Federal employees may lose their ability to book discounted leisure travel through a popular government web portal when the website sunsets later this year.
The FedRooms lodging program is the only government-wide hotel program available to all federal and military travelers on official business. It sets competitive rates for stays at more than 10,000 properties around the world, and the ability to book leisure travel is an added benefit. More than 400,000 rooms were booked using the site last year, according to the General Services Administration.
This month, the program announced on Facebook that it was discontinuing the FedRooms website after Sept. 30, prompting concerns from feds that this meant an end to the program altogether. A GSA spokesperson clarified that’s not the case.
“The FedRooms program overall is not going away, but in order to be compliant with policy and to minimize future unnecessary costs, GSA will no longer support FedRooms.com as a contractor-provided website as of Sept. 30, 2024 (the date the contract is set to expire),” the official said in a statement.
Any existing reservations made for beyond Sept. 30 will still be honored, the spokesperson said. No new bookings after that will be permitted. GSA said that a new temporary-duty lodging contract is targeted for award this spring.
In the meantime, booking for official travel will remain available via other tools, such as E2 Solutions, ConcurGov, the Defense Travel System and by calling an agency’s travel management company, the spokesperson said.
For employees who still want to find a competitive rate for leisure travel, they can reach out to hotels directly to inquire about a “government” rate. Any deals, however, are subject to hotels’ discretion.
FedRooms is a popular program among feds. From 2019 to 2023, nightly stays increased almost 70%. Employees appreciate the program for its flexible cancellation policies, zero deposits, free parking and waived fees. It also ensures prices are at or below approved per-diem rates.
The change is motivated by compliance requirements in pre-existing policy that govern the use of official websites. The Office of Management and Budget within the White House directs agencies to use only “.gov” websites as a way to convey trustworthy, verified information to the public. In addition, the Federal Travel Regulation requires temporary duty travel to be made only with approved booking tools; Fedrooms.com is not one of them.
The existing contractor, CW Government Travel, was re-awarded the $47 million contract for FedRooms in 2019. That expires on Sept. 30, coinciding with the discontinuation of the website, which is managed by the vendor, not GSA. A request-for-proposal for fa five-year contract was submitted in January.
A spokesperson for the company directed Federal Times’ inquiries to GSA.
Correction: This article previously misstated how many stays were booked with FedRooms. In 2023, there were 400,000 room nights booked via fedrooms.com. That’s out of 3.8 million total FedRoom reservations approved through other booking tools, like ETS2, DTS, and agency TMCs.
Molly Weisner is a staff reporter for Federal Times where she covers labor, policy and contracting pertaining to the government workforce. She made previous stops at USA Today and McClatchy as a digital producer, and worked at The New York Times as a copy editor. Molly majored in journalism at the University of North Carolina at Chapel Hill.
Sgt. Timothy Bella, a geospatial engineer, prepares a Golden Eagle drone for flight during Exercise Bronco Rumble at the Kahuku Training Area, Hawaii, on Aug. 19, 2021. (Staff Sgt. Alan Brutus/U.S. Army)
Unmanned technologies are maturing at such a rapid rate that multiyear purchases would likely leave the U.S. Army with outdated devices, according to a service acquisition official.
Militaries the world over are increasingly developing and deploying drones and robotics, with the systems posing a threat on land, at sea and in the air. The growing importance of uncrewed systems has been on display for two years in Ukraine and is at the heart of the Defense Department’s clandestine Replicator initiative.
In discussions about the Army’s fiscal 2025 spending plans, Assistant Secretary of the Army for Acquisition, Logistics and Technology Doug Bush said a multiyear procurement for something that changes as fast as unmanned aerial systems “may not be appropriate.”
“There’s also a lot of new entrants in that space,” Bush said in a briefing at the Pentagon. “Committing to one, as good as that company might be, would perhaps foreclose other options because there’s so much innovation with new companies in that space.”
Multiyear procurements are typically used to secure mass amounts of munitions. They are thought to motivate defense suppliers, who can count on longer-term demands and ramp up production as a result, and save money by buying in bulk over the long run.
But locking in on the same drone year after year is a different circumstance, according to Bush. Demands for technology can change month to month, let alone year to year.
“What you buy in one year, I’m not sure you’d want to buy that exact same [unmanned aerial system] for five years,” Bush said. “We might be heavy one year in intelligence, surveillance and reconnaissance and heavy the next year in strike.”
The Army’s fiscal 2025 budget blueprint totals nearly $186 billion, an uptick of $400 million compared to the year prior. The service is asking for $175.4 billion in its base budget and another $10.5 billion to pay for overseas operations.
The budget levels also presume the congressional passage of supplemental funding to cover the costs of funneling military aid to Ukraine and to support increased operations in the Middle East, Defense News reported.
Colin Demarest was a reporter at C4ISRNET, where he covered military networks, cyber and IT. Colin had previously covered the Department of Energy and its National Nuclear Security Administration — namely Cold War cleanup and nuclear weapons development — for a daily newspaper in South Carolina. Colin is also an award-winning photographer.
One hard reality of cybersecurity is that the economics favor attackers. It is more costly to defend than it is to attack. As threat actors become more sophisticated and diverse, the cost to defend continues to grow. Defender resources — time, money, and people — are finite. As such, companies need to allocate them efficiently and effectively.
Unfortunately, the steady movement toward government-imposed cybersecurity regulations and enforcement actions poses a dilemma for many companies. Do they allocate resources to secure their environment or to ensure compliance with a multitude of government mandates and reporting rules?
The number of cybersecurity regulations imposed on industry is so voluminous that a core pillar of the Biden administration’s National Cybersecurity Strategy is to harmonize regulations. Yet government agencies continue to issue conflicting mandates that will divert resources from security to compliance.
One such example is the Federal Acquisition Regulations rule on Cyber Threat and Incident Reporting and Information Sharing, proposed by the U.S. Department of Defense, the General Services Administration, and NSA, which is estimated to impact upwards of 94,000 companies that contract with the federal government. This proposed rule alone is conservatively estimated to impose compliance costs of $1.52 billion annually on companies that service the federal government. The benefits, however, are less easy to quantify.
Advocates of mandatory reporting claim that it is necessary so that the government can have a better understanding of cyber threats, which will help them share information on how to defend against the threats.
Even if we accept this claim — that despite the collective resources of the NSA, Cyber Command, the CIA, the FBI, the U.S. Department of Homeland Security, and a nearly endless number of federal agencies, the government still does not have a sufficient understanding of the threat landscape — the proposed regulations will not achieve the purported goal. Instead, the government will be provided with a tsunami of information with seemingly no filter.
For example, the proposed FAR rule would require companies with government contracts, and their suppliers, to report on every anomaly observed on their network — which the proposed rule calls an incident that “may have occurred”— within eight hours (yes, eight hours) of it being noticed.
Companies investigate potential security incidents every day. Therefore the Cybersecurity and Infrastructure Security Agency could receive hundreds, potentially thousands, of reports each day on incidents that “may” have occurred. CISA will be quickly overrun with unverified and inaccurate information on security incidents that either didn’t occur or have no impact. The task of sorting through a mammoth amount of data will make it more difficult to provide actionable threat intelligence back to industry.
