United States: Government Contracts Legislative And Regulatory Update - June 2017

Our June edition of "Government Contracts Legislative and Regulatory Update" offers a summary of the relevant changes that took place during the month of May.

Highlights this month include:

• President Trump issues executive order on strengthening the cybersecurity of federal networks and critical infrastructure
• Trump administration sends long-awaited FY18 budget request to Congress
• Senate introduces bill aimed at reforming the process by which federal agencies analyze and formulate new regulations and guidance documents

This update will also be available in Contract Management Magazine, which is published monthly by the National Contract Management Association (NCMA).

Executive Action Update

President Trump issues executive order on strengthening the cybersecurity of federal networks and critical infrastructure

On May 11, 2017, President Trump signed an executive order (EO) aimed at strengthening the cybersecurity of federal networks and our nation's critical infrastructure. The given rationale for issuance of the EO is that the information technology (IT) infrastructure relied upon by the government and, in particular, the executive branch, is antiquated and needs to be enhanced for the sake of our nation's security. In particular, the EO calls for federal agencies to "build and maintain a modern, secure, and more resilient executive branch IT architecture."

The EO is divided into three separate categories, with each section creating requirements for various agencies to conduct assessments and produce reports related to cybersecurity.

The first section of the EO, titled "Cybersecurity of Federal Networks," focuses on federal network risk management. Specifically, it notes that agency heads will be held accountable by the president for implementing risk management measures to reduce or mitigate the harm that would result from a breach of its IT and data. Notably, each agency head is called upon to use the "Framework for Improving Critical Infrastructure Cybersecurity" (Framework) developed by the National Institute of Standards and Technology (NIST). In terms of implementation, each agency head must, by August 17, 2017, provide to the secretary of the Department of Homeland Security (DHS) and the director of the Office of Management and Budget (OMB) a risk management report that documents the risk mitigation and acceptance choices made by the agency as of May 11, 2017. In turn, the DHS secretary and OMB director will make determinations based on the agencies' risk management reports as to whether each agency's risk mitigation and acceptance choices are adequate. Within 60 days of receipt of the reports, the DHS secretary and OMB director will submit to the president their determinations and a plan to, among other things, protect the executive branch against IT vulnerabilities. Finally, this first section requires agency heads to "show preference in their procurement for shared IT services."

The second section of the EO, titled "Cybersecurity of Critical Infrastructure," requires the secretary of the DHS, the secretary of Defense, the US attorney general (AG), the director of national intelligence, the director of the Federal Bureau of Investigation (FBI) and appropriate sector-specific agencies to work in collaboration to: (1) identify authorities and capabilities that agencies could employ to support the cybersecurity efforts of critical infrastructure; (2) engage with and solicit input from critical infrastructure entities to determine how identified authorities and capabilities might be employed; and (3) provide a report to the president by November 7, 2017 (updated annually) that (1) includes authorities and capabilities, and results from the aforementioned engagement with critical infrastructure entities; and (2) makes recommendations for supporting cybersecurity risk management efforts of critical infrastructure entities. Additionally, this second section of the EO calls for the secretary of the DHS and the secretary of the Department of Commerce (Commerce) to provide a report to the president that examines the sufficiency of current federal policies to promote appropriate market transparency of cybersecurity risk management practices by critical infrastructure entities, in particular, publicly traded critical infrastructure entities, by August 9, 2017.

The third and final section of the EO, titled "Cybersecurity for the Nation," requires the heads of several executive agencies to submit a report to the president regarding "the Nation's strategic options for deterring adversaries and better protecting the American people from cyber threats." Additionally, within 30 days after issuance of the EO, several heads of executive agencies are required to submit reports to the president on their "international cybersecurity priorities, including those concerning investigation, attribution, cyber threat information sharing, response, capacity building, and cooperation."

Importantly for government contractors, this EO presents the prospect of expansive contract opportunities for cybersecurity contractors to "build and maintain a modern, secure, and more resilient executive branch IT architecture." Further, given that the EO requires agency heads to show a preference in their procurement for shared IT services, government contractors that provide shared IT services may experience an uptick in business. Correspondingly, contractors that can provide commercially available off-the-shelf (COTS) software, or apply their technology across multiple agencies, may gain business if they become shared services vendors. ("Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure," 05/11/2017).

