Posts in category: Uncategorized

Shane McCall Yeah, SBA put out a clarification to make it clear that this new HUBzone rule is not commenting on how SBA is going to evaluate Mentor Protégé Joint Ventures. But SBA did say it’s considering eliminating the exception to affiliation for mentors and proteges or multiple award contracts. So they are still considering that, but it will be the subject of a future rule with full notice and comment rule making.

Tom Temin All right. So you always have to stay nimble and on the waltzing here across the dance floor of contracting. And let’s get to HUBzone. I mean, I called it a rewrite in a clarifications clothing. Am I right about that?

Shane McCall Yeah, it’s a very long set of proposed rules. In some cases, it is clarifying, but in some cases it’s making pretty substantial changes to the rules. So I think you’re exactly right on that.

Tom Temin And what tops the list in your mind?

Shane McCall In my mind, one big change if it goes through is that HUBzone companies would have to be eligible, meaning they meet the principal office requirement, be in a HUBzone and meaning the 35% employees residing in a HUBzone. They would have to meet those requirements at the date of offer, which is a very big change from the current rule, which says that a HUBzone business has to be eligible as of its most recent recertification. So if you submit a proposal, say in September, your most recent certification day was six months ago. You don’t actually have to be eligible to meet those principal office and 35% requirements as of today or whenever you submit your proposal, it looks back to your most recent certification. This proposed rule would say no. Each time you submit an offer on a hub zone set aside contract, you would have to be eligible as of the date of offer. So it would require a lot more kind of maintenance and check and compliance throughout the year. It’s assuming that a company bid more than once a year on a lump sum contract.

Tom Temin Right. So your office can’t be that Winnebago that you move back to the fancy suburbs once you’re no longer in the HUBzone. And then there’s a related rule about the 40 hours of week that constitute a workweek, has to be not all in one week of the month. That constitutes a month of normal work for people of 40 hours or something.

Shane McCall Yeah. I had that one down as a pretty big proposed change as well. The overall change would be that HUBzone employees to count as an employee under that rule would have to work 80 hours per month. The rule, as it currently stands, is only 40 hours per month. So that’s only ten hours per week. And that is allowed as kind of the base minimum, even though in practice the HUBzone office had more scrutiny for employees that were only working at minimal time. But now they would raise that floor from 40 hours per month to 80 hours per month, which still isn’t really full time as we typically think of it, like 40 hours a week.

Tom Temin And there is another change in the so-called attempt to maintain rule. What’s that all about, and what’s changing?

Shane McCall Yeah. Well, so the attempt to maintain rule was the basic idea that for a HUBzone business, at the time of the kind of the key date it has to have 35% of its employees residing in a HUBzone. And so I mentioned earlier that key date under these rules would be changing from your annual certification date to the date of offer. And so the attempt to maintain said, well, what about after you win a HUBzone contract? How does that change the rules? And part of that attempt to maintain was, you have to keep trying to hire employees that are from HUBzones through job fairs and online postings and things like that. But it also had a floor. So as you can tell with HUBzone a lot of it’s about floors and minimums. And one of those minimums was in order to show you’re attempting to maintain, you had to have at least 20% of your workforce be residing in a HUBzone during the time when you’re performing a HUBzone contract. So it went from 35 down to 20. And SBA is now saying, well, wait, I think we went too low with this 20% floor. So what they’re proposing is in the first year of your HUBzone contract, you can meet the 20%. After the first year, you bump back up to having to meet the minimum of 35%. So it would give you that 20% kind of floor, but only for one year. It be time limited instead of for the length of the contract, which is quite a bit stricter.

Tom Temin We’re speaking with attorney Shane McCall. He’s a partner at Koprince McCall Pottroff. Well, the bigger question here is SBA within its legal statutory allowance in changing rules this much, especially in the post Chevron deference era.

Shane McCall That’s an interesting one. The HUBzone statute is like some statutes. It’s fairly vague. So I think it, I don’t want to say conclusively, but it would allow a lot of wiggle room for the SBA to set up rules for administration of this program. It’s one of those rules where it kind of says, a couple paragraphs and leaves SBA to fill in the gaps. So it may be one where there’s not a lot of statutory language that a judge could hang its hat on to kind of challenge. Now, of course, people could certainly try.

Tom Temin Well, who would have standing to challenge at this point?

Shane McCall Well, yeah, I don’t think there’d be standing to challenge at this point. You’d have to go through the notice and comment rulemaking and then have the rule actually negatively affect someone. I will say one thing that we’ve talked about a little bit over the years is SBA in their past revisions, and this is just paint with a broad brush. They tried to make the HUBzone rules and the HUBzone program a little bit more flexible in the changes from a couple of years ago. 2019 was one of the years when they had a very large change to the program. This rule seems to be swinging the pendulum back the other way towards being more strict.

