem a lot,” Styles said. “It’s so important to realize that when you’re outside counsel and you’re coming in and you’re talking to employees, you are a really scary individual to a lot of men and women.”

Employees can freeze up as soon as outside lawyers give them an “Upjohn warning,” reminding them that they represent only the corporation and not the individual, Styles said. It’s crucial to quickly develop a rapport and deliver the warning in a way that is is both gentle and clear, allowing the interview to proceed smoothly, Styles said.

“I’ve got to say, it’s very, very difficult because you don’t have that long-term relationship [that inside counsel has with employees], but it really affects the entire tenor of the interview, as to how gently you are able to give the Upjohn warning and make this person feel comfortable but get out everything that you need to get out there,” she said.

It’s part of in-house counsel’s job to clearly explain the need for interviews by outside counsel, said Scott MacKay, vice president and general counsel at Lockheed Martin Information Systems & Global Solutions. Generally, employees are willing to cooperate if they understand what’s happening, he said.

“It shouldn’t be just the outside counsel parachuting in and meeting these people out of the blue,” MacKay said. “You need to work these people. You need to work the organization so they’re ready, so they know who Angela is, so they know that she’s really a good lawyer and a nice person, and not scary, and they hear that from someone they know.”

Outside counsel should also resist the urge to “travel in packs,” which can make employees uneasy, and generally try to minimize disruption in the workplace, Styles said.

“These people have work to do,” Styles said. “They’re operating under a lot of stress, and you’re bringing in a completely new unknown factor to them, and they also have to walk out the door and continue to do their job.”

In the relatively rare event that a False Claims Act relator still works at the company and is interviewed during an internal investigation, MacKay said, the interview could represent a “free shot” at the relator.

“To the extent that you know you have a whistleblower, it would strike me as prudent to interview that person as quickly as possible and reduce to writing what that person tells you,” MacKay said.

Preserve Attorney-Client Privilege …

In the recent case U.S. ex rel. Barko v. KBR, the D.C. District Court heightened the attention paid to questions about attorney-client privilege for internal FCA investigations by finding that internal investigations were performed to comply with regulatory responsibilities and not for the purpose of legal advice. Although Barko was recently overturned by the D.C. Circuit, it serves as a warning to companies that they should be as clear as possible that they are seeking legal advice if they want to preserve privilege later on, attorneys said.

If companies do not have attorneys do the employee interview, they should make it very clear that the investigation is being performed at the direction of their legal department, according to Brian Miller of Navigant. Miller, who helped write the mandatory-disclosure rule while serving as inspector general of the General Services Administration, said that the initial Barko decision tried to enforce an artificial separation between internal investigations performed for legal purposes and those performed for business purposes.

“If you’re doing an internal investigation to comply with the mandatory-disclosure rule, one of the issues is: Do you have credible evidence of an FCA violation? How is that not a legal issue?” Miller said. “When we did the mandatory-disclosure rule, we wanted to take privilege off the table and encourage companies to do these compliance reviews and investigations. The harder you make things to do, the less likely it is that companies will do it.”

… But Don’t Be Too Cagey With the Feds, Either

For Styles, there is some tension between protecting attorney-client privilege and the mandatory-disclosure rule, but companies shouldn’t obsess about protecting privilege at the expense of compliance with the rule.

“If you’re making a disclosure and you’re too worried about privilege, I can tell you that the disclosure isn’t going to go well,” Styles said. “If you or your client errs too far on the side of privilege, [the government is] not going to have enough information.”

MacKay said that companies will get themselves in even more trouble if they try to be too cagey when making a disclosure to the government.

“You really can’t slice the bologna thinly in disclosures,” MacKay said. “The fact is that you’re going in and making a disclosure. … OK, that’s given. You’ve said there’s credible evidence, so you don’t need to spend a lot of time discussing the legal niceties of whether it is implied certification or whether it’s something else under the False Claims Act.”

Kelley Hauser, a trial attorney in the U.S. Department of Justice‘s Civil Fraud Division, said that incomplete disclosures can encourage whistleblowers to come in after a disclosure, expanding on the original disclosure or finding things that aren’t included in the original disclosure.

DOJ attorneys are generally skeptical of overly broad claims of privilege, especially for lawyers who primarily act in a business role for a company or act in a hybrid capacity, Hauser said. The DOJ will look for relevant documents and facts underlying a company’s legal opinions, not the opinions themselves, he added.

“On the one hand, I’m not interested in knowing what an in-house attorney or … outside counsel thinks about an FCA case or your exposure,” Hauser said. “I don’t care, and I’m not going to agree anyway. That’s clearly privileged and we don’t want to see that and that’s fine.

“On the other hand, documents that are pre-existing and just happen to have been swept up in an internal investigation are not necessarily privileged and they should be produced, and everything in between is a more difficult call.”

Don’t Go Broke Fighting Over Document Requests

Companies should resist the urge to fight back against apparently overbroad subpoenas and discovery requests, MacKay said.

