CLE Institute Offers Insights Into Legal & Tech Issues in Government Contracting Space
October 18, 2022
On October 14 the D.C. Bar held its first CLE Institute on Government Contracting Law, highlighting new opportunities and challenges in the $637 billion federal contracts marketplace. The all-day event also addressed changes in technology and the rules, regulations, and procedures that companies must follow to conduct business with the government.
Small Business Players
Keynote speaker Sharon B. Heaton, CEO and founder of sbLiftOff, a mergers and acquisitions (M&A) advisory firm, talked about the benefits of providing legal counsel to small business owners in the government contracting (GovCon) sector. “[GovCon] is a place where things still really work,” Heaton said, citing today’s polarized politics. “As lawyers, we get to service that part of the market and understand what still works in the United States.”
Heaton offered examples of clients in the low-to-middle market ($20 million to $150 million in revenue) that got involved in government contracting, including a military veteran who had a severe brain tumor. After leaving the military, the veteran worked in cyberspace but turned to government contracting to help finance his medical bills and provide for his wife. Heaton worked with the veteran for about four years, guiding him in starting his own business and acquiring a larger one.
For small businesses, the first four or five years working GovCon is challenging because they have to bill past performance, which is usually subcontracting for large primes, Heaton said. “There is a lot of analysis that needs to be done in order to determine the value of these companies,” she said. “But let’s not confuse the value of these companies with the value of the people behind [them]. These are the people who make capitalism work. They are the ones who actually make the federal government function.”
“It has become an issue of national security that we don’t have enough of these kinds of companies,” Heaton said, paraphrasing a 2022 speech by U.S. Deputy Secretary of Defense Kathleen Hicks on how innovation often comes from small companies. “We need more of these heroes of capitalism. And we need to honor and respect what they do.”
Heaton ended her address by saying, “As lawyers and professionals, we need to recognize the value that they bring and how lucky we are to be able to support them.”
AI and Machine Learning
In one of the afternoon breakout sessions, panelists discussed the implications of increasing use of AI and machine learning in government contracting. Andrew Bowne, chief legal counsel for the Department of the Air Force–Massachusetts Institute of Technology AI Accelerator, kicked off the discussion by pointing out rapid advancements in the area. For instance, at one point programs like TurboTax would have been considered AI, but not anymore.
At its most basic, AI involves algorithms that allow a program to learn through experience, Bowne said. In traditional systems the programmer provides the data and rules. In machine learning, the programmer creates an algorithm that creates its own rules. Common examples are recommender systems (ones that suggest relevant products), predictive text systems, and advertisements that we encounter daily. These systems adapt their behavior to our individual uses through machine learning, rather than through parameters preset by the programmer.
“Why is this so important?” Bowne asked. “In the national security strategy that was released this week, AI was mentioned pretty frequently,” he said. “Same with the national defense strategy that came out a few months ago.” Bowne noted that despite the expressions of interest by the government, some Silicon Valley companies and China continue to outspend the government in AI development.
As digital transformation lead for the U.S. Department of Homeland Security, panelist Scott E. Simpson said he is obligated to consider past performance records of bidders to determine preference in federal contract awards. Agencies use the Contractor Performance Assessment Reporting System (CPARS) to track the performance of hundreds of thousands of vendors.
“We are trying to use artificial intelligence to speed up the process of finding relevant past performances,” Simpson said. CPARS algorithms use word clouds, keywords, and emotional recognition to find and deliver relevant records to contracting officers, who then make the final contract determination.
The second phase of the project — where vendors will refine the prototype systems using anonymized data from federal agencies — is currently on hold, said Simpson. Prototyping has been done, but further progress cannot be made until Federal Acquisition Regulation (FAR) case 2021-013 is resolved. The proposed revisions to FAR 42.1503 would allow the government to share contractor assessment with third parties, which Simpson said is necessary to train the AI system. Anonymized data is not enough to create an optimized system, he added.
Jessica Tillipman, assistant dean for government procurement law studies at the George Washington University Law School, said that emerging technologies can reduce risk. From her perspective, corruption is virtually impossible to purge altogether, but AI systems could be effective, “not to eliminate but to prevent, protect, and mitigate corruption,” Tillipman said.
Tillipman identified five areas where emerging technologies could improve the current government contracting system: transparency, contractor vetting, contract oversight, government touchpoints that create opportunities for corruption to occur, and supply chain risk.
Bowne said that use case scenarios for AI in government contracting are unlimited, and that virtually any function that requires locating relevant data could employ AI to deliver faster and better results. “As we are starting to see some of these applications [be] deploy[ed] and have success, we are getting a peek through the window. What is on the other side?”
Cybersecurity Compliance
In the session on cybersecurity compliance, Brian Hubbard, president and founder of Evolved Cyber Solutions, focused on the growing cybersecurity threats targeting organizations, governments, and businesses. “Law firms are one of the most attractive targets … because they have access to all of their clients’ data,” Hubbard said. “Likewise, small businesses that are serving larger businesses as subcontractors within their supply chain are the vector that is the easiest for the cybersecurity threat actors to come after and try to work their way up the chain.”
Cybersecurity threats in the government date back to the 1960s, Hubbard said, and yet many data systems are still not as secure as they should be. “The problem is that people have been paying lip service to it,” he said. “So, the same challenges and data losses have been magnified over time.”
Ashden Fein, a partner at Covington & Burling LLP, cited President Biden’s Executive Order on Improving the Nation’s Cybersecurity (May 2021) as a major effort to combat these attacks. The order stipulates development of cybersecurity standards for the government and private sector, disruption of cybersecurity threat actors, greater national resilience for when cybersecurity attacks happen, and leveraging of international cooperation.
Fein offered three tips for contractors to deter cybersecurity threats. One is to track the evolving contractual requirements and have a mechanism to consolidate them. “I’m talking about … all of the requirements that deal with information security and having a centralized mechanism that can be shared through the contractor’s team, the programmers’ team,” he explained.
Organizations also need to know thoroughly their controlled unclassified information (CUI), Fein said. “Knowing where the most unlikely places CUI is coming from, who is producing it, and where it’s going will save a lot of money and time on the back end if a security incident occurs,” Fein added.
Another important deterrence is communication discipline. “There are so many stakeholders involved with government contractors,” Fein said. “It is particularly difficult for those organizations that have both commercial sides of their business and government contracting because in a lot of cases the government contracting is a lot smaller.” Fein recommended clear and consistent communication between stakeholders when a cybersecurity incident occurs.
