Posts in category: Uncategorized

Tom Temin And every year we go through this song and dance. But somehow the politics are a little bit more rigid this year. And the idea of House bill failed week before last. So what what are your members doing and what’s going on?

David Berteau Well, Tom, as you know, you’re right. We do approach this every September, and then we usually approach it again in November and in December and sometimes in January, February, March.  We come close to the deadline. And generally speaking, we actually get a continuing resolution or sometimes a final appropriation in time. It’s usually at the last minute, though. And so even though history says we’re likely to get a continuing resolution and not have a government shutdown, the probability is not zero. And the consequences are very, very significant if we do have such a shutdown. So it’s really important for contractors to begin preparing now, if they haven’t already, for that possibility.

Tom Temin The shutdowns that do occur, though, seem to be narrower and narrower each time around. For example, Veterans Affairs is under a two year appropriation, and this is the middle of the two years for Veterans Affairs. And usually DoD, they pass, I think, if I recall right. So it’s a smaller part of the government of the civilian side that, quote unquote, shuts down.

David Berteau Well, it’s actually been a while since we’ve had a shutdown, which is historically anomalous. During the Reagan administration, for instance, eight years of Reagan time, there were actually eight government shutdowns, none of them longer than five days. So we don’t remember them. The ones we remember are the long ones. And the last big, long one was the Christmas 2018 that extended through January. And you’re right, that there were six cabinet departments that already had their appropriations. DoD was one of them, VA was another, HHS was another. And then there were nine cabinet departments and a bunch of other agencies that were shut down for 35 days. And that had real serious consequences. So you don’t know what you’re going to get into or when you’re going to get out of it when you do have a government shutdown.

Tom Temin We do know that the last one caused a pandemic two years later. So we don’t want to have that happen again. But in your observations, there is no guidance for a shutdown coming from the White House or GAO, for that matter.

David Berteau So one of the things we do at PSC is we track all the guidance documents, both at the agency level and at the Office of Management and Budget level. And we haven’t seen any updates of those recently. In fact, most of the last updates are from a year ago. There are a couple that were updated in January, in February, a couple of agencies. So we post those on our website. We have a whole shutdown resource center for our members. So we look at the guidance. But the other thing we look at is what can contractors be doing even if the government is not necessarily getting ready for it. And it’s almost as if the government thinks that if you get ready for it, that you’ll make it happen. We know that’s not true. And it would be wise and prudent not only for the government to get ready, and they probably are doing internal things, but to have those conversations with their contractors for continuity of operations and understanding of what’s expected.

Tom Temin And you have the Shutdown Readiness Center Resource Center, operated by PSC, which is basically advice. What is it you’re telling contractors? How can they prepare for this?

David Berteau Well, there’s three things contractors need to do, and they should be doing them now. Number one is take a look at all of their contracts and look at, for example, what’s the period of performance, what’s the funding level that’s already been committed? The obligated funds that are there. And thirdly, what the expected events coming up that might happen after Oct. 1. Is there a deliverable that has to be signed off on by the government? How do you make sure there’s somebody there to sign off on it in the event of a shutdown? Is there an option that needs to be exercised? Will there be people there to exercise those options? These are important things. So do your own assessment first. The second thing is to be, and I’ll come back to that your own assessment. The second thing is to be talking to your government customers. Even if they’re not getting guidance from above, even if they’re being told, don’t even begin to think about planning for this. You need to be having those conversations about what their expectations are. They won’t know, for instance, who’s assigned to go to work and not get paid under a shutdown in which government civilians are assigned to go home and not get paid during the shutdown. They don’t usually find that out until the morning of. But you can at least be having the conversation of here’s what we need to know from you. And the third thing you need to be doing, is to do your internal preparation. Know where your employees are, know how you’re going to get a hold of them, know where your facilities are, what your options are if you can’t get in your facility. So all of that’s an analysis and assessment that really should be ongoing all the time, but particularly as we get close to a shutdown.

Tom Temin We are speaking with David Berteau, president and CEO of the Professional Services Council. That’s a good point, that last one. Because often the government people whose agencies are affected aren’t allowed to communicate with contractors or keep things going on the fly. They’ve got to really shut down. I remember during one of the administrations, there were baskets of cell phones to be dropped in so that people couldn’t surreptitiously get on and do work.