Shane McCall One thing that we’ve noted that may be something someone could challenge, although it’s not really in this role per say, is this legacy employee concept, which said that even if an employee was not living in a HUBzone, but they were living in a HUBzone and at the time of certification, they could still be counted as a Hubzone employee even if they moved out of that zone as long as they maintained employment at that company. And this proposed rule does put a limit on that as well. And some folks have said, well, wait, the statute seems to say living in a HUBzone is part of the requirement. So you can’t have a rule that says even if you don’t live in a HUBzone, then you still count as living in a HUBzone. It’s a bit of a stretch there. So this rule limits that legacy employee concept. It says a company can only have one legacy employee. So for a small company that could be fine, for a larger company where it could definitely impact how they count the numbers on their HUBzone.

Tom Temin Well, getting back to the big picture, is the SBA then concerned, in your view, that there’s a lot of abuse of this. And do these changes make sense or do they make it harder to have the whole program if you’re trying to be a HUBzone contractor?

Shane McCall Yeah, I think they will make it harder to be a HUBzone contractor now. It may be better actually, though, because I think HUBzone in enforcing and applying its existing rules, has become pretty strict on things like definition of an employee. Even, but that wasn’t really in the rule. So for instance, in this proposed rule, it’s going to say SBA can seek all sorts of information about the actual work an employee does, which it seems kind of like and almost an invasion of privacy, if you will. But it’s not because you’re in a regulated program, you’re a federal contractor. But what SBA can do is they can ask for job descriptions, resumes, timesheets, work products, any documentation they want about the actual work that employees are doing. So that’s going to go into the proposed rule. But SBA had already been asking for that. They just been doing it under kind of an internal policy guidance that was put on their website. So in some ways it’s like the rules catching up to the strictness the HUBzone program already had. And that’s a good thing. Because then at least contractors know going in, they’re going to be really strict on this. They’re not going to be as flexible as they used to be. And then everyone kind of knows what they’re going to get going in. So in that sense, it could be somewhat of a positive because it’s really going to show companies if they want to do this, they have to be very, very serious about their compliance going in, and that will be reflected in the rules rather than just after the fact, as they say, well, this is how we interpret this rule. And then you say, well, it’s not actually listed in the regulation. They say, well, it’s our internal policy guidance. Yeah. So it’s better from that sense of having everyone be on the same playing field.

Tom Temin So this is a mixed bag, you might say.

Shane McCall Yep. I think it’s a mixed bag because it’s going to make things more clear. It’s going about how strict the SBA is. But on the other hand, it could mean some companies have a much harder time complying with some of these rules.

The National Security Agency has issued a cybersecurity advisory, or CSA, on China-linked threat actors who hacked into internet-connected devices to create a botnet and execute malicious online activity.

The CSA was published in coordination with the FBI, the U.S. Cyber Command’s Cyber National Mission Force and international allies, NSA said Wednesday.

The cyber alert outlined the threats posed by the hackers and their botnet, a network of compromised nodes used for illicit cyber operations.

“The advisory provides new and timely insight into the botnet infrastructure, the countries where compromised devices are located, and mitigations for securing devices and eliminating this threat,” NSA Cybersecurity Director Dave Luber said in a statement.

According to the advisory, the botnet has more than 260,000 compromised devices in North America, Europe, Africa and Southeast Asia as of June.

The hacked devices include small home and office routers, firewalls, network-attached storage and Internet of Things gadgets.

From these devices, the threat actors build a botnet to hide their online activity, launch distributed denial of service attacks or breach U.S. networks.

To ensure they are protected, the CSA authors called on device vendors, owners and operators to immediately update and secure their equipment.

The advisory also encouraged national security systems, defense agencies and defense industrial base networks to mitigate the cyberthreats by regularly applying patches, disabling unused services and ports, and replacing default passwords with strong passwords.

The Advanced Research Projects Agency for Health within the Department of Health and Human Services has announced the performer teams that will build an integrated data toolbox designed to consolidate biomedical research data from various health disciplines and make data more accessible to advance health innovation.

ARPA-H said Wednesday the Biomedical Data Fabric Toolbox seeks to democratize access to data and facilitate the development of open-source tools that could address technical hurdles to data integration and use as part of efforts to improve health outcomes of patients.

“We launched this program to enable advancements in medical research that will improve health outcomes for Americans. The BDF Toolbox products will allow doctors to have easier access to a vast breadth of data so that they can make the best-informed decisions possible, with their patients,” said ARPA-H Director Renee Wegrzyn.

According to ARPA-H, algorithms and newly discoverable data that will emerge from the BDF Toolbox effort will be available on GitHub and other platforms and web applications.

“ARPA-H’s BDF program leverages research from decades of NIH’s investment in data science and will develop tools that rapidly scale use and integration of data so that health care givers can apply it to patient care plans,” added Wegrzyn.