“The case law is replete with the carnage of companies that have sought to litigate the scope of discovery requests, and they always lose,” MacKay said. “At the end of the day, you’re going to have to produce the documents because the government does have a right to get it, and if you narrow it and work cooperatively with the agency attorney, you really are advancing your client’s interest. As distasteful as you may find it sometimes, the point is, it really advances the ball toward a faster, cheaper, quicker resolution — even if the resolution isn’t one that you are particularly enamored with.”

Instead of arguing with the government, a company can make more headway in narrowing a request if it just talks to the agency or trial attorneys and figures out what they really are looking for, Miller said.

“Contact the attorney right away and work with the attorney from the government to try to narrow the scope down or have a rolling production,” Miller said. “I think there’s a lot you can do, and I think you’ll find that government attorneys are cooperative and easy to work with these on these issues.”

Without that cooperative interchange, the only ones that benefit, really, are the outside counsel, because the legal fees can rack up quickly during scorched-earth fights over document production, MacKay said.

Work to Shape the Investigation

Cooperating with a trial attorney or the agency can also give a company insight into the case against them and can give the company an opportunity to help shape the investigation as it progresses, MacKay said.

“The key to cooperating with a trial attorney or the agency is that you learn about their case, what it is that they’re focused on, so that you can then start working with that investigator or regulator to formulate your defenses,” MacKay said.

Cooperating proactively can also help a company navigate potential suspension and debarment risks related to FCA allegations, according to Wayne Wisniewski, director of the U.S. Navy‘s civil recovery division. Good attorneys can play a key role in getting that cooperation off to the right start, Wisniewski said.

“There’s a real distinction between those that are represented by counsel and those, maybe a small or midsized business, that come in and think that he or she can do everything by themselves,” Wisniewski said. “They don’t shape the case, they’re all over the place, and it’s very unwieldy. It puts us in an awkward position as well, we have to assist them and its an ethical dilemma on our side.”

Published by Law360

Gov’t, Private Space Industries Becoming More Intertwined

By Dietrich Knauth

Law360, New York (August 7, 2014, 9:40 PM EDT) — U.S. funding and support for commercial space companies, often with the goal of graduating those companies into more typical government contracts, have increasingly blurred divisions between commercial and public projects in the space industry, a panel of attorneys at the American Bar Association’s annual public meeting said Thursday.

The panel in Boston noted that the mixing of Space Act agreements with more typical contracts governed by the Federal Acquisition Regulation has created more opportunities for the growing space industry, while also creating new regulatory challenges for the agencies involved in regulating space launches.

“What you’re seeing here, with FAR contracts and Space Act agreements more broadly, is a new blurring of the lines between government and commercial programs,” Chuck Dickey, general counsel for Lockheed Martin Space Systems Co.

A recent example of that blurring is NASA’s Orion program, which aims to build a next-generation space shuttle that can take astronauts to Mars and beyond, according to Dickey. Test launches for the program began with indemnity provisions governed by the FAR contract and the company’s NASA contract, but later launches have involved the Federal Aviation Administration’s requirements for indemnifications and waivers of liability, which are more often used in commercial space launches, Dickey said.

Space Act Agreements are not subject to the competition or pricing rules in FAR and allow NASA to pursue a wider variety of partnerships in its quest to support America’s nascent commercial space industry.

Agreements under the act are generally classified as funded agreements, in which NASA pays contractors who are working in support of a NASA mission; non-reimburseable agreements, in which NASA and its partners bear their own costs for joint projects; and reimburseable agreements, in which contractors pay NASA to borrow NASA facilities or expertise to support a commercial project.

Julie Jiru, a contracts officer with Space Exploration Technologies Inc., said that NASA support in Space Act projects like the Commercial Orbital Transportation Services and Commercial Crew Development program have helped SpaceX win contracts for a NASA commercial launch market that didn’t exist until recently. The law allows companies to turn the tables on the normal government contracting by hiring out NASA expertise to support commercial goals that line up with NASA’s mission.

“When we talk about government contracts in general, it’s usually thinking of what does the government want from you — what do you do for the government, what are the requirements, etc.,” Jiru said. “The reimbursable space act agreement is fantastic, because it’s finally about us and what we want. We get to choose the technology and expertise we want from the government in order to advance and improve our own space technology.”

The agreements share one thing with typical government contracts though, Jiru said. They allow the government to leverage its weight to get favorable terms; namely insisting on upfront payment for its services.

“It wouldn’t be government contracting if it wasn’t a little contradictory,” Jiru said. “By ‘reimbursable’ Space Act agreement, what the government means is ‘prepaid’ Space Act agreement.”

The increasing mixture of NASA contracts and NASA-supported commercial launches makes it more difficult for the FAA to handle cross-waivers, which essentially prevent any of the parties involved in a space launch from suing each other for damage or liability during a launch or reentry, according to FAA attorney Sabrina Jawed.

It is not uncommon for NASA to contract with a company like SpaceX or Orbital Sciences Corp. to send “a black box of stuff” into space, but NASA’s secrecy about some of its payloads makes it difficult for the contractors to obtain necessary waivers, Jawed said.

“This causes a big issue because we at the FAA have a regulatory requirement that SpaceX or Orbital Sciences gets the signature of every customer on the cross waiver, and they have to do this prior to launch,” Jawed said. “They’re required to do this by law, but how are they going to do this if have no idea what’s in the black box?”