David Berteau They’d be working. And that was back during the sequestration days. And Tom, one of the important reactions that government often has is, well, if we’re not working, you shouldn’t be working either with contractors. And this is a stark difference in a shutdown. The shutdown for federal civilians is top down. It’s driven from the top down. And you’re in one of two categories. You either work without getting paid or you go home without getting paid. But for contractors, it’s one contractor at a time. Every contract is different. And you have a responsibility to keep working unless, and until something happens to make you stop. What could happen? You could run out of money, but typically there’s plenty of money that’s been obligated, it just hasn’t been extended yet. Or you could run out of an ability to access the facility or access the networks that could stop you from working. Or the government could issue a stop work order. And what we urge contractors to do is communicate with your customers that there is no need for a stop work order unless one of those exaggerated factors comes into play. Just because the federal government isn’t necessarily working or isn’t in the office doesn’t mean the contractors can’t be working. We’ve particularly proved this under COVID with remote working, so contractors can continue going and are responsible to continue going unless something makes them stop.

Tom Temin Right. And to continue going means there are costs that keep going. The question is revenue. At some point you’ve got to cover your costs with revenue. And the revenue is what stops during the shutdown.

David Berteau That’s a great point. And one thing that contractors should all do between now and Sept. 30th is make sure their invoices are up to date and submitted, because an invoice can’t be paid if it hasn’t been submitted and approved. And you should only be submitting it after Oct. 1st if there is a shutdown, and there’s nobody there to receive an improvement.

Tom Temin Yeah. I wonder if the Bureau of the Fiscal Service is a critical function that is exempted. I don’t know, but it ought to be.

David Berteau What we’ve seen in the past is it depends on the source of their revenue. Oftentimes at the start of a shutdown, the paying agencies, whether it be the Bureau or Defense Finance and Accounting Service or whoever is paying those invoices, will often have a few days of leftover funding and they can continue working based on prior year funding. But it isn’t infinite, and it’s not indefinite. And you can’t really, as a contractor, you can’t really tell because you don’t know what invoices are going to be paid on what day. So it’s prudent to prepare for both options.

Tom Temin It’s like trying to rinse your hair when the shower has been turned off and just get the dribbles.

David Berteau Yeah, we’ve had that happen a couple of times when the power goes out.

Tom Temin Federal financial plumbing, happens and everything comes to a halt. All right. So what else? Anything else? Any final thoughts for contractors?

David Berteau Well, I think being prepared and going back to your customer is key. If the customer doesn’t want to talk to you, you have to be prepared for what you’re going to say when and if a shutdown comes along. And I think, certainly for PSC and our members, we like to be as ready as possible. The other thing is that the media tends to pay attention under a government shutdown to the impact on the federal employees. There’s also a potential impact on contractors, even if they’ve done all the things we’ve suggested. They have to be prepared for the possibility that their workers may not be able to charge that contract. You don’t want to have to fire them. And you certainly can’t do like the federal government and lay them off and say you’ll get paid later, because contractors are never made whole at the end of a shutdown, unlike federal civilian employees who now by law will be made whole as soon as an appropriation is passed. So that’s the real thing, is how do you make sure you get to keep your people on the payroll? What can you do? A couple things you can do. Send them to mandatory training. That’s something you’re going to have to do and pay for out of overhead anyway. Look at being ready to do that at a moment’s notice, or look at using leave and having employees usually leave up. October is a beautiful month anyway. Not that we want to have shutdown, but we want to be ready for it for sure.

Tom Temin And there’s also the issue of subcontractors and proteges, and they’re really out in the cold.

David Berteau They are very much out in the cold. And of course, each prime contractor has its own relationships and will have to make its own determinations as to which of its important subcontractors they need to keep in the loop with them. And those that are proteges under a mentor protege program would most likely fall into that category.

