Supply Chain Security Is Focus of Defense Department’s Murky New Rule

Contractors have until Jan. 17 to comment on an interim rule published by the U.S. Department of Defense (DOD) that addresses supply chain security in bids, orders, and services for national security systems.


The rule, issued on Nov. 18, is an amendment to the Defense Federal Acquisition Regulation Supplement. It seeks to assure the integrity of information technology products in key applications, such as intelligence and cryptology, military command-and-control systems, and integral weapons components (e.g., guidance systems).

The rule took effect on publication, so supply chain professionals at contractors must now determine how it affects their products for these areas and, more important, the steps they must take to assure that the components they source — many from overseas — pose no security hazards.

In an analysis on the Lexology website on Nov. 26, attorneys Peter McLaughlin, Bradley Wine, and Rick Vacura of Morrison & Foerster LLP, a San Francisco-based law firm, wrote that the rule is part of a program to minimize supply chain risks under section 806 of the National Defense Authorization Act of 2011. The Pentagon’s concern is that an adversary — whether a foreign government, criminal organization, or hacker — could use compromised IT components to subvert critical systems and degrade their functions.

“[T]he challenge for DOD … and the contracting community is to determine an appropriate mechanism for identifying and handling supply chain risk that meets legitimate security concerns, while providing the contractors with sufficient compliance guidance and a means to understand and … challenge the DOD’s determination of a contractor falling short of its commitment,” the authors noted.

One problem is that the rule lacks information about what DOD wants from contractors beyond their current supply chain security. Nor does the rule advise what particular safeguards contractors should have.

A contractor can be excluded from bids for national security systems if the DOD does not believe it has sufficient supply chain security, or it can be barred from using a subcontractor that also fails to meet the agency’s security criteria.

Moreover, the attorneys wrote, a rejected bidder might not be told that its supply chain is deficient — at least in the government’s assessment. “The lack of such information could prevent contractors from understanding or remedying inadequacies in their integrity program or responding to erroneous information relied upon by DOD,” they stated.

The DOD can also withhold the information it uses to determine a contractor’s supply chain security is deficient. This means the “decision will not be subject to appeal and cannot be the subject of a bid protest.”

There is a procedure for challenging such a decision, but it is complicated.

The attorneys concluded that the rule raises the bar quite a bit for supply chain professionals when it comes to proving the integrity and security of their supply chains. The comments due in January should encourage the DOD to clarify requirements for an “acceptable integrity program rating,” the attorneys advised, while urging for a transparent appeals process to be in place should a company be disqualified from a bid.

 

Share

Email  | Print  | Post Comment  | Follow Discussion  | Recommend  |  Recommended (0)

some_text   Tagged With:
 
Leave a Comment:

Your Comment:




CAPTCHA Image

[ Different Image ]

Press Releases
Resources
Home  |  My ThomasNet News®  |  Industry Market Trends®  |  Submit Release  |  Advertise  |  Contact News  |  About Us
Brought to you by Thomasnet.com        Browse ThomasNet Directory

Copyright© 2014 Thomas Publishing Company. All Rights Reserved.
Terms of Use - Privacy Policy






Bear
Thank you for commenting close

Your comment has been received and held for approval by the blog owner.
 
   
 
   
Error close

Please enter a valid email address