Month: November 2015

Five Things You Should Know About DoD Cybersecurity Regulations

In 2007, a preeminent American defense contractor first reported cyber attacks emanating from China. Four years later, upon a visit by then Secretary of Defense Robert Gates, the Chinese Air Force revealed a fighter jet unnervingly similar to the one manufactured by the hacked American contractor. More recently, the FBI reported in July 2015 that hackers accessed the personnel files and security clearances of over 22 million federal employees and contractors.

Accordingly, the Department of Defense (DOD) moved to strengthen the Defense Federal Acquisition Regulation Supplement (DFARS) concerning cybersecurity. The interim rule alters the contractual duties of government contractors and subcontractors in a significant manner. Thus, every government contractor and subcontractor ought to consider the following 5 highlights of the interim rule.

1. Seriousness. The regulation is effective immediately. The DOD invoked “urgent and compelling reasons” to impose the change without the typical comment period. The comment period before final form remains open until October 26, 2015, however.

2. Scope. First, the interim rule requires “adequate security” from “unauthorized access and disclosure,” an imposition yet undetermined in breadth. Second, the addition compels contractors to report to the DOD any cyber incident “adverse or potentially adverse” to the contractor’s information technology (IT) systems. The scope of what defines “adverse or potentially adverse” is unknown. Once a contractor or subcontractor reports an incident, the company must make all affected “media” available to government inspection. This includes physical devices such as laptops and cell phones as well as paper archives.

The DOD did clarify that the rule includes contracts for commercial items. Likewise, it covers non-confidential and proprietary information. Regulations applicable to confidential data remain unchanged.

3. Speed. The new regulation requires contractors and subcontractors to report cyber incidents within 72 hours of the attack.  The contractors owe their report to the DOD while the subcontractor must account to the prime contractor and to the DOD. Fortunately, though, the DOD will not consider such reporting, by itself, as evidence that a company has failed the rule’s security requirements.

4. Savings? The DFARS modifications are similar in language and intent to those of another federal agency, one created specifically for IT security. As such, the interim rule is “tailored for use in protecting sensitive information residing in contractor information systems,” which could indicate potential savings for certain companies. Other companies, however, especially those without IT departments or IT experts, could experience increased costs. The DOD even admits that some 10,000 small businesses will require the help of IT experts to decipher cyber incidents, to determine the information affected, and to author the government report.

5. Service impact. Many contractors and subcontractors are moving their IT services to cloud computing. The interim rule applies to cloud computing, too. In fact, it compels companies to monitor their cloud to confirm the appropriate “administrative, technical, and physical safeguards.”

The broad nature of these DOD security requirements necessitates a precise and professional approach for government contractors. Vandeventer Black’s Construction and Government Contracts Team attorneys are poised to help navigate those needs for our clients. Please contact us for more information.

Five Things You Should Know About DoD Cybersecurity Regulations

In 2007, a preeminent American defense contractor first reported cyber attacks emanating from China. Four years later, upon a visit by then Secretary of Defense Robert Gates, the Chinese Air Force revealed a fighter jet unnervingly similar to the one manufactured by the hacked American contractor. More recently, the FBI reported in July 2015 that hackers accessed the personnel files and security clearances of over 22 million federal employees and contractors.

Accordingly, the Department of Defense (DOD) moved to strengthen the Defense Federal Acquisition Regulation Supplement (DFARS) concerning cybersecurity. The interim rule alters the contractual duties of government contractors and subcontractors in a significant manner. Thus, every government contractor and subcontractor ought to consider the following 5 highlights of the interim rule.

1. Seriousness. The regulation is effective immediately. The DOD invoked “urgent and compelling reasons” to impose the change without the typical comment period. The comment period before final form remains open until October 26, 2015, however.

2. Scope. First, the interim rule requires “adequate security” from “unauthorized access and disclosure,” an imposition yet undetermined in breadth. Second, the addition compels contractors to report to the DOD any cyber incident “adverse or potentially adverse” to the contractor’s information technology (IT) systems. The scope of what defines “adverse or potentially adverse” is unknown. Once a contractor or subcontractor reports an incident, the company must make all affected “media” available to government inspection. This includes physical devices such as laptops and cell phones as well as paper archives.

The DOD did clarify that the rule includes contracts for commercial items. Likewise, it covers non-confidential and proprietary information. Regulations applicable to confidential data remain unchanged.

3. Speed. The new regulation requires contractors and subcontractors to report cyber incidents within 72 hours of the attack.  The contractors owe their report to the DOD while the subcontractor must account to the prime contractor and to the DOD. Fortunately, though, the DOD will not consider such reporting, by itself, as evidence that a company has failed the rule’s security requirements.

4. Savings? The DFARS modifications are similar in language and intent to those of another federal agency, one created specifically for IT security. As such, the interim rule is “tailored for use in protecting sensitive information residing in contractor information systems,” which could indicate potential savings for certain companies. Other companies, however, especially those without IT departments or IT experts, could experience increased costs. The DOD even admits that some 10,000 small businesses will require the help of IT experts to decipher cyber incidents, to determine the information affected, and to author the government report.

5. Service impact. Many contractors and subcontractors are moving their IT services to cloud computing. The interim rule applies to cloud computing, too. In fact, it compels companies to monitor their cloud to confirm the appropriate “administrative, technical, and physical safeguards.”

The broad nature of these DOD security requirements necessitates a precise and professional approach for government contractors. Vandeventer Black’s Construction and Government Contracts Team attorneys are poised to help navigate those needs for our clients. Please contact us for more information.