The company KBR may not be the most well-known commercial space company for those outside the business, but it’s one of the larger firms that does a ton of work with NASA — which is how it ended up being selected as NASA’s Agency-Level Large Business Prime Contractor of the Year. To find out more about the firm and what this award means for it, Federal News Network’s Eric White spoke to Todd May, Senior Vice President of KBR’s Science and Space Business on the Space Hour.

Interview transcript: 

Todd May KBR is a publicly traded company on the New York Stock Exchange that provides science, technology and engineering solutions to governments and companies around the world. The company itself has been in existence over 100 years, and KBR has 36,000 employees operating in more than 30 countries around the globe and provides solutions and strategies to help solve some of the great challenges and opportunities of our time. Through our primary solution pillars is what we call home government solutions and sustainable technology solutions. We have a standard of high impact success across the board. KBR is proud to work with its customers across the globe, providing technology, value added services and long term operations and maintenance services to ensure consistent delivery with predictable results.

Eric White And what areas do you mostly concern yourself with? What do you find yourself zeroed in on as a company and in your day to day?

Todd May Sure. You know, in the space world, KBR operates in civil space, commercial space, intelligence space and DOD space today. We recently closed on a deal to acquire Lindquist, which is a Chicago-based company in the national security space area. And so we’ve now expanded our capabilities across aerospace and digital digital domains. In terms of my business, some of my largest contracts are supporting Johnson Space Center and human spaceflight. We’re responsible for training the astronauts for planning space missions, operating the space station in support of our NASA’s contract are NASA’s customers there at Goddard. We operate about a dozen satellites, including several around the lunar area. For Goddard, we have engineering capabilities across multiple spacecraft platforms at Goddard, at AFRL. We support Johns Hopkins. We also manage the largest Earth observing data archive for the USGS, the Landsat data archive, which is over 40 years old and is really the, you know, the record of land change over that period of time. You know, things like deforestation and urban sprawl and major cataclysmic events, the ebb and flow of the Antarctic and Arctic ice floes and things like that.

Eric White It’s a really diverse amount of things that you all have your hand in. And, you know, that’s not typical for aerospace companies. Even some of the larger ones tend to narrow their focus on, you know, one area, whether it’s ground control or just creating rockets themselves. How did KBR find itself in so many realms? And, you know, was it through acquisitions like the one you just mentioned, or was it just kind of, you know, opportunity struck and that was the way things went?

Todd May Well, you know, even before I joined the company in 2018, I think KBR was looking to grow into these domains. And so through a number of acquisitions, a company called SGT, owned by a gentleman named Cam Defarion. We had acquired Wiley, we had acquired Honeywell Technical, HTSI, we call it, and really, you know, had a plan to buy into those areas and acquire into those areas and really grow out a world class platform. We later had an acquisition called Centauri, which got us into the intelligence space. And of course, the Olympus acquisition has a footprint over in Space Force. And so it has been a strategic growth vector for a long time. And I’m really proud of the way the company has taken these, you know, these smaller companies and formed a really strategic and coordinated series of business units and divisions, you know, that really has domain excellence across this entire spectrum.

Eric White Yeah. It seems as if the agencies you work with share your good feeling as NASA’s recently named KBR the agency level large business prime contractor of the year. What does that mean to a company like yourself when there is that recognition? And do you think it was because of all the work that you do with NASA in so many different areas that put you on the top echelon there?

Todd May Well, I think nothing happens alone. And so I think one of the things, you know, we are successful because, you know, our partner so successful and we try to create great partnerships. And, you know, having been on the government side myself for nearly 30 years, I was always proud to, you know, to see companies achieve this level of award. But, you know, KBR has been able to sustain this kind of recognition now for a while. You know, over the last five years, we’ve won 13 of these awards, and three of those have been at the agency level. You know, I think we do a great job of supporting NASA’s intricate missions, both as a prime contractor and as a mentor to small businesses, which is a big part of how this award is considered. You know, I think it really it builds over the years. And I think our customers have seen that and they reflected in the, you know, in giving us this award. We also secured the 2023 large business prime contractor of the year at both Johnson Space Center and Goddard, which are two of the largest centers at NASA. So, you know, I think it’s a lot of hard work by our people. You know, our people are there to provide solutions to their customers, but we also recognize that we partner with a bunch of other companies. And our job is not just to be successful ourselves, but also to, you know, I kind of view it as a rising tide raises all ships.