As such, at a minimum, the FAR regulations should limit mandatory incident reporting to consequential incidents such as those that impact government data or a contractor’s ability to perform its mission.
Other government agencies also are imposing regulations that likely will have a detrimental impact on security. The most high-profile of these is the SEC’s Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure rule, which creates another set of governance and reporting requirements for publicly traded companies. Under the SEC rules, publicly traded companies would have to publicly announce when they experience a cyber incident that has a “material impact.”
Under these regulations, companies must publicly disclose incidents and certain details even if doing so puts them or other companies at greater risk. For example, if a company is still remediating an attack, it faces the prospect of being attacked again by other actors who know that the company is already busy responding to the initial incident. Public information about a successful attack will undoubtedly be scrutinized and used by attackers.
Companies are anxiously awaiting the next round of regulation, due in March, when CISA issues its initial proposed regulations to implement CIRCIA. This law was passed in 2022 and requires companies to report incidents to CISA within 72 hours. Key areas of focus will be which companies will be required to report incidents and what type of incidents they will need to report.
These examples reflect only a sample of the regulations and mandates from just the federal government. States are developing their own set of cybersecurity requirements. This will make both security and compliance more difficult and costly.
Our nation faces a complex range of cyber threats. Nation-states are using their cyber armies to attack America’s critical infrastructure and government. They are actively stealing intellectual property and, according to the FBI, are lurking on networks waiting to pounce when the time is right. Unfortunately, the government’s response to this is to create a complex regulatory, compliance, and reporting environment that is both duplicative and contradictory.
It may not be realistic to begin the immediate rolling back of regulations and mandates. However, it is essential that the government collectively pause on issuing new cybersecurity regulations and mandates to focus on the much-needed regulatory harmonization.
Scott C. Algeier is Executive Director at IT-ISAC, a not for profit organization of companies dedicated to enhancing cybersecurity by sharing threat information.
Six months into the fiscal year, the Pentagon still doesn’t have a full budget. Last week, service leaders warned of catastrophic effects were there to be a yearlong continuing resolution. And on March 11, the administration plans to introduce its FY25 budget request.
Welcome to budget season 2024, the government’s split-screen effort to secure spending deals for two fiscal years at once. For the Pentagon, the moment is one of almost unique uncertainty.
“We’re in this bizarro world where there’s no budget, but amendments are [being] submitted” for the 2025 defense policy bill, said Mackenzie Eaglen, a defense expert at the American Enterprise Institute.
Looming over the budgeting process for the Pentagon is the threat of a full-year continuing resolution, or CR.
“There is no playbook” if that occurs, Eaglen said, noting the Pentagon has never before operated under a yearlong CR.
The second threat is possible sequestration. If Congress doesn’t pass all its spending bills by April 30, there will be automatic 1% across-the-board budget cuts, per the terms of the Fiscal Responsibility Act, a deal struck last year to avoid a government default.
The president can choose to exempt military personnel spending — about a quarter of the Pentagon budget — from those cuts, said Seamus Daniels, who studies defense spending at the Center for Strategic and International Studies. That would mean sequestration would actually trim more than 1% for the other areas of defense spending, such as procurement.
Still, the issues surrounding the FY24 budget will cloud the White House’s FY25 request, multiple experts on the defense budget told Defense News.
“It makes it difficult for the Biden administration to plan, not knowing what the final appropriations levels are going to be for defense programs in 2024,” said Daniels.
A full spending bill for one fiscal year and the administration’s request for another are meant to be staggered six months apart. This allows the White House to factor in Congress’ preferences from one budget cycle into another.
“They need to be six months apart so that one can build on the other,” said Mark Montgomery, a fellow at the Foundation for Defense of Democracies and former Pentagon official. “We’re having no building here.”
The Fiscal Responsibility Act capped spending increases for the entire government, including the Defense Department. In last year’s budget request, the administration projected the Pentagon’s overall funding would rise to $860 billion in FY25. Instead, its cap will be $850 billion, a 1% year over year decrease in spending, when adjusted for inflation, said Daniels.
That topline will likely compound the pressure on the Pentagon’s procurement accounts created by the delay in this year’s funding, said Eaglen.
Assuming Congress passes a defense budget in March, the department would have about six months to spend new money that was meant to be spread over an entire year. Because the Pentagon won’t dock personnel pay or lower readiness, that means the procurement accounts will probably suffer disproportionately, she said.
The Pentagon’s guiding strategies in the last three administrations have focused correctly on this challenge, said Mark Cancian, also of CSIS. But the department doesn’t have enough money to properly execute that strategy, he said — and the budget delays and uncertainty this year don’t help.
On March 11, Daniels said he’ll be watching the budget request’s forecast for future years. The caps instituted by the FRA only last this coming fiscal year, which means the administration could project funding increases more in line with the estimates from previous budgets.
There’s also the question of the White House’s massive national security supplemental request, which passed the Senate in February, but has since stalled in the House. Because of the size of that bill — $95 billion — the Pentagon’s budget is unusually connected to a separate piece of legislation, Montgomery said.
Cancian said he doubts any of that funding will make it into the FY24 Pentagon topline, but the Defense Department has outstanding bills for its surge of support after the wars in Ukraine and Israel in the last two years and those bills need paying.
It’s not yet clear Congress will be able to pass a full appropriation this year. Because all of its funding bills need to be passed in order to avoid a sequester, the Pentagon needs to plan for that possibility even if it gets an FY24 budget, said Daniels.
“You don’t know necessarily what the sequester is going to be, if there is one,” he said. “So you’re just injecting a lot of uncertainty into the planning.”
Noah Robertson is the Pentagon reporter at Defense News. He previously covered national security for the Christian Science Monitor. He holds a bachelor’s degree in English and government from the College of William & Mary in his hometown of Williamsburg, Virginia.
The U.S. Special Forces Command’s small business innovation research program is unique compared to other similar efforts around government.
Congress gave SOCOM a special authority in 2021 to do business-to-business transitions through the SOFWERX organization.
Lisa Sanders, the director of science and technology for Special Operations Forces in the Acquisition, Technology and Logistics office for the Special Operations Command in the Defense Department, said the command is cutting down the time it takes to field capabilities by years.
“In fiscal 2023, our average time to production decision from the initial topic announcement to the award of a follow on in phase 3 is 18 months, which is compared to SOCOM’s average before using this authority was five years,” Sanders said in an interview with Federal News Network. “We also transition about 50% of the projects that we do under this authority into phase three. Our program is structured in such a way that the program offices who are the transition partner are the ones that identify the topic, the ones that select the vendor, and they are the ones that do the SBIR contract management. There’s a built-in transition pathway, which is part of the reason that we have such a high transition rate.”
In the 2020 defense authorization bill, Congress gave SOCOM the ability to use partner intermediary agreement in conjunction with other transaction agreements (OTAs).
The Strategic Institute for Innovation in Government Contracting said “the primary focus of a PIA is to facilitate collaboration between small businesses, academia and the federal government for their mutual benefit. That can include a PI’s outreach activities for surveying all potential sources of technology of interest to a government agency. If needed for assisting in screening and evaluation, the PI can hire or contract with subject matter experts on a rapid basis to gain the expertise needed to assess state of the art proposals.”