Trump administration sends long-awaited FY18 budget request to Congress*

*Chris W.K. Fetzer, senior advisor in Dentons' Public Policy and Regulation practice, contributor

On May 23, 2017, nearly four months after the statutory deadline, the Trump administration sent its FY18 budget request to Congress. (Notably, President Trump's three immediate predecessors all delivered late budgets during their respective first years in office.) President Trump's budget request is non-binding, and is merely an opening salvo in a budget debate between congressional Republicans, Democrats and the administration. The GOP's leading defense and national security policymakers have proclaimed the president's FY18 request for $639 billion in total defense spending to be dead on arrival. Senate Armed Services Committee (SASC) Chairman John McCain (R-AZ) and Representative Thornberry (R-TX-13th), among many others, believe that military readiness and modernization priorities require $700 billion in FY18 total defense spending. Although the rationale underscoring the funding level preferred by Sen. McCain, Rep. Thornberry and other pro-defense spending Congressional defense members has merit, $700 billion in FY18 total defense spending is an unrealistic goal based on existing budgetary constraints and political dynamics. In a departure from President Trump's March 2017 budget blueprint, or "skinny budget," which called for the full repeal of defense sequestration, the president's FY18 budget request doesn't propose such repeal. One individual in particular within the administration was more than likely the driver of this change. Former House member and current OMB Director Mick Mulvaney, a staunch fiscal conservative and long a thorn in the side of the congressional defense policymakers who are advocating for dramatic increases in defense spending, is believed to have wielded more influence than anticipated in the determination of the topline defense spending level in the president's budget request.

Without prior congressional action, defense and domestic spending caps mandated by the Budget Control Act (BCA) of 2011 are scheduled to be re-imposed on October 1, 2017, the start of FY18. President Trump is proposing to pay for the FY18 defense spending request, which is $54 billion above the statutory caps, with dramatic spending cuts to domestic agencies and programs. This is a non-starter for congressional Democrats, as well as many congressional Republicans, including those in the latter camp who believe that the soft power capabilities provided via State Department (State) and US Agency for International Development (USAID) programs are vital components of the broader US national security toolkit. Although Congress is very likely to raise the statutory defense spending caps for FY18 to allow for an increase in defense spending, it is unlikely to happen without a corresponding or similar increase in the statutory domestic spending caps for FY18. Recognizing this reality, House Appropriations Committee Defense Subcommittee (ACDS) Chairwoman Kay Granger (R-TX-12th) has expressed that although she would prefer to see an increase in defense spending in line with that proposed by Sen. McCain and Rep. Thornberry, she doesn't believe that an increase beyond that proposed by the president is obtainable.

Work is underway in the SASC and House Armed Services Committee (HASC) on the FY18 National Defense Authorization Act (NDAA), and the committees are sure to produce legislation in June-July 2017 that would fund the Department of Defense (DoD) well above President Trump's request. This will serve as Sen. McCain and Rep. Thornberry's opening salvo in their negotiations with the administration on FY18 defense spending. The ultimate topline defense spending level for FY18 is unlikely to be resolved until a final version of the NDAA is agreed upon in conference in Fall 2017.

President Trump signs Consolidated Appropriations Act of 2017 into law

On May 5, 2017, President Trump signed into law the Consolidated Appropriations Act of 2017. Signed just before expiration of an extant stop-gap emergency appropriation measure, the Act appropriates a total of $1.17 trillion across agencies and sectors, with $593 billion going toward the DoD. That total number includes $516.1 billion in base discretionary funding and $76.6 billion in Overseas Contingency Operations (OCO)/Global War on Terrorism (GWOT) funding. Of specific interest to contractors is $123.3 billion set aside for procurement of equipment, including ships, aircraft, helicopters, missiles and unmanned aerial vehicles. Additionally, $73.7 billion was set aside for research and development of new defense technologies.

As discussed in the April Legislative and Regulatory Update, this focus on defense spending and President Trump's plan to bolster the military could prove beneficial to defense contractors, especially in the aviation industry. (H.R. 244 - 115th Cong. (2017-2018)).

Legislative Update

Senate introduces bill aimed at reforming the process by which federal agencies analyze and formulate new regulations and guidance documents

On April 26, 2017, a bipartisan pair of senators, Rob Portman (R-OH) and Heidi Heitkamp (D-ND), introduced the Regulatory Accountability Act (RAA) of 2017, which is intended to reform the process by which federal agencies analyze and formulate new regulations and guidance documents. Most notably, the legislation, if passed by the House and signed into law by the president, would require federal agencies to (i) analyze the costs and benefits of new regulations and (ii) adopt the most cost-effective approach to achieve their goals. Additionally, the bill would mandate federal agencies to (i) disclose the information they relied on in their cost-benefit analyses, and (ii) invite early participation from the public on "major" rules (defined below).