Eric White And not to belabor the point, but just because you all are factored into so many areas, I’d love to get your take on the sort of divide that a lot of commercial space companies are having to decide. What do they want to go towards the defense side or stay in the exploration slash commercial area? What is it about both sides of that that you could see going one way or the other? And how are you all handling that decision?

Todd May Yeah, I think there are certain aspects of those segments of the business that are different. You know, you say you get into intelligent space and a very large portion of that workforce is cleared at very high levels and do things that they can’t go home and talk about it with their families and yet on. And yet they’re very smart people. These are these are very well-trained, top of their class type people, solving very difficult issues. And then on the other side, you have very similar people who are very well trained, top of their class kind of people. And they get to do things they get to tell all their neighbors about as part of. Part of NASA’s charter is to is to inspire people with what they do. And everything’s very public. So there are some very different type aspects to it and there’s some similarities. I think KBR, we you know, we’ve segmented it out and we have an entire business unit now that is in that defense and Intel space, and they’re very well focused on their customers. And I’m in the commercial and civil side and I’m very focused on those customers. But we have a workforce that actually can flow back and forth between those because a lot of the problems are similar across those backgrounds. Some are very unique as well, but we’ve been able to to manage it well. I think I think another differentiator you have to do is decide whether you want to try to be in the OEM world to be someone who’s actually making rockets and spacecraft and selling them to the government. We’ve kind of chosen to be on the side where we’re supporting those those those people and those companies, except for a few specific areas. For example, we’re teamed with Axiom helping them build the next generation spacesuits. They’re an OEM company that, because of our expertise supporting the government on their current spacesuits, we bring a particular expertise to a new space company who is kind of just getting started. So we look for those win-win partnerships.

Eric White Yeah. And what’s the point of having a cool job if you can’t tell people about it? Right. I mean, that’s the reason you get into the space sector.

Todd May Well, I think we should all be very glad that there are some people who are doing jobs they can’t tell you about when they get home, but they are keeping us safe every day. Yes, very much guardians for a reason.

Eric White Absolutely. Absolutely. And yeah, I’d like to finish up here just by getting a little bit more info on yourself. You had mentioned some of your government experience in the past. If you could just kind of fill us in on how you got here and and what you’re all looking forward to in the future.

Todd May Yeah. So I started out at NASA’s Marshall Space Flight Center and in materials and processes, after about three years, moved the Houston work Space Station program, moved back to Huntsville and kind of got in the building where we were building Node Lab and airlock, got some manufacturing experience there, jumped over to the science side work, the Discovery New Frontiers program, which is a series of of space. Craft that explore the solar system. I went up to headquarters for a while and worked in the Science Mission Directorate. Came back down to Huntsville and started the Space Launch System program, ran that for about five years, and then ran Marshall Space Flight Center and retired in 2018. So I’ve kind of been all over the agency. We’ve been providing mission critical space support services to civil military and commercial spacecraft customers for more than 60 years. We’ve had a couple of big wins in the last year or so. And, you know, we’re looking forward to continuing to support NASA, particularly as NASA evolves, particularly helping to bring on the commercial Leo Destinations activities and the lunar mission and on to Mars. We feel like we’ve got the historical expertise in these areas and are pretty keen to help our customers evolve into the future. And you know, not just NASA, but a lot of our customers are changing the way they they acquire data, for example, or commercial companies who are coming on. As I said, there are some who are really ambitious and they could use our expertise just like NASA does, to help them be successful. So, you know, we see all of this as a continued growth business market sector and look forward to doing it for decades to come.

Eric White That’s Todd May, senior vice president of KBR Science and Space Business.

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.

The Pentagon is developing training and tools to ensure its program managers know when and how to mark sensitive information that will trigger Cybersecurity Maturity Model Certification (CMMC) requirements.

The Defense Department released proposed CMMC acquisition rules last month after releasing a complementary regulatory proposed rule late last year. DoD could start rolling out CMMC as soon as next year.