Thus far, the FAA has been issuing waivers to the regulatory requirement since NASA has a similar cross-waiver and can typically assure FAA that it has appropriate waivers in place with the party that is unknown to the launch contractor, Jawed said.

The FAA and NASA must also coordinate with the Air Force, since commercial launches can use Air Force facilities, or the Air Force could put payload on a commercial launch vehicle or possibly share a payload with a commercial launch company. For those launches, the FAA coordinates with the Air Force to ensure that safety is being upheld through a formal Memorandum of Understanding between the agencies.

“Our rules trump, but we defer to the Air Force” as long as any deviations from shared procedures can be looked at and approved by the FAA, Jawed said.

Both NASA and the Air Force use contracts to push companies into the space launch market. NASA has used the COTS program to help develop vehicles that it now hires to deliver cargo to the International Space Station, and the Air Force uses its Orbital/Suborbital Program-3 (OSP-3) to fund less challenging launches while testing companies for riskier work under its Evolved Expendable Launch Vehicle program.

“There’s a real statutory framework and policy framework for supporting the commercial space industry,” said Patricia Ewing, senior counsel for Orbital, which has transitioned to ISS supply contracts along with SpaceX. “Both NASA and DOD have certain contract vehicles that they use that are structured in a way to help support the commercial space industry. The prime example of that is the space station resupply contracts.”

Both Orbital and SpaceX spent a lot of money in getting their space vehicles off the ground, but NASA’s support made the current commercialization possible, Jiru said.

“It’s great to see how the reimbursable Space Act agreements basically work in concert with the government FAR contracts in order to make out industrial base stronger, and that in turn makes the U.S. as a whole stronger in space,” Jiru said. “There was no marketplace or business case for going into ISS resupply, so in order to demonstrate and get that capability, funding from the government was needed in order to help companies start that because that ‘s a very, very expensive endeavor, especially if you didn’t have a client for it.”

Read the article on Law360 (subscription)

Senators Debate Adding Funds To Accelerate Space Programs

Law360, New York (July 16, 2014, 5:33 PM EDT) — Senate Armed Services and Commerce committee members expressed frustration about the U.S.’s continued reliance on Russian rockets for NASA and Air Force space launches Wednesday and debated adding more funds to expedite efforts to build a new generation of American-made launch vehicles.

The Commerce space subcommittee’s chairman, Sen. Bill Nelson, D-Fla., noted that the day’s hearing took place on the 45th anniversary of the Apollo 11 launch that sent the first astronauts to the moon, and emphasized space exploration’s importance to research, commerce and national security. Senators questioned witnesses from the Air Force and NASA, and other government and private sector experts, about challenges raised by reliance on Russian rockets and the slow pace of U.S. entrants into the market for Air Force launch contracts.

Gen. William L. Shelton, commander of Air Force Space Command, said that the recent reliance on the Atlas V rocket, which uses Russia’s RD-180 engine as a key component, made sense in the near term, saying that the rocket is “probably the most advanced rocket engine in the world” and has proven both cost-effective and reliable.

“If you look at the Atlas V performance, there’s nothing to complain about,” Shelton said. “But in my opinion it’s time to move on from reliance on that foreign engine.”

Russia’s role in American space programs has become a topic of debate thanks to rising tensions over Russia’s annexation of Crimea and the U.S. sanctions that followed. Russian Deputy Prime Minister Dmitry Rogozin, who heads Russia’s defense industry, has floated the possibility of restricting U.S. access to its engines, and reportedly suggested that the U.S. “use a trampoline” to send astronauts to the International Space Station.

Those remarks have played into the debate over both NASA’s civilian spaceflight programs and the Air Force’s Evolved Expendable Launch Vehicle program, which sends military satellites into space. Space Exploration Technologies Corp., or SpaceX, which is jockeying for the chance to compete with the Air Force’s EELV contractor, United Launch Alliance, has positioned its U.S.-made Falcon rockets as an alternative to the Russian rockets used by ULA.

If tensions worsen and Russia carries out the threat to cut off RD-180 rocket sales, the move would significantly disrupt the Air Force’s national security launches, Shelton said. But both he and RAND Corp. senior engineer Yool Kim said that that is unlikely, because the Russian space industry relies on money from U.S. space launches. And even if Russia stops selling the rockets, the U.S. could use its stockpile of 15 Atlas V rockets to continue with the most significant space launches for at least two years, although it would have to give up some lower-priority launches to make that work, Kim said.

When asked about the ability of SpaceX to pick up the slack, Shelton pointed out that the SpaceX Falcon 9 rocket, used to deliver NASA cargo to the ISS, cannot handle heavier and more sensitive launches, and its Falcon Heavy rocket, which is in the same class as the Atlas V, is not as close to certification for space launches. Under current plans, the Falcon 9 rocket will be certified for Air Force launches by December, Shelton said.

Many senators seemed eager to speed the development and certification of U.S. rockets and space vehicles, asking whether additional funding could accelerate that process. But witnesses said that federal procurements and development of new technology can’t always and shouldn’t always be rushed.