The selected performer teams will initially focus on data related to cancer and rare diseases.

Some of the teams are led by Stanford University, Harvard Medical School, MIT, New York University, ICF, Charles River Analytics, DNA HIVE and Insilicom.

Click here to view the full list of performer teams.

Register here for the Potomac Officers Club’s 2024 Healthcare Summit on Dec. 11. Join this key event to explore the transformative trends and innovations shaping the future of the U.S. health care sector.

The Department of Justice’s Office of the Inspector General has assessed DOJ’s strategy to counter and respond to ransomware attacks and related threats and recommended that the department improve its metrics for tracking the progress of its disruptive activities against threat actors.

OIG said Wednesday it found that DOJ’s existing metrics did not account for the department’s transition from indictments and arrests to actions to disrupt ransomware threat actors and the cybercriminal ecosystem.

“Regardless of whether the Department maintains ransomware as a priority goal, it should determine which metrics are most impactful to ensure they capture the effectiveness of its actions to combat the ransomware threat,” the OIG report reads.

According to the report, the FBI and the DOJ Criminal Division’s Computer Crime and Intellectual Property Section—or CCIPS—have prioritized the threat posed by ransomware and allotted resources to combat it. For instance, the bureau created a ransomware strategy designed to target the threat actors, finances and infrastructure supporting the ransomware ecosystem.

The OIG report also called on the Office of the Deputy Attorney General to evaluate the implementation of its deconfliction policy in ransomware cases to help ensure consistency when it comes to compliance and implementation.

According to the document, the FBI should better define the role of the National Cyber Investigative Joint Task Force Criminal Mission Center to ensure the effectiveness of its efforts.

Two new National Artificial Intelligence Research Institutes for astronomical sciences are being established and are to be funded by the National Science Foundation and the Simons Foundation.

The NSF-Simons AI Institute for Cosmic Origins seeks to accelerate historically time-consuming processes in astronomical research like data analysis or simulations, the while the NSF-Simons AI Institute for the Sky seeks to tackle complex problems in astrophysics and astronomy, the NSF said Wednesday.

NSF-Simons CosmicAI will be overseen by a team led by the University of Texas at Austin while NSF-Simons SkAI will be overseen by a team led by Northwestern University.

The institutes will each receive $20 million in total over five years. The NSF will contribute $10 million while the Simons Foundation will contribute the other $10 million.

NSF Director Sethuraman Panchanathan commented on the benefits AI will bring to astronomical sciences, saying, “With reliable and trustworthy AI in their toolbox, everyone from students to senior researchers will have exciting new ways to gain valuable insights leading to amazing discoveries that might otherwise remain hidden in the data.”

For his part, Simons Foundation President David Spergel said, “Astronomy has incredibly rich and open data sets and is poised for more deep and profound inquiry.”

“AI offers novel tools that can use this data both to produce transformative results and to develop tools that can have impact in other fields,” Spergel added.

Chief of Naval Operations Adm. Lisa Franchetti has unveiled the “Project 33” initiative, which involves addressing delays in ship maintenance, integrating robotic and autonomous systems into the force, and recruiting and retaining sailors, to ensure the U.S. Navy’s readiness in case of a conflict with China.

Project 33 is part of the 2024 Navigation Plan for America’s Warfighting Navy recently announced at the Naval War College, the U.S. Navy said Wednesday.

According to Franchetti, the navigation plan serves as guidance to enhance the Navy’s long-term warfighting advantage and its capability to face Chinese military forces in a potential conflict by 2027.

“The NAVPLAN continues where my predecessor’s Navigation Plan left off and sets our course to raise our Fleet’s baseline level of readiness and put more ready Players on the Field – platforms that are ready with the requisite capabilities, weapons, and sustainment and people that are ready with the right mindset, skills, tools, and training,” she added.

Preparations are now being made for the delivery of the B-21 Raider, the successor to the B-1 Lancer and B-2 Spirit bombers, to Ellsworth Air Force Base in South Dakota, which will be the first main operating base of the new aircraft and location of its formal training unit, according to Maj. Gen. Jason Armagost, commander of the Eighth Air Force and the Joint-Global Strike Operations Center.

Armagost delivered the update regarding the B-21 program at the Air and Space Force Association’s Air, Space and Cyber Conference, where he attended as part of a panel featuring leaders from industry and the Department of the Air Force, according to a news article posted Wednesday on the U.S. Air Force website.

Ongoing preparations include ensuring that Air Force Global Strike Command squadrons are sufficiently equipped, trained and certified for the delivery of the aircraft, Armagost said.

The B-21 recently completed a test that evaluated its structural integrity and is now undergoing a fatigue testing campaign.

A minimum of 100 units of the aircraft, which will serve as the “air leg” of the U.S. nuclear triad, are set to be produced.