Sanders said SOCOM used this authority in 2023 for about $2.4 million in SBIR awards using its own funding and then another $16 million on more traditional approaches for SBIR awards.
Then, SOCOM received another $50 million in SBIR awards using funding from other Defense Department components.
Software development is a good fit
Sanders said SOCOM made 27 different contract awards against 14 SBIR that ranged from things like undersea technology, diver equipment, vehicular technologies like tires or communication systems, and a lot of software.
“Software is an area that is very conducive for rapid assessment, and it’s a huge challenge when you’re trying to do traditional contract awards because those businesses that do software development oftentimes their cycle times can’t wait 15-18 months to get a decision on whether they’re going to go forward. They need to decide within a short single digit month timeline,” she said. “We are doing things in cybersecurity. We are doing things on satellite payloads. One of the things, if you see something coming out of Special Operations Command, it has to be unique to our user. If a service is already delivering that, I’m not going to buy the same truck that the Army is going to buy. I may modify that truck with unique payloads or unique environmental conditions they may need to let them operate, for instance, on a different kind of fuel or something like that. That might be a SOF-specific requirement that would go against there.”
She added one of the biggest lessons from using this PIA authority is how beneficial it is for software acquisition because the users and developers are asking critical questions at the same time, which are leading to faster decisions and accelerating the time to put capabilities in the field.
SOCOM struggled at first with the new authority, but Sanders said over the last year or two, they have settled in to attracting non-traditional vendors, advertising SBIR opportunities through traditional approaches like the SAM.gov platform and its website, and determining when it makes sense to use this authority and when it makes sense to use the traditional SBIR or even contracting pathways.
“What we are seeing is you’re contracting the cycle. The same conversations that you have, whether it’s with SBIR or any other development effort to meet a Department of Defense need you still have those questions. What’s the problem you’re trying to solve? Does this approach solve that problem? Where does that fit in the prioritization of where we’re going to execute dollars against it? Who’s going to be the transition partner to place that acquisition strategy? Is there a requirement in place? All those decisions are still the same decisions,” she said. “But because we are bringing together the user, the program manager, the technology provider and the finance people in that conversation and throughout the process, we’re having those discussions. If something is not going to pan out because the requirements changed, we don’t wait until we finish the development in order to say, ‘Okay, now is the requirement still valid? Oh no, it’s not valid.’ We just spent the last two years finishing this when the requirement had changed two years ago. Those people are in that conversation, and when the requirement changes, we share that with all of the stakeholders and make the decision at that point in time.”
Traditional SBIR transition rate remains high
While SOCOM can’t use this partnership intermediary agreement approach for all SBIR programs, Sanders said they still are moving these innovations through the process faster than the average time across DoD.
She said the five-year timeline still is necessary when doing innovation things like bending metal, buying connectors, making circuit boards and some of those higher risk technology projects that are “really pushing the envelope, and so we need to de-risk some of our projects.”
SOCOM’s phase 3 transition rate is about 40% for the traditional SBIR process.
Typically it’s in phase 3 that innovative efforts fall apart, called the valley of death.
DoD has focused on improving its transition efforts over the last several years. Heidi Shyu, DoD’s undersecretary of Defense for research and engineering, said in April that there has been a 33% increase in the number of small businesses participating in the SBIR and STTR programs that have transitioned their technologies to SBIR and STTR Phase III, or commercialization phase, since 2021. Shyu said DoD also has seen a 53% increase in the number of new vendors participating in SBIR/STTR programs since 2021.
Sanders said no matter the SBIR pathway, SOCOM is looking for vendors to bring innovative ideas.
“While we have hard problems and we have very demanding users, we have very rewarding problems that people can find value in,” she said. “One of the things that we’ve done a lot of work on is sharing what those problems are. I would encourage anybody if you don’t know what we’re interested in Google the phrase doing business with SOCOM, and it will bring you to a home page that identifies some of our problem areas. It identifies a place for you to just push out a white paper, not something in a special format with 28 pages in this particular font. Just give us a little one-page slick sheet on what you’ve got, and that will come into our user community, to us and you’ll get feedback within 90 days on your idea.”
The Department of the Navy’s third attempt to modernize its contract writing system and overall electronic procurement system is on shaky ground. The latest bid, which followed at least two previous failures, is facing similar troubles as earlier projects: incomplete planning, a technology platform with questionable maturity and, maybe most striking, the hubris of the leadership that their current plan will be successful no matter what evidence emerges that tells a different story.
While organizations can more directly address shortcomings in planning and technology, experts say, time and again, it’s clear that overconfidence and inflexibility tend to sink large scale technology programs.
That hubris reared its ugly head most recently in June when the Navy retracted a technical assessment that found shortcomings in the Navy’s electronic procurement system (ePS) program. In its internal objective assessment of the technical approach for ePS, the Naval Information Warfare Systems Command (NAVWAR) detailed a host of questions and potential problems about the project.
But within three months, and following a series of questions from Federal News Network, and possible pressure from Appian, whose platform the Navy is using to build ePS, NAVWAR said the report is erroneous and has no plans to redo it.
“The Electronic Procurement System (ePS) Technical Assessment was developed using partial and outdated information. After receiving additional and updated information, it was determined that the report was not accurate,” a NAVWAR spokesperson told Federal News Network in an email. “No new or revised assessment is required because the additional information we received eliminates the need for one.”
The decision to fully retract the report and not issue a new one opens the door to even more questions about the future of ePS and whether the Navy finally will successfully modernize its 30-year-old electronic procurement system.
And experts said merely withdrawing the technical assessment, which the Navy’s Program Executive Office for Manpower, Logistics and Business Solutions (PEO-MLB) asked for as part of its risk management strategy, doesn’t offset the critical findings.
It also raises even more questions about how the assessment went through the entire development process, multiple layers of review and finally approval by Rob Wolborsky, who is NAVWAR’s chief engineer, only to be so poorly done and missing key information that the organization decided to take it back a few months later.
“The technical assessment team received additional information, including additional architecture documents, through technical exchange meetings and discussions with the PEO MLB ePS project team and functional requirements owners,” the NAVWAR spokesperson said, without offering any further details about how these new documents addressed the findings of the technical assessment team.
Additionally, NAVWAR also said it mislabeled the document as unclassified, again raising even more questions among observers about how a well-worn process fell apart in so many different places.
The spokesperson said NAVWAR is reviewing the document sign-off and release processes.
Despite these clear missteps, PEO-MLB requested the technical assessment for a real reason. Christine Rodriguez, program executive officer for PEO-MLB, said in an email to Federal News Network that the technical assessment is “to ensure a solid engineering foundation and processes are established and followed.”