“Part of the issue we’re dealing with is we’re in the middle of a procurement, so we have a procurement right now that we’ll make a selection on later this year,” NASA Associate Administrator Robert M. Lightfoot said. “Having not seen the proposals, I can’t tell you what the acceleration options are, but we’re in 2014 already. When you order a rocket, you typically order them three years in advance, so that’s where we are.”

SpaceX, which has sued the Air Force for entering into a five-year deal with ULA while it was gearing up for launch certification, was a frequent topic of senators’ questions. Senators questioned the Air Force’s claimed $4.4 billion in cost savings for its recent five-year contract, as well as an earlier comment from Shelton that seemed to criticize SpaceX for taking the Air Force to court. Other asked why SpaceX’s rockets were good enough to deliver cargo to the ISS for NASA but not good enough to take military satellites into space.

Lightfoot said that the cargo deliveries were relatively low-priority and low-risk, so NASA accepted some additional risk in starting those deliveries and speeding SpaceX’s certification for future delivery of more sensitive cargo, including high-tech research equipment and, eventually, NASA astronauts. In the process, NASA took SpaceX through very rigorous testing of its ability to navigate in space and safely dock with the ISS, which are less applicable to the Air Force’s launch needs.

Senators also criticized the Air Force for sharply reducing the number of near-future EELV launches that it planned to open up for competition, from 14 to seven in the Air Force’s 2015 budget proposal. Shelton replied that the Air Force, trying to save money, cut five launches of GPS satellites, which are available to competition because they don’t require a rocket as heavy as the Atlas V, because it realized that its GPS networks didn’t require as much maintenance as it had thought. The heavier launches, reserved to ULA, were generally preserved, but one was canceled, which required the Air Force to give them one of the lighter launches from the formerly competitive pool to keep the terms of the five-year contract, Shelton said.

“We didn’t need to procure the GPS launches on the schedule that we thought we needed, so we stretched those launches out. That resulted in the loss of five of the seven launches that we had set aside for competition,” Shelton said. “It really wasn’t an anti-competitive thing.”

While lawmakers were frustrated by the pace of getting new rockets into production, the deputy undersecretary of defense for acquisition, Alan Estevez, said that developing new technology isn’t always as easy as “throwing money at the problem.”

“Without sounding glib, it is rocket science,” Estevez said.

Read the original article on Law360 (subscription).

NASA Commercial Space Program Needs Clarity: Report

By Dietrich Knauth

Law360, New York (July 1, 2011, 5:07 PM EDT) — In its efforts to promote commercial space flight, NASA must develop clear safety and performance requirements while taking care to avoid potential conflicts of interest, according to a Thursday report by the agency’s inspector general.
NASA Inspector General Paul K. Martin said that the agency has made significant progress in working with commercial partners, awarding more than $300 million in contracts through its commercial crew development program, but still needed to finalize regulations, develop a procurement strategy and coordinate safety standards with the Federal Aviation Administration.

In the wake of the space shuttle program, which will be retired after the July 8 launch of the shuttle Atlantis, NASA is simultaneously working on building a next-generation government spacecraft and kick-starting a commercial space industry.

NASA has never launched a manned mission on a commercially-developed vehicle and the transition will be challenging, the report said. Getting it right will be critical because the U.S. will rely on Russian Soyuz spacecraft to access low Earth orbit and the International Space Station until it develops an alternative.

“NASA faces an imperative to nurture development of a U.S. commercial transportation service to re-establish the nation’s ability to access low Earth orbit and the space station as soon as possible,” the report said.

NASA’s shuttle successor was scheduled for completion by 2016, but NASA recently indicated that the target may be overly optimistic, the report said, making commercial partnerships even more pressing.

In its commercial crew development program, NASA is focusing on promoting innovation and development, and is not dictating specific system concepts or mandating compliance with NASA requirements, according to the report, leading to a risk that companies will develop space vehicles that are ultimately unsuitable for NASA missions.

To mitigate that risk, NASA is considering an approach that would proactively identify significant design differences that could prevent a partner from obtaining NASA certification in future acquisitions. However, that strategy carries a risk of its own because companies without commercial crew development program contracts could complain that the advice represents an unfair competitive advantage, the report said.

Failure to mitigate the apparent conflicts of interest could lead to bid protests, which would delay and jeopardize NASA’s commercial crew program, according to the report.

In its commercial space transport acquisition strategy, which will be submitted to Congress later this summer, NASA will likely announce its reliance on competitive procurements or fixed-price contracts to keep costs down.

But fixed-price contracts could be risky, too, as they would require NASA to commit large sums of money while relevant regulations may be subject to change, according to the report.

“Some of NASA’s potential commercial crew partners are building spacecraft for the first time and design and development are under way without fully defined and finalized requirements,” the IG said. “In this type of environment, there is a risk that during the period of contract performance NASA’s requirements may change so significantly that contractors can successfully argue that the agency is changing the contract’s scope, in which case NASA could be required to pay the contractor to make necessary modifications.”

In 2010, the year after the start of the commercial crew development initiative, NASA awarded $50 million to companies working on space transport projects. The agency announced in April that it was ramping up the program, awarding $269.3 million to accelerate the availability commercial space capabilities.