Under current defense acquisition rules, contractors that handle controlled unclassified information, or CUI, are required to protect it by following National Institute of Standards and Technology cybersecurity standards. The CMMC program is intended to provide third-party audits to verify whether contractors have implemented the NIST standards.

But DoD officials acknowledge CUI can be a vexing issue for program offices and contractors alike.

The Pentagon plans to do a “phased rollout” of CMMC over three years. During that period, programs will have the discretion to use CMMC requirements. Stacy Bostjanick, chief of industrial base cybersecurity at DoD, said program offices will need to identify their CUI before putting CMMC requirements into solicitations.

“They’ve got to understand how it lays in, how to disaggregate it and pass it down the supply chain, and we’ve got to be prepped and ready to do that,” Bostjanick said during a Sept. 12 event hosted by the Coalition for Government Procurement.

DoD is primarily concerned about U.S. adversaries stealing sensitive data about weapon system design and operations from defense contractors. But the department’s “CUI registry” identifies more than 100 categories of CUI, ranging from technical weapon system data to historic properties and death records.

In a report released last year, the DoD inspector general found the department largely wasn’t tracking whether programs were using CUI markings for emails and other potentially sensitive documents. DoD and contracting officials were also found not to be checking whether personnel completed required CUI training.

Those gaps “can increase the risk of the unauthorized disclosure of CUI or unnecessarily restrict the dissemination of information and create obstacles to authorized information sharing,” the IG wrote in the report.

‘More work to do’

During last week’s event, Bostjanick emphasized the importance of CUI training as the Pentagon rolls out the CMMC requirements.

“There’s training that we’re going to do to make sure that program managers know exactly what is CUI and what needs to be marked,” Bostjanick said. “I would say for companies, if you feel like you are developing information that should be protected, that you state that and let us know. So when we get it, we handle it correctly. And vice versa: if you don’t think that what you’ve got is supposed to be CUI, then you push back and you have the discussion.”

During the same event, Jeff Spinnanger, director of information and acquisition protection within the office of the under secretary of defense for intelligence and security, said his office is working with the DoD chief information officer to build tools for identifying when CUI markings are necessary.

“We have more work to do to fully implement the regulation,” Spinnanger said. “Those are the things that will help to create more consistency of application.”

But the Pentagon has yet to codify any CUI requirements into either of its CMMC rules. Dan Ramish, a procurement attorney with Haynes Boone, said CUI is “the crux of the whole system.”

“There’s no specific either regulatory or contractual requirement for DoD to identify what information that will be provided or generated under the contract is CUI,” Ramish said on the Federal Drive with Tom Temin last week. “And that’s a really fundamental point that should be addressed. It’s addressed in DoD policy and then frequently asked questions, but it should be in the regulations in the contract as well.”

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.

MITRE said the United Nations guidelines for the long-term sustainability of outer space activities do not address cybersecurity challenges and other threats to space systems.

Good cyber hygiene is essential to the sustainability of the space environment amid the efforts of competitors and adversaries to build capabilities that could impact space system operations, MITRE said in a white paper published on Friday.

The document is MITRE’s response to a Department of State notice seeking public sector input on the implementation of the 21 long-term sustainability guidelines for outer space activities.

According to the organization, implementing robust cyber hygiene practices should be prioritized on the same level as debris mitigation efforts.

The paper also highlighted the company’s efforts that directly align with the long-term sustainability guidelines, including the development of the Sensor Network Autonomous Resilient Extensible system, which uses permissioned blockchain to record orbital element sets from space sensors, and the decentralized Space Information Sharing Ecosystems; its collaboration with the Space Information Sharing and Analysis Center; and the implementation of Mitre’s International Space Strategy aimed at balancing efforts across defense, preservation and sustainability and organizational and policy components of space use.

The Cybersecurity and Infrastructure Security Agency is calling on network defenders to review the analysis of the risk and vulnerability assessments it and the U.S. Coast Guard conducted through fiscal year 2023.

CISA said Friday that the recently-released analysis and an accompanying infographic discuss the details of and findings from the 143 RVAs performed across multiple critical infrastructure—or CI—sectors.