In the now retracted technical assessment, which Federal News Network obtained, NAVWAR found several glaring holes in PEO-MLB’s approach to implementing ePS, which is based on the Air Force’s contracting IT (CON-IT) platform:
Communication challenges across the effort
Software and licensing costs
Missing capabilities requirement document
Overly complex solution (over-architected)
High-risk development workflow
High-risk deployment workflow
Missing documentation
Lack of dedicated engineering resources
Missing sustainment plan
Appian product shortcomings
“In conclusion, the implementation of ePS has encountered planning and communication challenges. However, despite these challenges, ePS has achieved significant milestones, including deployment to a production environment, obtaining an authorization to operate (ATO), onboarding a limited user base and awarding two contracts. These accomplishments give the appearance that ePS is on track to be a successful effort in the long term. However, it is essential to acknowledge the potential risks that come with the lack of critical planning,” the authors of the report said. “Without foundational planning documents such as the business process model, capabilities requirement document and business enterprise architecture, there’s a chance that the system may not fully align with the overall business requirements. This misalignment could lead to operational inefficiencies, user dissatisfaction and ultimately, an unsuccessful implementation.”
The latest iteration of ePS is partly a spin-off of CON-IT, the platform the Air Force has been implementing for Defense contract writing since 2018. It is a low-code system built on the Appian platform, meant to standardize contract writing, reduce costs and create efficiencies on both ends of the contract.
The Navy — along with the Army, the Air Force and the Fourth Estate agencies — is trying move off of the Standard Procurement System, developed in the 1990s. Like any technology system built 30 years ago, it has run its course and DoD is turning SPS off by Sept. 30, 2026, according to a 2020 memo from Kim Herring, the then-acting principal director of the Office of Defense Contract and Pricing.
The technical assessment, written by a team of NAVWAR experts led by Edmund Kuqo, whose expertise includes cloud, cybersecurity, DevSecOps, requirements and being an agile coach, found the Navy’s approach may be overly complex, based on the decision to use a “system-of-systems” approach, which added layers of engineering complexity without providing additional benefits.
“Further analysis should be performed to determine the true ‘total cost of ownership’ of including CON-IT and utilizing a system-of-systems approach and determine if the benefits outweigh the cost,” the authors wrote.
Kuqo declined to comment for the story, referring all questions to the NAWWAR press shop.
In the now-retracted document, the authors also detailed potential problems with the Appian platform, including questions about its maturity and approach to software licensing.
Appian declined to comment on the specific findings of the report, but highlighted the Navy’s progress so far.
“The Navy ePS program is a success, and the success is driven by Appian and CON-IT, which was also successful at the Air Force and is succeeding at the Army,” Cindy Cheng, Appian’s senior director of communications, said in an email to Federal News Network.
The authors of the assessment, which included at least one member who listed their expertise to include the Appian platform, found “from previous Appian experiences within the assessment team, load balancing/high availability, error handling and process isolation (threading) features are either non-existent or poorly implemented despite the official Appian documentation stating differently.”
An industry source who is familiar with the Appian platform and requested anonymity to speak about the report, said NAVWAR’s analysis was poorly done because it used outdated information, and the command was right to retract it.
“The Navy ePS program is on track, on budget and hitting all of its milestones, and since the report came out, they’ve onboarded yet another tranche of users and migrated $1.6 billion in contracts on. The system has executed over $22.6 million in new contract actions in the system, and have every expectation of hitting their goal of having 1,500 users onboarded by the end of 2024, so any suggestion that the Navy ePS program is actually struggling doesn’t seem to be supported by what we’ve seen and heard,” said the source. “That doesn’t mean that there aren’t critics who would prefer the program going a different direction. But in terms of actual data of any actual problems with the project, we haven’t seen any such.”
The source said Appian didn’t get a chance to review or comment on the technical assessment.
An ‘extremely challenged’ program
But other experts said even if you discount the concerns about Appian, the report’s findings show ePS is far from being on solid footing.
Reid Jackson, the CEO of Unison, which provides electronic procurement system software to several agencies, including the Navy’s Office of Naval Research, Navy Installations Command and the Marine Corps Community Service Organization, said it’s difficult to reach any other conclusion than ePS is an “extremely challenged program.”
“The Navy says it is missing several elements that they would routinely see in a major enterprise information system, regardless of the approach chosen. They’re missing elements like the system architecture, a business process model, external interface map they have chosen,” Jackson said in an interview with Federal News Network. “So their words about this program, when you strip off the polite language around it, I think has left the technical assessment team deeply concerned about the ultimate success of this program.”
Jackson, who highlighted that Unison didn’t participate in the report and didn’t know NAVWAR was even working on the report until it became more public, emphasized the report carries more weight because it was done by the Navy’s own systems people looking at a program that is being run by a functional organization.
The assessment team added that it does not believe selecting CON-IT was a bad decision, but the Navy should be made aware “that utilizing external dependencies can come with hidden costs and in many cases to drift from the initial code baseline due to differences in requirements between different DoD components.”
Disagreement over analysis of alternatives
Jackson said the lack of competition around ePS is another factor causing the Navy trouble.
“When I look at this report, I can’t help but feel it doesn’t have to be this way. The competitive process that is almost universally followed, and certainly advocated for by procurement policy folks, offers benefits and can avoid this problem of selecting a solution and then later finding out it doesn’t meet your needs. It’s not mature. It’s not ready for the DoD enterprise,” he said. “In the technical assessment, they also say, by the way, you don’t have requirements, you don’t have interfaces and you don’t have a business enterprise architecture. All of those are things you would have completed in order to communicate to industry as part of a competition and as part of explaining what you are trying to achieve. This is not my report. I read this report, and I think it just doesn’t have to be this way. This is specifically what competition avoids: late surprises.”
PEO-MLB’s Rodriguez pushed back against the idea that there wasn’t competition.
She said the Navy completed an analysis of alternatives in 2013 that recommended holding a competition to select a commercial product that would be extended via business process modeling capability and data integration to fit capability gaps.
“As part of the seven-month feasibility study in 2021, we assessed the feasibility of the technical baseline of CON-IT for the core contracting module (CCM), as is typical in a procurement process. Other factors considered in the study were cost, speed to deliver, and ability to meet the Navy’s complex contract writing requirements,” Rodriquez said. “Feasibility studies, prototyping and technical assessments cannot identify every potential issue with a system because system requirements evolve based on regulation and policy changes, especially when delivering solutions that need to meet the needs for 10 unique [Navy Department contracting organizations]. However, we are confident in the selection of CON-IT as the baseline platform for the CCM and that our agile software development process that includes end user and stakeholder engagement and feedback will continue to improve the CCM and address any potential challenges that arise throughout the process. We will ensure that any issues with CON-IT are addressed.”
Navy’s 7-month feasibility study
At the same time, the technical assessment team also expressed concerns about the Navy’s process to analyze all the possible options.
“While the selection of CON-IT in hindsight is not necessarily a bad decision, the action of selecting CON-IT without performing an AoA is high risk,” the report stated.
PEO-MLB’s Naval Applications and Business Services (NABS) portfolio, which is leading the latest modernization effort, did the feasibility study after several previous modernization attempts. The Navy’s goal is to modernize and consolidate more than 245 DON legacy contract writing systems (CWS) and other ancillary procurement systems. These procurement systems write and manage most DON contracts under 10 heads of contracting activity (HCA).