Because of uncertain progress in developing both commercial and U.S. spacecraft, the report recommended that NASA consider extending its purchase of seats on the Russian Soyuz spacecraft as a contingency plan.

Although NASA has arranged with Russia to continue missions via the Soyuz until 2016, the length of time needed to procure additional seats means that NASA will have to make a decision in 2013, about three years before commercial systems are expected to be ready, the report said.

Published by Law360

5 Tips For Federal Contractors Facing New Hiring Rules

By Dietrich Knauth

Law360, New York (March 24, 2014, 9:13 PM EDT) — With new rules for contractors’ affirmative action responsibilities taking effect Monday, companies have a lot of work to do to ensure they meet the U.S. Department of Labor’s goals for hiring veterans and people with disabilities, and attorneys are preparing to get their clients in shape for DOL audits.

The DOL’s Office of Federal Contract Compliance Programs, which audits the nondiscrimination and affirmative action responsibilities of federal contractors, finalized two rules in August that aim to revamp the enforcement of affirmative action goals for veterans and people with disabilities. The game-changing rules require contractors to set hiring goals for veterans and disabled employees, invite job applicants to self-identify as veterans or disabled, compile additional data on hiring decisions, periodically survey their employees for disability status, and keep relevant records for three years.

Keeping up with the regulations, which took effect 180 days after their formal publication in the Federal Register, will likely require significant investments in human resources departments, such as hiring additional staff to conduct outreach efforts and updating online job applications and information technology systems to help capture the newly required hiring data, experts say.

“This is the first time that affirmative action programs for veterans and persons with disabilities have any statistical component,” said Valerie Hoffman, head of the affirmative action and OFCCP compliance practice at Seyfarth Shaw LLP. “This effort to collect data is a major undertaking because of the need to modify applicant tracking systems and human resources information systems. Systems changes don’t happen overnight, and most companies’ IT budgets are already strained — this is a significant undertaking by every contractor.”

Now that the rules are in effect, here are five tips to help employers manage their new responsibilities.

Update your subcontracts and equal employment materials immediately.

Some of the rules’ requirements won’t actually hit home until contractors update their annual affirmative action programs, which could start as late as Jan. 1, 2015, for the many companies that update their plans at the start of a calendar year. But while some companies will have additional time to revamp their hiring, outreach and applicant tracking systems, all contractors must immediately update language used in subcontracts and equal employment opportunity materials.

The rules require contractors to “flow down” the new affirmative action responsibilities to their subcontractors and suppliers who meet certain thresholds of business — $10,000 for the disability rule and $100,000 for the veterans rule. To comply with the rules, all new subcontracts and purchase orders must include a specific paragraph highlighting the veteran and disability hiring responsibilities in bold text.

“If you haven’t yet, inventory all of your internal and external communications that make reference to EEO and make sue that they’re compliant with these new regulations,” said Mickey Silberman, head of the affirmative action compliance and OFCCP practice at Jackson Lewis LLP. “Everywhere that an employer makes references to EEO or affirmative action compliance in internal or external communications, that needs to be reviewed, and in all likelihood, needs to be changed as of this March deadline.”

External communications and subcontracts are particularly important because they leave a paper trail that could get a company into trouble during future OFCCP audits if they don’t include the new references to hiring veterans and people with disabilities, Silberman said.

Companies’ equal opportunity tag lines will also need to be updated immediately. It’s no longer enough to merely state “this company is an equal opportunity employer” — the new rules require specific references to veterans and people with with disabilities, a change that will likely lead to more comprehensive listings in order to ward off misconceptions that only veterans and people with disabilities are protected.

“Now that you’re required to make specific references to veterans and the disabled, do you have to make references to other protected classes?” Silberman said. “Might that indicate, incorrectly, that you’re only extending those protections or that consideration to veterans and the disabled?”

Educate managers and employees about the new rules.

The rules require employers to ask applicants and employees to self-identify as veterans or disabled, and the disability question in particular could cause consternation for employees. The disability regulation requires companies to ask for disability status before a job offer, after a job offer, as well as a survey of employees within a year of the regulation’s start date and an additional employee survey every five years.

“It’s very important for employers to think about how these changed requirements might be perceived or misperceived by applicants and employees,” Silberman said. “Reasonably enough, an applicant or employee can perceive this as an employer being obsessed with their disability, asking them for the same information over and over again.”

Setting the right tone with employees is an important step towards ensuring employee participation in the self-surveys. Since the OFCCP will count the number of employees who self-identify as disabled against the entire company, rather than the portion who participated in surveys, low participation could make a company seem like it has a smaller percentage of employees with disability than it truly does.

“One of the most challenging aspects is for companies to administer this all-employee survey and the communications that are likely to preceed that,” said Alissa Horvitz, a shareholder with Littler Mendelsson. “If a company doesn’t spend a little bit of time explaining why this survey is being taken and why it is required, it’s not going to get a very high response rate.”

Companies should also train their managers to look out for ways to classify employees as disabled even if they don’t self-identify, such as listing employees who seek leave under the Family and Medical Leave Act for chronic conditions or employees who seek accommodation for a disability under the Americans with Disabilities Act, according to Connie Bertram, a partner in Proskauer’s employment group. Those kinds of decisions will be sensitive, and managers should be sure not to create the impression that they are discriminating against such employees, she said.