The RVA were carried out to assess the network capabilities and defenses of an organization against known threats with the ultimate aim of formulating strategies to bolster cybersecurity.

CISA performed RVAs on select state, local, tribal, and territorial, or SLTT, organizations; the federal civilian executive branch; and private and public sector CI operators. For its part, the Coast Guard performed RVAs on maritime CI operated by private sector organizations as well as SLTTs.

Based on the analysis, the most successful attacks conducted by the RVA assessors involved the use of common methods, tools and techniques. The assessors also exploited common system vulnerabilities seen among many CI sector organizations.

To counter such threats, the analysis offered several recommendations, including the implementation of enhanced protection mechanisms in addition to strong credential policies.

“CISA encourages system owners and administrators to share this guidance with leadership and apply relevant changes tailored to their specific environments,” the document said, adding, “Analysis of this nature can effectively prioritize the identification and mitigation of high-level vulnerabilities across multiple sectors and entities.”

Hear from various speakers to learn more about the security concerns facing the U.S. and what’s being done to address them at the Potomac Officers Club’s 2024 Homeland Security Summit, which will take place on Nov. 13. Register now to attend this important event!

The Space Security and Defense Program, which operates under the Department of the Air Force, is seeking input for space domain awareness capabilities and services to address threats in a dynamic and increasingly crowded space environment.

Interested contractors should submit concepts that address key focus areas—particularly, support to fires, surveillance of man-made objects, intelligence and reconnaissance, and environmental monitoring, according to a request for information notice posted on Sam.gov Wednesday.

In addition, the SSDP is looking for concepts that would enable military forces to plan, integrate, execute and assess space operations. They should have one or more of these features: high sensibility to detect small objects across a wide area of space, the ability to reduce solar, earth and lunar exclusion zones and the capability to process collected data quickly.

The concepts should also be capable of detecting, tracking and identifying resident space objects, characterizing or determining strategies, intent and activities of threats, predicting and assessing potential and actual threats and integrating and utilizing multi-source data for dynamic decision-making.

Interested parties may send their responses to the RFI no later than Nov. 14.

U.S. Cyber Command has introduced a roadmap for integrating artificial intelligence into military cyber operations as part of efforts to scale operations and improve its analytic capabilities and ability to disrupt adversaries.

USCYBERCOM said Friday the roadmap focuses on working with the National Security Agency to advance AI and computing capabilities and outlines over 100 activities across national defense, contested logistics, security and other mission areas.

“The integration of AI is a strategic necessity,” said Michael Clark, the command’s deputy director of plans and policy. 

“Our roadmap will incorporate AI into all aspects of our operations to better address cyber threats,” Clark added.

A new task force within the Cyber National Mission Force will oversee the plan’s implementation and address challenges associated with infrastructure development, policy constraints and talent acquisition.

According to USCYBERCOM, the roadmap will include the execution of over 60 pilot projects and 26 new AI integration initiatives, improve industry partnerships and advance sustainable tech development efforts.

The Department of Defense’s Future Generation Wireless Technology Office is preparing DOD for its transition to the next generation of wireless telecommunications, called 6G, and one of its top priorities is advancing centralized unit, distributed unit, or CUDU, Defense News reported Friday.

The CUDU project seeks to implement an open software model for 6G that meets the requirements of DOD, industry and the research community. 

The FutureG office is looking at how the military could advance 6G for sensing and monitoring initiatives like the Integrated Sensing and Communications project, or ISAC.

According to the report, ISAC gathers information on different environments using wireless signals, a capability that could help the military gather intelligence and track drone networks.

Though ISAC technology could strengthen the Pentagon’s intelligence, surveillance and reconnaissance systems, potential commercialization could lead to adversary countries using the technology against the U.S.

“We’re looking at this as a real opportunity for dramatic growth and interest in new, novel technologies for both commercial industry and defense needs,” Thomas Rondeau, principal director for DOD’s FutureG office, told the publication in an interview.

“But also, the threat space that it opens up for us is potentially pretty dramatic, so we need to be on top of this,” he added.

Rondeau noted that initiatives that resulted from the department’s 5G Challenges have informed DOD’s 6G vision and strategy.