“DON ePS will provide standardized, seamless, end-to-end contract management (i.e., sourcing) of services, supplies and construction to the estimated more than 16,000 contracting personnel (6,420 critical users) within the DON HCAs,” said Rodriguez. “ePS will be designed to execute 100% of the DON’s contracting mission throughout the procure-to-pay process (P2P).”
The move to CON-IT comes after the Navy’s previous attempts to modernize its systems fell flat. In August 2019, it awarded CGI a 10-year, $222.9 million contract to build the system, only to cancel it two years later.
After the Navy’s struggles with CGI and seeing the Air Force’s success, leaders decided to move over to CON-IT. The Navy launched its minimum viable product last September.
“ePS went live on Sept. 29, 2023 with a minimum viable capability release (MVCR) providing automated contract writing and the ability process requirements from inception to award, while incorporating flexibility to interface with other electronic systems,” Rodriguez said. “The ePS MVCR included the ePS core contracting module (ePS-CCM), data integration layer (ePS-DI) and Navy procurement data standard (PDS) pre-validation service (ePS-PRE). MVCR functionality included basic Federal Acquisition Regulation (FAR) contracting, such as firm-fixed price (FFP) contracts, purchase orders, task or delivery orders, and indefinite delivery vehicles under the Simplified Acquisition Threshold (SAT) and using the Simplified Acquisition Procedures (SAP) for making purchases of supplies or services. Today, more than 100 contract actions worth more than $1.5 billion in contracts have been successfully executed using the ePS CCM.”
Navy requests $15.6M more in funding for 2025
Between September and July, PEO-MLB has made an additional 20 software updates and currently supports 293 users and has executed more than 100 contract actions worth more than $1.5 billion in contracts.
“Increase in funding for ePS to leverage existing technologies and capabilities to gain efficiencies. Increase supports additional sustainment costs, which includes licenses for functionality releases and user accession. The increase will support release of capabilities that aggregate to support the Navy’s end-to-end contract writing system,” the service wrote in its budget justification.
The service received $5.9 million in 2023 and requested $6.5 million in 2024.
Despite the progress on ePS, the Navy asked NAVWAR to conduct a technical assessment — which, industry experts say, is usually done in the pre-award phase, not six months into development.
Unison’s Jackson said PEO-MLB’s decision to do a technical assessment at this stage of the program is odd at best; at worst, it demonstrates there are real concerns with the program.
He said agencies usually do these types of technical assessments at the beginning stage of an acquisition strategy.
“It’s typically called out in the request for proposals that evaluates past performance, technical approach, and pricing volumes. Those are the three most common evaluation criteria,” he said. “The RFP usually explicitly says this is how we’re going to score it, and the technical assessment is routine. It is one of the reasons you compete major enterprise systems, so that the technical assessment can be done during the competition, and you uncover these foundational challenges before you make an award. As opposed to Navy, who is now, apparently 18 months into their solution, doing a technical assessment and uncovering profound structural problems with the low code approach for building a major enterprise system.”
As an example, Jackson said the Marine Corps Community Service Organization contract writing system effort put potential providers through the rigorous technical assessment as part of the competition.
Functional perspective of system development
Elliot Branch, a former deputy assistant secretary of the Navy for acquisition and procurement, who spent more than 30 years working for the Navy before retiring in 2019, disagreed with the idea that a technical assessment is done during the pre-award phase.
Branch, who is not a technologist, said the software space seems even more difficult to assess ahead of time.
“First of all, we’re really dealing with functionality and a roadmap to get to that functionality, unless you have an absolutely existing product. So with a software build, the key is always going to be implementation, and you cannot judge paper implementation with an assessment at that level of detail,” he said. “You actually have to have some kind of working product so you can go in and look at the integrity the architecture, the way it’s architected, the cybersecurity and other factors. This technical assessment really is more analogous to technical evaluation and operational evaluation in a weapons system.”
No matter the debate over the technical assessment, Branch said developing a system like this is always more complicated than first imagined.
“People really don’t understand the space from a functional perspective. Here’s the overarching issue: As I see it, you really have to make a trade between uniformity in contracting and the freedom to contract,” he said. “We think about contracting as a matter of clauses, and it’s really a great deal more than clauses. What these contracts embody, if you will, is a certain business logic between the government entity that’s contracting for supplies or services and the industry that they’re buying from. So if you want to get a standardized solution across a department, let alone the entire DoD, what you have to understand is that you’re going to give up some freedom of contracting, you’re going to give up some ability to express in the contract those business rules that that particular industry segment and the government have developed over years to get standardization.”
Branch, who retired before the Navy awarded the deal to CGI and well before the effort started to implement CON-IT, said he believes the Navy’s logic probably was the Air Force’s system presents the best opportunity to let each of the contracting activities, each of which has a very different set of buying missions with very different industry segments, preserve those business practices.
“I can see from a technologist perspective the concerns about the variety of the solutions under that one umbrella would create challenges in terms of building an application suite that had integrity,” he said.
Army, DLA also moving to new platform
The Navy isn’t alone in its struggles to move off of the DoD Standard Procurement System. The Army also failed with an earlier attempt to work with CGI, spending tens of millions of dollars before canceling the contract in 2021.
The Army seems to have righted its ship. In its most recent update from December, the Program Executive Office Enterprise Information Systems (PEO EIS) and the Office of the Deputy Assistant Secretary of the Army for Procurement (ODASA(P)) reported that the service has put 23 contract awards through the system, with total obligations of $41 million, and it had planned to train over 500 users as of January.
The Defense Logistics Agency also is implementing CON-IT. In a 2023 presentation, DLA said it was implementing an incremental pilot with more than 400 users to test the feasibility of the platform. The pilot successfully evaluated interfaces with five external systems like SAM.gov and the clause logic service, an authoritative, rules driven engine that determines the FAR and DFARS clauses for solicitations and contracts.
DLA too had some challenges with Appian’s platform, including “changes to support Procurement Integrated Enterprise Environment (PIEE) single sign-on (SSO) took longer than expected,” according to the 2023 presentation.
The Navy ePS alarm bells aren’t just being rung by the NAVWAR team. Lawmakers and the Government Accountability Office also highlighted concerns about the program.
In the fiscal 2023 Defense authorization bill, lawmakers specifically called out both the Army’s and the Navy’s efforts. While congressional concerns were focused on the old approach under CGI, which the Navy cancelled, some of the concerns remain.
“A commonality between these programs has been that their oversight and management has been run by procurement leadership teams, instead of information technology professionals, with the results clearly demonstrating the effects,” House lawmakers wrote in a report accompanying the bill. “The committee is concerned that in re-evaluating these programs, program managers have not considered technology-forward approaches, industry best practices, proven commercial-off-the-shelf solutions in use across the federal government, or innovative procurement processes, such as prize competitions. While the committee is encouraged that the services’ chief information officers are taking a larger role in technology-centric program acquisition, the committee believes more needs to be done to reach the aspirational end state.”
Trajectory of ePS unchanged?
GAO reported in June 2023 that the Navy CIO rated the program as “high risk,” and a Navy EPS official reported that the planned changes to the program’s baseline were related to greater technical complexity in development than anticipated.