With the increased focus on employees with disabilities, managers should also be prepared for an uptick in employee requests for a reasonable accommodation of their disabilities, Hoffman said.

“Contractors should do some significant training, especially regarding ensuring that their managers know how to handle the interactive process for people who request a reasonable accommodation,” Hoffman said. “It’s essential that contractors be ready for that and ensure that managers can follow the law.”

Budget time and money for an HR overhaul.

For companies with annual affirmative action plans that won’t be updated for months, it is important to invest the time and money needed to get human resources information systems into shape.

“Some of the biggest that we’re seeing from our clients right now is the obligation to solicit and collect veterans and disability status from applicants and from current employees,” Springer said. “It is a big change to your applicant tracking system and your HRIS system to collect that information and put the necessary controls in place to ensure that that information remains confidential.”

Many contractors use third-party vendors and suppliers for their HR information systems, and those companies are already preparing solutions that will help contractors meet the OFCCP’s data requirements, Bertram said.

“That might ease the burden on some of the contractors,” Bertram said. “You can find some fairly efficient and cost effective vendors to handle applicant tracking, even if you’re a small contractor with limited resources.”

The specifics of the rule have created some kinks that are more expensive to iron out than initially predicted, Springer said. For example, the OFCCP requires a very specific form for employees to self-identify as disabled and requires that any electronic survey of employees use a form that looks exactly like the one provided by OFCCP and requires that employees check the boxed for disabled, not disabled, or no answer on the same place in the electronic form as it would be on a printed form — a requirement that isn’t quite so easy to drop into existing electronic systems, she said.

“It’s very difficult to recreate that form exactly and have that technology so that an applicant that can check the box that’s in that form,” Springer said.  “In some ways, that’s a win of form over substance, unfortunately.”

Still, for all the concerns about the burden of the rules, companies with good lawyers should be able to navigate the new regulations without too much difficulty, Bertram said.

“I think there’s been a lot of unnecessary hysteria by some of the outside counsel and outside sources,” Bertram said. “I think for a company that’s already in compliance with existing requirements, this is not a Herculean task. It’s [achievable] as long as you take it step by step and work with experienced outside counsel.”

Get a head start on evaluating your recruitment sources.

While companies won’t be audited under the new rules until they revamp their annual affirmative action programs, they should start laying the groundwork for audits that focus more and more on the effectiveness of their outreach efforts. Based on OFCCP scrutiny and a simple desire to ensure that they aren’t throwing good money away, companies should examine their outreach and advertising efforts to see which ones actually net qualified job applicants.

“In the past employers typically considered success to be the ‘push out’ element of outreach, simply getting your jobs out there,” Silberman said. “What most employers have not thought of traditionally, and what OFCCP is compelling them to think about differently, is the ‘pull in’ aspect of outreach. You might have 20 recruitment sources, but if 10 of them don’t send you any applicants, those are not effective recruitment sources.”

The OFCCP focus on effectiveness could carry some short-term research and assessment costs but should help companies improve their affirmative action hiring in the long run, Silberman said.

“The silver lining that can come out of this requirement is that employers will have a better handle than ever before on their return on investment regarding their outreach and recruiting efforts,” Silberman said.

Keep in touch with OFCCP.

OFCCP, recognizing the game-changing nature of the new rules, has offered contractors help in complying with the regulations. It has posted a series of Frequently Asked Questions on its website to address common concerns about the rules and created a new directory of government and nonprofit groups that can serve as possible sources of referrals for veterans and disabled job applicants.

The OFCCP recently told contractors in an FAQ that their subcontracts and purchase orders can combine the new required text for the veteran and disability rules, reducing the chance that companies would waste time and paper printing separate clauses that contain duplicative language, for example.

“There’s quite a bit of vagueness in the regulations and how they’re being interpreted, so the OFCCP is using FAQs to address some of the questions that contractors have,” said Rebecca Springer, a counsel in Crowell & Moring LLP’s labor and employment group. “The downside is that it’s just an FAQ. It’s not written into the regulation, and the OFCCP could change those FAQs at any time.”

The OFCCP’s directory of possible recruitment sources, while helpful, should not be seen as the final word, Springer said. The information collected by OFCCP may be out of date or incomplete, and the agency will likely want to see more proactive efforts by contractors, she said.

Published by Law360

Cybersecurity Framework Previews Contracting Changes

The 41-page “Framework for Improving Critical Infrastructure Cybersecurity,” developed by the National Institute of Standards and Technology, lays out best practices and assessment tools aimed at helping banks, utilities and other critical infrastructure operators protect their systems against cyberattacks. The framework is part of an executive order issued by President Barack Obama in February 2013, and while the other parts of that executive order deal more directly with federal contractors, contractors are sure to pay close attention to the voluntary guidelines, which are set to shape debate over future cybersecurity regulations.

“In the face of the government’s present inability or unwillingness to directly regulate critical infrastructure and beyond, I would think that anyone in the contracting space should be paying attention to the framework and seeing how they stack up to its expectations,” said Megan Brown, a partner at Wiley Rein LLP. “The contracting community has often been at the forefront of new government efforts, because it is easier to tack on additional responsibilities to contracts than to regulate private industry directly.”