Potential Changes…New Overtime Rules Proposed by Department of Labor

Authored by Neil Lowenstein

Earlier this year, the Department of Labor (DOL) published new proposed rules for FLSA overtime requirements. The following are some important items to note from the proposal:

  • Increasing the salary threshold from $23,660/year to $50,400/year [40th percentile].
  • Increasing the “highly compensated” threshold from $100,000/year to $122,148/year [90th percentile]; and
  • Automatically increasing the thresholds to “keep pace with inflation.”

There may be some changes to these proposed rules.  However, if there are not, these proposed rules will go into effect in 2016.  For more information about these changes or any other employment law matter, please contact us.

Don’t Let Your Intern Become a Nightmare

Authored by Dustin Paul

The end of school and the start of summer can provide students a rare opportunity to experience life in the workplace.  Many students have traded summer jobs like lifeguard or ice cream scooper for more educational experiences, like internships.  The idea of having a young man or woman around your workplace to learn the operation may sound attractive, but companies need to beware of possible implications under the federal Fair Labor Standards Act.

Several industries have been hit with recent lawsuits by interns claiming they were misclassified.  These interns claim they were actually employees, subject to minimum wage and overtime restrictions.  Although the vast majority of internships would never lead to litigation, all businesses should evaluate their programs to ensure they comply with the applicable federal law.

The U.S. Department of Labor identifies six criteria that will be applied in deciding whether an individual should be classified as an employee or an unpaid intern.  First, is the internship similar to training which would be given in an educational environment?  Second, is the internship experience primarily for the benefit of the intern?  Third, does the intern replace regular employees?  Fourth, does the employer obtain any immediate advantage from the activities of the intern?  Fifth, is the intern entitled to a job at the conclusion of the internship?  Sixth, do both the company and intern understand that the intern is not entitled to wages as part of the internship?

The Second Circuit, one of the most prominent federal courts in the country, recently considered these issues in a case brought by interns of the Fox Searchlight movie production company.   The Court concluded that the key question is whether the intern or the employer is the primary beneficiary of the relationship.

If your company cannot answer that question with an emphatic answer that the intern is the beneficiary, it may be time to reevaluate your internship program.

Provision Agreeing to Not Challenge Arbitration Award Voided by Georgia Court

An increasingly popular arbitration clause provision is language purporting to waive later challenge to the arbitration award. In a recent decision in Atlanta Flooring Design Centers, Inc. v. R.G. Williams Constr., Inc., 733 S.E.2d 868 (April 2015), the Georgia Court of Appeals held such waiver void and unenforceable.

While that court recognized the general fundamental principle that parties have the right to freely contract, it rationalized that Georgia’s arbitration act does not permit such waiver or elimination of right to seek to vacate or modify an arbitrator’s award. The court also relied upon federal case law interpreting the Federal Arbitration Act similarly holding.

Virginia’s arbitration statutes are similar to those of Georgia and the Federal Arbitration Act. So, would a Virginia court rule similarly? That remains to be seen.

For example, compare the Atlanta Flooring analysis with the Virginia Supreme Court’s holdings in Gordonsville Energy v. Virginia Electric and Power Company, 257 Va. 344 (1999) enforcing a contractual provision waiving the right to challenge a contract’s liquidated damages provisions. But one can certainly distinguish waiving another contractual provision (in that case for LDs) from a statutory judicial review statute such as applies to an arbitration award.

Time, and someone’s judicial challenge, will tell.

Changes . . . New Overtime Rules Published by Department of Labor

Earlier this year, the Department of Labor (DOL) published new proposed rules for FLSA overtime requirements. Among the proposed rules, DOL has proposed:

  • Increasing the salary threshold from $23,660/year to $50,400/year [40th percentile].
  • Increasing the “highly compensated” threshold from $100,000/year to $122,148/year [90th percentile]; and
  • Automatically increasing the thresholds to “keep pace with inflation.”

The new rules will go into effect in 2016 absent further change.

Vandeventer Black’s Anne Bibeau regularly address these and related employment matters, both involving overtime issues and employment issues for broadly. For more information about these changes or any other employment law matter, please contact her or any of the other Vandeventer Black Employment Law Group team members or (757) 446-8600.

New Laws Affecting Construction: Part III

Authored by James Harvey

In Part 3 of our articles on the 2015 changes to the Virginia Public Procurement Act, we provide a brief explanation of Job Order Contracting (JOC) now possible on Virginia public projects.  Public bodies in Virginia may now procure services for multiple jobs through a single indefinite quantity indefinite duration contact provided that the jobs require similar experience and expertise, the nature of the jobs are clearly identified in the solicitation, and the contract term is limited to one year or the maximum authorized fees.  Payment is made according to an agreed “book of unit prices.” The maximum amount of all jobs performed in a one-year JOC contract term cannot exceed $5 million and individual job orders cannot exceed $500,000.  Splitting orders to fit within these caps is not permitted, but maybe difficult to determine by anyone outside the public body.  While JOC contracts are only one year contracts, they can be renewed for two additional one-year terms.  JOC contracting is not available for highway, bridge, tunnel or overpass construction or maintenance. Multiple public bodies can conduct joint procurement agreements with the goal of reducing administrative expenses in the acquisition of goods, services or construction.
While Job Order Contracting creates a new vehicles for public bodies to streamline procurement for relatively small and repetitive services, it also reduces competition for small businesses to participate in public contracting, makes government procurement less visible to public scrutiny and increases the potential for abuse by contracting officials and contractors.  This is a new experiment in Virginia and warrants continuing scrutiny and evaluation to determine if it truly an effective contract vehicle.

READ: PART IPART II

Upcoming Events
Stay Connected
0
    0
    Your Cart
    Your cart is empty