Even with the Navy’s decision to retract the technical assessment, Unison’s Jackson said he hopes it will help change the trajectory of the ePS.
“What I hope will come from it is other organizations will adhere to the acquisition principles of competition, so that they do their own technical assessment as part of their competitions,” he said. “Then they will not find themselves 18 months or more into a solution and find that it’s not a mature enterprise solution and it may not be suitable for their enterprise.”
All of this information — from the warnings from Capitol Hill and GAO to the technical assessment team’s report — highlight the Navy’s potential and real challenges to modernizing its electronic procurement system.
“Modernizing the Navy’s procurement system is very complex. The majority of these solutions are outdated and out of compliance with security and audit requirements. Due to the number of applications and systems, we do not have standard business processes; therefore, developing a consolidated solution is a significant change to the procurement and contract writing community,” Rodriguez said. “Our previous attempt to modernize the DON’s contract writing system reinforced the need to perform periodic assessments. We need to identify issues early to self-assess and self-correct throughout the process. That is why we requested the March 2024 technical assessment. We also learned the implementation process and the solution itself must be flexible enough to meet the requirements of our stakeholders. The early involvement and continued engagement of our internal customers, end users and stakeholders in the development process is invaluable in ensuring the solution meets the DON’s requirements. We are leveraging the knowledge and work from those efforts to inform our strategy and ensure we avoid repeating the same lessons learned.”
You can’t overlook the role venture capitalists have played in the rise of the commercial space industry. In an industry that relies on failed tests, there needs to be those sponsors who are alright with not seeing a quick return on investment. So what does it take to make those smart investments and what goes into the decision-making process? Ethan Batraski, a partner with the firm Venrock, answered these questions on The Space Hour.
Ethan Batraski I think in order to predict the future, you have to get a sense of where have we come from and where are we today. And so the way I think about it is, space has experienced multiple waves. We’ve started with private launch with SpaceX. We moved to this CubeSat era, then a modern space era, then we’re getting into an in space economy, and then eventually a lunar economy, and then eventually deep space and Mars. And so I think it’s important to understand what has happened and then led to where we are today. And so if I think about that first wave, the space economy really just begun with the emergence of private companies trying to embark on launch. This was primarily dominated by NASA and most Commons, and eventually Orbital Sciences and the SpaceX really disrupted the model to SpaceX prove that a private company could actually get into orbit, and could actually operate without being necessarily a defense prime only. I think, that then opened up the aperture for the world to think about, how do we take advantage of this access to space. And so that, I think, led to the CubeSat revolution, the idea of small standardized satellites that were cheap to get up and lower the barrier of entry to get into orbit. I think that proliferation was really interesting, because it led to a bunch of interesting concepts, like planet and others around constellations. And now what we’re seeing with Starlink and one web and others, I think the challenge there was then they realized, well, these spacecraft are too small, incapable of really heavy workloads.
And so that led to a third wave of the modern space services era. Like these are growth companies leveraging the infrastructure capabilities developed in the previous phases, but now starting to go and disaggregate some of the large players that exist today, like the viasats of the world and global eagle and others. And so you have companies with broadband satellite and Capella with imagery and black sky with geospatial. And so you start to see these slightly larger spacecraft go and build real businesses. And I think we’re in that third phase today, where these companies are still in this world of vertical integration and still making their way into orbit. Improving that being a aerospace company can be a highly profitable business that the market would value at some high multiples. I think we’re like in the middle of that phase, because those companies are just getting into orbit, just making their way into the public markets, and creating more opportunity for investors to come in with growth capital and potentially even a venture risk capital. I think from there, then we get into the interface economy. This is where we think about, well, what are the things that we need to do in order to enable a true space economy, everything from manufacturing and assembly and space habitats. And how do we leverage resource utilization? How do we continue to make commercialization of orbit feasible, whether it’s around traffic management and continued access? And then once that happens, we stop looking towards the Earth, and we start looking the other way. Now we start thinking about the lunar economy and Mars.
And so I think there’s a bunch of things today as we think about going from the third wave to the fourth wave, where there’s interesting opportunities. I think one is around just the manufacturability and standardization of spacecraft and Space assets. I think that we’re in the phase where still every spacecraft is still bespoke, and from the bus to the endpoints you’re using, to the configuration of a your software defined radio, to how you think about propulsion and where you need to lane keep. And we need to get to a point where those can be off the shelf, and so you can start to proliferate the access to the hardware and start to typically reduce down the price instead having to buy lots. And so I think we need to move to the place where servers have gone today, where their standard motherboards and their standard pieces that are plug and play, and that work interoperable with each other. I think that’s one big area that we’re interested in. Second is around areas that you can leverage the physics of space itself. So in space, you have unlimited cooling, and you have, to an extent, unlimited power, thanks to solar. And so what are the industries that you could take advantage of those things to provide an unfair economic advantage if you could do that thing in space? So one idea that we’re excited about is being able to move the data center into orbit, where you can have lots of GPUs running very close together without any cooling, and you have, again, a woman power. If you could harness that power in the right way, you could enable a much smaller or lower capex per watt of GPU power. And you can allow this ability to almost create trains of them as they orbit, particularly for types of workloads that don’t require real time insurance, but are more batch type processing. So particularly like for AI training.
Then the third one is around continuing miniaturization and disaggregation of current large space assets. So that’s everything from comms, the large viasat and geospace assets that cost $500 million or a billion dollars and take five years to build. Can’t be the future. We need resilient systems that we can build quickly and deploy quickly. So companies are building micro satellites and geo are doing that exact thing, providing that capability for individual countries or regions to get capacity, instead of the entire content having to pool capital together in order to get capacity. And then the same thing is true for GPS. The same thing is true for a lot of EO that we rely on. Certainly on the defense side, there’s lots of juicy assets out there that, with one surface to space missile, we’ve lost a key capability, and so we need to miniaturize, we need to disaggregate. And then the fourth one that I’m excited about is not in space, but to support space. Is all the infrastructure for space. So launch infrastructure, ground stations, testing facilities, like today, we’ve got four launch sites that we as a country, rely on. Kodiak, Vandenberg, Wallops and the Cape. Four is very a fragile system. So in order to build resiliency, to how we think about space, we need to have a lot more launch capacity, a lot more launch pads, like, if a fire breaks out at one of those launch pads, like it’s out for potentially for months. And then now you’ve basically choked up their ability to launch. To set up a new site at the Cape it takes years to get access to mendenberg, it takes years. And so things of that nature, or like testing facilities, instead of a testing facility in Mojave Desert is an expensive endeavor, and it’s complicated endeavor, and there’s not a lot of access. And so it’s really about being able to streamline all the adjacent pieces that are critical, and being able to unlock and unthrottle the space economy. I know there’s a long answer, but that’s kind of the way we think about it.