Contractors have been subject to a host of cybersecurity regulations in recent months, many stemming from the same executive order that created the new voluntary cybersecurity framework. Late in 2013, the U.S. Department of Defense published a rule requiring its contractors to safeguard unclassified technical data and report breaches that affected that data, as well as a rule allowing the DOD to disqualify contractors for sensitive information technology procurements because of perceived cybersecurity risks in those companies’ supply chains.

The General Services Administration and DOD also recently published a report on reforms that could improve cybersecurity in federal acquisitions, and the DOD has run a voluntary threat sharing program with members of its defense industrial base. The government is also expected to amend the Federal Acquisition Regulation in 2014 with a rule requiring all contractors to implement basic information safeguarding policies.

Because of those and other regulations, and the fact that the stakes are so high for contractors handling sensitive DOD information, most defense contractors will be ahead of the curve if they want to adopt the voluntary approach laid out in the framework, according to Charles Blanchard, a partner at Arnold & Porter LLP who previously served as general counsel for both the Air Force and the Army.

But because the framework could provide the basis for legislation that includes cybersecurity incentives prized by the private sector — including grants, subsidized cybersecurity insurance and protection from liability for compliant companies — defense companies will be watching the framework’s evolution closely, he said. And nondefense contractors could look to the framework to see the kinds of best practices they can use to prepare for the upcoming FAR rule.

“For defense contractors that have government technical information that they need to safeguard, the DOD regulation is probably a more important document. This framework, if the incentives come in, could be an extra benefit. It could reward them for complying with the DOD regulations,” Blanchard said. “Most contractors, however are not DOD contractors. For those contractors, this framework could be a hint as to what they can expect when the FAR rule comes out.”

While the framework has been generally well-received by industry stakeholders, some were disappointed by its silence on the issue of incentives, like a safe harbor for companies who follow the NIST guidelines and best practices but still find themselves the victim of a data breach. That kind of safe harbor would have to come through federal legislation, because different states have pursued their own approaches to data breach reporting and liability, and a federal statute is needed to replace that patchwork of state laws, Blanchard said.

Contractors and other companies at risk for cyberattacks can still use their compliance with the NIST guidelines when defending themselves against litigation related to a data breach, although it’s no sure bet, according to Elizabeth Ferrell of McKenna Long & Aldridge LLP.

“I think it would be much more comforting for companies with critical infrastructure, contractors and other companies implementing cybersecurity recommendations if they were able to get some kind of liability limitation in return,” Ferrell said. “They want to make it official instead of rolling the dice on whether a judge or jury would accept these steps as the standard of care and say, ‘You’ve done all you needed to do.'”

While states have created a patchwork of liability laws, federal agencies have also been forced to go it alone, each attempting to manage cyberrisks through their contracts or regulatory power, Ferrell said.

“Agencies are free to tailor their own contract clauses and they are doing so,” Ferrell said. “We are now engaged in a patchwork of cybersecurity initiatives because every part of the federal government recognizes that it is critical to protect our cyberresources, and that the next big attack against the United States could be in the cyberworld.”

The NIST framework, along with its more detailed guidelines on specific issues like password security and physical access controls, could help standardize that patchwork if agencies or Congress use them as a starting point in new regulations and legislation, Ferrell said.

“Even though this framework is only for critical infrastructure, and it is voluntary, there is the sense that this will become the first building block in future regulations,” Ferrell said. “There’s a notion that this framework may be made mandatory for critical infrastructure and other regulated companies, like contractors.”

Replacing the current patchwork of cybersecurity standards with a more centralized guidance could make it easier for contractors to track their responsibilities, leading to lower compliance costs and improved security for agencies and contractors, according to Evan Wolff, a partner at Crowell & Moring LLP.

The stakes are high for contractors that are asked to revamp their cybersecurity practices, especially if the government demands a certification that the contractors comply with security standards in the framework or in other regulations. If there’s a breach or attack, and the contractor is found to have overstated its security, that could lead to risks ranging from contract penalties and poor performance reviews to debarment or False Claims Act liability.

“You could start to see the government expecting more assurances from its contracting partners, and if your abilities are not up to their expectations, you could be at a disadvantage in contracting,” Brown said.

Contractors will also face more government scrutiny than most industries, because the government can use its contracting authority to affect a broader section of the overall economy by forcing contractors to police their supply chain for risks and flow down cybersecurity responsibilities to their subcontractors. The government has already taken that approach in other areas, including in recent rules requiring contractors to police their supply chains for signs of human trafficking or counterfeit electronic parts.

“The government could really attempt to expand its reach if it tries to grab the contracting community and reach one or two circles beyond the prime contractors,” Brown said.

Published on Law360

Obama Uses Contracting Changes To Flex Policy Muscle

By Dietrich Knauth

Law360, New York (January 29, 2014, 9:59 PM EST) — Whether supporting green energy or fighting human trafficking, President Barack Obama has leveraged his authority over federal contracting to push policy goals without the support of Congress, and his newly proposed minimum wage for contractor employees signals a continued willingness to use contracting to push through incremental policy victories.