Interestingly, agency compliance with the legislation's aforementioned requirements would be subject to judicial review for any "major rule and high-impact rule." A "high-impact" rule is defined in the legislation as any rule that the administrator determines is likely to cause an annual effect on the economy of $1 billion or more, adjusted once every five years to reflect increases in the Consumer Price Index for All Urban Consumers (CPI-U), as published by the Bureau of Labor Statistics (BLS) of the Department of Labor (DOL). A "major rule" contains the same definition plus the following: any rule that the administrator determines is likely to cause either (i) a major increase in costs or prices for consumers, individual industries, or federal, state or local government agencies; or (ii) significant adverse effects on employment, competition, productivity, investment, public health and safety, innovation or the ability of US-based enterprises to compete with foreign-based enterprises in domestic and export markets.

Contractors stand to gain from increased transparency and participation in shaping major rules, as defined in the legislation. (S. 951 - 115th Cong. (2017-2018)).

House passes Modernizing Government Technology Act of 2017

On May 18, 2017, the House of Representatives passed the Modernizing Government Technology Act of 2017. If it becomes law, the Act would require covered agencies to establish an "information technology system modernization and working capital fund." In an effort to revamp and modernize the technology used in federal agencies, the Act would require agencies to deposit into the fund any funds "for the operation and maintenance of legacy information technology systems." Thus, instead of using such funding to continually maintain existing (and outdated) IT infrastructure, agencies would pool their resources towards a larger overhaul of IT systems in part to "mitigate existing operational and security risks" and utilize cloud computing technology. The Act would also create a "Technology Modernization Board" in the Treasury Department to oversee the use of such funds, and would appropriate $250 million toward such modernization efforts for 2018 and 2019.

Contractors in the IT goods and services industry could see increased contracting opportunities to follow based on the Act's goal to "transition legacy information technology systems at the covered agency to cloud computing and other innovation platforms and technologies" and "assist and support agency efforts to provide adequate, risk-based, and cost-effective information technology capabilities that address evolving threats to information security." (H.R. 2227 - 115th Cong. (2017-2018)).

Industry Developments

HASC Chairman Thornberry releases defense acquisition reform proposal*

*Chris W.K. Fetzer, Senior Advisor in Dentons' Public Policy and Regulation practice, contributor

On May 18, HASC Chairman Mac Thornberry introduced the Defense Acquisition Streamlining and Transparency Act (H.R. 2511). The bill has no cosponsors and is intended to be a discussion draft to solicit feedback from Rep. Thornberry's fellow members of Congress, industry professionals, and other public and private sector stakeholders. Since becoming HASC chairman in 2015, Rep. Thornberry has released a defense acquisition reform proposal each year in advance of his committee's consideration of the annual NDAA. Rep. Thornberry's goal is to incorporate many of this year's provisions, with modifications based on stakeholder feedback, into the FY18 NDAA, which the HASC is scheduled to mark up on June 28, 2017. This process has proven to be successful, with the inclusion in the past two NDAAs of defense acquisition reform provisions that originated in standalone proposals introduced by Chairman Thornberry.

According to materials released by the HASC, among other provisions, Rep. Thornberry's proposal would:

• Require the DoD to contract with "commercial online marketplaces for procurement of certain commercial-off-the-shelf products;"
• Modify the incurred cost auditing process by raising materiality standards and enabling acquisition personnel "to choose either the Defense Contract Audit Agency [(DCAA)] or a qualified private auditor to conduct . . . audits;"
• "Raise contract dollar thresholds that [trigger] submission of certified cost and pricing data;"
• "Establish a centralized Office of Intellectual Property within [the DoD] to standardize [the DoD's] approach toward obtaining technical data . . . and serve as a single point of contact for industry;" and
• Enhance the training of DoD acquisition personnel.

Although Rep. Thornberry's current proposal has been criticized for failing to pursue groundbreaking changes, the chairman appears to be assessing the defense acquisition reform landscape from a different vantage point than that of his detractors. Rep. Thornberry's year-in, year-out incremental approach to effectuating cultural, policy and process changes in the defense acquisition realm may not be leading to revolutionary improvements. But revolutions on any front don't happen overnight within the DoD, the largest of all executive branch agencies and perhaps the most complex and immovable bureaucracy among its peer agencies as well. Notwithstanding the challenges presented by the DoD's size, structure and comfort level with its antiquated acquisition system, many of Rep. Thornberry's proposed reforms over the past two years have been implemented successfully and are achieving positive results.