Eric White Yeah, I was gonna say we could spend probably the next 40 minutes unpacking each one of those ideas and topics that you brought up. I’ll hone in, though, on just for the business sense of things. You mentioned the defense aspect and kind of it’s almost, in the background now. A lot of companies seem to be treating it that way, whereas it’s almost as if they can’t ignore the defensive capabilities that advancements in space that their companies bring forward could bring. Do you see a lot of the major players, especially keeping an even split between creating an economy like you just mentioned, and exploring those other opportunities, but also maintaining the defense sector that is always going to be there. The US government is probably the most stable customer that they all have. What do you see as where those companies decide which way they want to go, or a lot of them just going to try to keep playing both sides?
Ethan Batraski It’s an important question that I think every early stage space company and founder asks themselves. Space, obviously, is one of the most important domains for the Defense Department, especially over the last five years. I think we’ve gone through a once in a century migration and transformation from a defense standpoint, away from bombs, bullets and boats, to AI, space and cybersecurity. And so space is becoming a new primary domain of war, where now there’s much more access from our peers and adversaries. There’s lots of, let’s call it less than above board behaviors around following and situational awareness, and so there’s a lot of risk there. So defense will continue to be the biggest buyer space services and hardware. But the Defense Department has very bespoke needs. They don’t buy off the shelf. It’s very difficult to depend on a contract award as Predictable Revenue, especially in early stage company. And so companies have to decide, are they defense first, or are they dual use? Defense first means you’re effectively becoming or attempting to become a prime. Dual use means you’re a commercial company that can also offer your services to the DoD. But I think they need to stay separate, and they will continue to stay separate. There is a commercial market that is critical for communications, for internet, for GPS, for weather, for EO, for fire prediction, for one day maybe unique type of material manufacturing, and the list goes on. Defense has their needs, but it is critical to go build a durable business with a real customer base solving a real problem, and then be able to see if you can leverage that to support our national security needs, and be able to then leverage the scale that gives you. But again, I don’t think that they become over. They don’t become intertwined because they’re dramatically different buyers needs and sales cycles.
Eric White So let’s talk overall, the industry itself tyou mentioned a lot of the big players. SpaceX, obviously, is the king of it all at the moment, and riding high. But you got the other bigger or not as big, but other players in the system as well. Do you foresee the space industry becoming a lot like the tech industry, where those bigger players end up absorbing anybody that has a good idea with the mountains of cash that they have. Or could we see a falling down and one more person is crowned, and then the next one moves on. It seems as if SpaceX came almost out of nowhere. It was like we said earlier, it was almost like a side gig for Tesla, but that remains to be seen. Where do you see this all going?
Ethan Batraski It’s a great question. I think that the space industry will most likely follow the same boom and bust cycle as all other industries in the same expansion of contraction, both from new players emerging, but also consolidation happening. There are multiple drivers that lead to that. I think that there will continue to be technology unlocks that will create new ability for entrance to come in to offer new capabilities and services that weren’t possible before. Then go after a market with a better, faster, cheaper solution. I think from a launch standpoint, for example, SpaceX is the dominant player there, and it is hard to compete unless you provide bespoke capabilities that their scale can’t offer. They have the choice to either ignore that segment, acquire that company, or go try to build themselves. But at some point, companies become so bloated, because they try to do so many things that they actually collapse on themselves. And so that is always a risk, and that is the reason why, If you look at the largest 10 companies today, that’s very different the largest 10 companies 30 years ago, and 30 years before that, companies tend to have a life cycle of about 40 years total. Space X is a 20 something years interest journey, if not more. And so we’ll see how that continues, and if they continue to be an expensive or contractive mode. I do think that from a venture capital standpoint, you hope to see consolidation. You hope to see lots of M and A, you hope to see that drive more dollars into the innovation economy around space. And that’s important, because you need risk capital available for these companies at the early stages. But I do think that we’re in a interesting point right now where we’ve been in a little bit of a lull, just given the receding tide of risk capital. But I think that tide will come back as the market starts to come back and interest rates start to stabilize where there is more interest in higher risk yield, and space becomes kind of a more important part of every investor’s portfolio. And so I think a lot of it stems from the source of capital.
Eric White Yeah, I want to zero in on the word risk there, because it is crazy that a lot of company’s success, especially in the space sector, are riding on just one particular project going right. If you ask any other top 100 company CEO, hey, if you put all your eggs into one basket and have it all riding on this one particular project, they would call you insane. But for some reason, it seems to be the standard practice in the commercial space industry. Is the risk always going to be worth the reward, I guess is the question I’m asking is, are we going to see people that are still willing to put it all on the line, just for that one idea that does actually come to fruition?
Ethan Batraski I think the answer has to be yes, because, because what they’re doing is incredibly hard, and if they can pull it off, it unlocks an incredible capability that allows them to go either disaggregate an existing market or move dollars over. If you think about space, space the inverse of building a SaaS or software company. SaaS software company is very easy to start, but as you scale it becomes very expensive, because the sales and marketing costs have to linearly grow with your revenue in order to continue to drive capacity. Space is the opposite. It’s very expensive up front, high capex, often high OpEx. But once you’re actually in market, the market is likely to buy as much as you can produce, and the sales and marketing costs are very low. And so you could actually see space companies generate software like margins in the long run because of how much market demand and predictability there is. And you can see these companies potentially be high multiple companies and high growth companies because of the amount of demand and low cost it is to go acquire that demand. And so I think there’s a lot of interesting dynamics that allow for long term, durable businesses. But, yeah it is akin to putting all your eggs in a single movie premiere and hope that it doesn’t bomb. And that is really tough, but frankly, it takes a very particular type of grit for a founder to go build a space company. And those founders are some of the most impressive and industrial people I know. I hope they continue to do so.
Eric White And much like the movie industry, it is hard to know what is going to work and what is not going to work. What sort of metrics do you take into consideration? Any one of the founders of those companies that you just mentioned could probably talk me into putting my life savings into, but I’m not in the venture capital business, and that’s what makes a venture capitalist successful. What do you take into consideration when trying to look for new investment opportunities?
Ethan Batraski It tends to be for us a very simple lens. And getting to simple is hard. We look for, one, is this one of the top 10 teams in the world to go solve this particular problem? Do they have the gravity to compel the customer base to want to follow them and commit to them before they’ve even proven that their product or service can do with what they’ve promised it can do? And can they recruit the top people in the world around them to go do this thing. Because ultimately, companies are only as good as the people that comprise them. Two, from a market standpoint, is, are they going after a market problem that is not only large, but the customer feels like this problem is a hard wire, top three problem for them? And so whether it’s even a launch company. It is a segment of the market that is painfully underserved, that needs some capability that don’t get access today, whether it’s rapid launch capability or rapid deployment, or a certain capacity size, or into a certain orbit or certain ISP in order to get into deep space. Is there a unique value prop that the market doesn’t have today? And then third, are they able to offer this at a with a set of economics that are just unfair to the market where they now have deep pricing power. And without the three of those together, you often are going against a market either is too small, not ready to buy, or buy a team that can’t fully capture it.