A key piece of Obama’s State of the Union address on Tuesday centered on his plans to require contractors to pay a minimum wage of $10.10 an hour to employees, part of an overall push for a nationwide minimum wage. While that proposal matched the speech’s theme of promoting executive action when Congress fails to act, it also highlighted the administration’s frequent use of contracting to pursue its policy goals.

“Using executive orders is not new, and contractor employment practices have been an active area for executive branch regulation since the 1960s,” said Charles Tiefer, a law professor at the University of Baltimore and a former member of the congressional Commission on Wartime Contracting. “President Obama, though, is using his power over contracting in a greater variety of ways than did his predecessors. This signals mounting frustration on many, many fronts with congressional inaction.”

Contractors’ employment practices, in particular, have been a sort of proxy war for disagreements between the White House and Republicans in Congress about issues like income inequality, and the minimum wage plan comes just weeks after the president signed a piece of legislation that reined in the amount the government will pay toward the salaries of contractor executives.

Obama has used executive power to change a number of contractor employment practices, requiring them to make more of an effort to retain workers when a federal service contract changes hands, requiring companies to police their suppliers for signs of human trafficking, and introducing new affirmative action rules that require contractors to hire more veterans and people with disabilities — regulations that have drawn protests from many in the contractor community.

Although executive orders cannot match the impact of comprehensive legislation, presidents have often used such orders to build on Congress’ work or prod it to action, Tiefer said.

“Congress can go much further by legislation than the president can by executive fiat, but often it breaks the ice for presidents to go first,” Tiefer said. “The equal employment opportunity program, by executive order, laid the groundwork for later legislation that strengthened the key anti-discrimination statutes.”

Obama’s executive order on human trafficking, for example, was quickly bolstered by legislation that was passed as part of the 2013 National Defense Authorization Act. Sen. Tom Harkin, D-Iowa, said he hopes something similar happens with the minimum wage, asking his colleagues to follow the president’s example and pass his proposal to raise the nationwide minimum wage to $10.10 an hour.

“As I’m sure the president would agree, this is only a first step,” Harkin said in a statement after the speech. “Low-wage workers perform some of the most difficult and important jobs in our society. They should not have to live in poverty, regardless of whether they are employed by a federal contractor or elsewhere in the private sector.”

From a policy perspective, the minimum wage is a curious place to go after contractors, according to Kara Sacilotto, a partner at Wiley Rein LLP. Contractors are already subject to minimum wages set by the U.S. Department of Labor through the Service Contracts Act and the Davis-Bacon Act, among other laws, she said.

“It’s not necessarily fair to single out federal contractors,” Sacilotto said. “They’ve already got some protections. To me this is perhaps a way of moving the needle on the minimum wage. One could argue that it puts a spotlight on an issue and provides greater attention.”

The president’s order will protect some workers not covered by existing laws, although it is unclear how many, according to Jonathan Entin, a law professor at Case Western Reserve University.

“How much of an impact President Obama’s proposal to raise the minimum wage for federal contractors to $10.10 per hour will have could depend on how many minimum-wage workers are employed by federal contractors,” Entin said. “I don’t know the answer to that. But presumably the number is not zero, so the order could make some difference directly and might also exert some pressure on state governments to raise their minimum wages.”

Tiefer estimated that existing minimum wage programs like Davis-Bacon cover less than 50 percent of the contracting workforce, and the practical impact of the executive order will depend in large part on how far it extends into “gray areas” like commercial item procurement and federal subcontracts.

But according to Stan Soloway, president of the Professional Services Council, the Service Contracts Act generally requires higher wages than the proposed $10.10 an hour, and the executive order could create unnecessary ill will toward contractors.

“We are deeply concerned with any implication that federal contractors are paying substandard wages,” he said. “The requirements of the federal prevailing wage laws and the government’s central role in determining the definition of a fair and reasonable wage are clear and long-standing. Moreover, there is natural concern that, amid a national debate over the minimum wage, government contractors are being uniquely singled out.”

Although Obama has been quick to target contractor employment practices in executive orders, he’s sometimes deferred to lawmakers. In 2012, he declined to issue an executive order that would prevent a contractor from discriminating on the basis of sexual orientation because he said it would distract from more comprehensive legislation in Congress.

The president has also used executive orders to change contracting policies in fields far from employment, acting to fill legislation gaps by boosting contractors’ cybersecurity responsibilities, or pursuing an agenda opposed by congressional Republicans by supporting green energy policies through Defense and Energy department contracts.

The military’s green energy initiatives have been a particular point of contention among many Republican lawmakers, who say that the military cannot afford expensive investments in new energy while it cuts costs and downsizes after two wars.

According to Sacilotto, the president’s focus on contracting is part of the higher public profile that contract spending has taken on after the wars in Iraq and Afghanistan, which helped make government contracts into front-page news and a more obvious political battleground.

“Ten years ago, it would have to be a big-time scandal to be in the news, but now you read about government contracts all the time,” Sacilotto said. “If there’s one area where Congress and the president seem to be able to legislate, it’s in regulating government contracts.”