When we think about one of the investments we made early on was astronos, and I mentioned them earlier they build Microsoft in geo. And everyone’s very clear list that providing internet communication was one of the most important human rights that need to be served, and that there were 3 billion online users at that moment, and that 4 billion new users were going to join the internet over the next 10 years, and those are going to be from remote destinations from emerging markets, where they didn’t have that core infrastructure that exists today in the US and in developed nations. And so they relied on satellite. But that’s satellite capacity was based on large geo satellites that didn’t have a lot of flexibility that were very expensive. Yet, the demand, was outstripping capacity by a logarithm amount. And so how can we go capture that in a way that provides economic pricing power? Well, being able to bring it down by 25, and being able to bring the cost down, you could rapidly deploy, and in any given country can go deploy their own satellite in order to enable connectivity or dedicate internet without any infrastructure change. That was a very interesting value prop, because that enabled an entire market that the starlinks of the world were going were were not supporting, because they were pricing them out. And then this was founded by one of the best teams that you could imagine to go do this thing. And so for us that was a no brainer. So those are the kind of the dynamics that we think about.
Need help accessing the FCC Public File due to a disability? Please contact Susan Rushkowski at publicfiledc@hubbardradio.com or (202) 895-5027.
Copyright 2024 Hubbard Radio Washington DC, LLC. All rights reserved. This website is not intended for users located within the European Economic Area.
The Defense Department today released a proposed rule that will inject Cybersecurity Maturity Model Certification, or CMMC, requirements into the contracting process.
The proposed amendment to the Defense Acquisition Regulations Supplement (DFARS) is scheduled to be published in the Federal Register Aug. 15. It would incorporate CMMC requirements into the Pentagon’s solicitations and contracts. CMMC aims to verify whether defense contractors are following cybersecurity standards for protecting sensitive but unclassified information.
The new acquisition rule complements another proposed rule the Pentagon published late last December, which outlines the overall contours of the CMMC program, according to Jacob Horne, cybersecurity evangelist at Summit 7, a firm that sells CMMC services to defense contractors.
“The other part of the equation is the rule that we got today, which is the rule that revises the actual language of the contract clause that will show up in contracts, solicitations, orders, things like that, that will specify the individual level of certification requirement that contractors will need to have to take award of their contract,” Horne said.
The proposed DFARS rule would create a provision in solicitations that notifies contractors of CMMC requirements.
“They’re dotting their i’s and crossing their t’s, reinforcing the requirements,” Horne said.
Under the CMMC program, DoD plans to require contractors to either self-assess that they comply with cybersecurity requirements or obtain a third-party certification, depending on the sensitivity of the data involved in the contract.
The proposed DFARS rule confirms that DoD will require organizations to submit their self-assessment or certification at the time of contract award.
DoD officials had considered requiring companies to submit their CMMC documents with their proposal submission. But as the DFARS rule notice explains, DoD determined that would bring “increased risk for offerors since they may not have sufficient time to achieve the required CMMC certification.”
DoD had also considered requiring certification after contract award. But the department determined that would bring “increased risk to DoD with respect to the schedule and uncertainty due to the possibility that the contractor may be unable to achieve the required CMMC level in a amount of time given their current cybersecurity posture.”
Eric Crusius, government contracting attorney and partner at law firm Holland and Knight, said contractors should aim to understand whether they may be required to meet CMMC requirements well before the solicitation.
“I do think that while it’s helpful to kind of see what’s in the solicitation, I don’t think contractors should wait that long, because if they do, it’s probably going to be too late,” Crusius said.
CMMC phased rollout
The rule also lays out a three-year-long “phased rollout” of the CMMC requirements. “The rollout is intended to minimize both the financial impacts to the industrial base, especially small entities, and disruption to the existing DoD supply chain,” the rule states.
Based on prior timelines for DoD rulemaking, Horne suggested that three-year DFARS rollout could begin by the summer of 2025.
“The thing for people to really pay attention to, though, is that the DoD program managers have a large amount of what they call discretion in their ability to include CMMC requirements in contracts during this phase-in period,” Horne said. “So it’s very important for people to communicate with their customers about what their individual plans are.”
By the end of the three-year rollout, DoD estimates 35% of contractors that handle sensitive data – about 10,340 entities — will need to obtain a “level two” CMMC third-party certification. Meanwhile, approximately 65% of applicable contracts will require a “level one” self-assessment, per DoD’s analysis.
Crusius said those numbers are largely in line with what the Pentagon has previously signaled. But he said many defense contractors will likely seek a third-party certification to ensure they can compete for a wide range of DoD business.
“Most contractors have some contracts that only have federal contract information, and they have some contracts that have controlled unclassified information,” Crusius said. “Of course, contractors that are selling commercial-off-the-shelf items only won’t be implicated in this rule or contractors that do fairly mundane tasks, such as mowing the lawn in front of a defense installation. But I do think we’ll see more contractors seeking a level two, third-party assessment than DoD anticipates.”
The comment period on the proposed DFARS rule is projected to close on Oct.14.
SAN DIEGO — A federal judge on Tuesday dismissed the felony convictions of five retired military officers who had admitted to accepting bribes from a Malaysian contractor nicknamed “Fat Leonard” in one of the Navy’s biggest corruption cases.
The dismissals came at the request of the government — not the defense — citing prosecutorial errors.
Retired U.S. Navy officers Donald Hornbeck, Robert Gorsuch and Jose Luis Sanchez, and U.S. Marine Corps Col. Enrico DeGuzman had all admitted to accepting bribes from defense contractor Leonard Francis, nicknamed “Fat Leonard.”
The enigmatic figure — who was six feet, 3 inches tall and weighed 350 pounds at one time — is at the center of the Navy’s most extensive corruption cases in recent history.
The three pleaded guilty to a misdemeanor charge of disclosing information on Tuesday. The judge also dismissed the entire case against U.S. Navy officer Stephen Shedd. Their defense lawyers could not be immediately reached for comment.
It marked the latest setback to the government’s yearslong efforts in going after dozens of military officials tied to Francis, who pleaded guilty to offering more than $500,000 in cash bribes, along with other gifts and wild sex parties in Southeast Asia, to Navy officials, defense contractors and others. The scheme allowed him to bilk the maritime service out of at least $35 million by getting commanders to redirect ships to ports he controlled and overcharging for services, according to the prosecution.
Francis owned and operated Singapore-based Glenn Defense Marine Asia Ltd., which supplied food, water and fuel to U.S. Navy vessels. He was arrested in 2013 in a sting operation in San Diego.
Prosecutors said in legal filings outlining their request for Tuesday’s dismissals that the action does not mean the defendants did not commit the charged crimes but because information was withheld from the defense and other mistakes were made, they wanted to ensure justice was served fairly.
In 2022, Judge Janis Sammartino had ruled the former lead federal prosecutor committed “flagrant misconduct” by withholding information from defense lawyers. In September, the felony convictions of four former Navy officers were also vacated. The four men pleaded guilty to a misdemeanor and agreed to pay a $100 fine each.
The dismissals come weeks before Francis is due back in court to set a date for his sentencing.
Francis returned to the U.S. late last year after a daring escape from his house arrest in San Diego in 2022. He fled to South America weeks before he was scheduled to be sentenced last year, and was later captured in Venezuela, which extradited him to the U.S. as part of a prisoner exchange.
The escape was also seen by some as a misstep by the prosecution for allowing him to not be held behind bars.