By Edward Spenceley, Senior Vice President, National Government Contracting Specialist, Bank of America Global Banking and Markets
Even as they support the nation’s ongoing pandemic response, contractors are upgrading their cyber defenses, solidifying supply chains and adjusting to new government policies
As essential partners in the government’s coronavirus response efforts, government contractors have fared better and faced fewer disruptions than companies in many other industries. That trend is likely to continue as contractors support massive federal and state efforts to produce and deploy vaccines against the virus.
However, preparing for a post-pandemic future means assessing and addressing other issues as well. A change in administration brings questions about budgets and spending and regulatory priorities, and as the coronavirus emergency eases, agencies are shifting their attention back to technology modernization, cyber security and other initiatives. Here are some of the industry’s greatest challenges and opportunities.
New rules on cyber security
For many government contractors, the most important issue right now may be the phase-in of new rules governing cyber security. On January 31, 2020, the Department of Defense (DoD) announced the Cybersecurity Maturity Model Certification (CMMC), which is designed to measure the capabilities of every contractor that works with the DoD. By 2026, according to the rules of CMMC, contractors will have to be certified at one of five levels, depending on what they provide to the government. Those delivering vegetables to an Army base won’t have to meet the same standards as companies providing counterintelligence analysts to the CIA.
The DoD has said that about 90% of contracts will be designated Level 3, and for 2021, only seven pilot contracts will be required to meet Level 3 certification. But over the next five years, all contractors will have to comply.
The federal government mandated NIST 800-171 compliance about three years ago and has reiterated that companies that have met this requirement will most likely meet CMMC Level 3 requirements, which apply to the largest percentage of contract offerings throughout the federal government acquisition space. The National Institute of Standards and Technology (NIST) standard stipulates how contractors must manage “controlled unclassified information,” or CUI. But CMMC is something every contractor will need to address. The first steps are to assess current security measures and create a plan for upgrading IT systems with access controls, audit and accountability procedures and employee training. For more information about achieving certification, contractors can consult the “CMMC Model and Assessment Guides.”
Adding urgency to the need for government contractors to address cyber security issues, an executive order from the White House on May 12, 2021, included several provisions, involving the security of software supply chains, the establishment of a Cybersecurity Safety Review Board and other changes, that will directly affect contractors that work with the federal government.
Ongoing efforts to address the coronavirus
A significant portion of the recent stimulus money from Congress is being funneled to state agencies that manage virus testing and vaccinations. There has been a huge upsurge in business for medical staffing contractors. Rules calling for agencies to maintain larger inventories of personal protective equipment (PPE) are likely to stay in place, benefiting PPE suppliers.
A longer-term impact may be how contractors’ customers—the officers who award and administer contracts—have used their authority to be flexible and agile in ensuring that missions are completed. Their cooperative response is likely to persist post-pandemic.
“The takeaway for contractors is the importance of being constantly in contact with their contracting officers and working with them to solve problems.”
Cloud computing, weapon systems and artificial intelligence
The Department of Defense and other agencies are increasingly shifting to cloud computing as part of a government-wide modernization and standardization of information technology systems. That’s a huge initiative that gained further momentum during the pandemic, when so many federal employees and contractors have had to work remotely. Another top priority is research and development involving hypersonic weapon systems, artificial intelligence and other emerging technologies. Contractors in these areas may find opportunities for growth.
Consolidated contracts and small business changes
There has been a continuing push to consolidate contracts for performing very similar functions within and across multiple agencies. All told, this change affects more than $30 billion in contracts. While the government maintains that consolidations will simplify and streamline the contracting process, it will take time and resources for contractors to make the transition.
For smaller contractors, a positive development has been the Small Business Runway Extension Act. Instead of looking at the average of a contractor’s revenue for three years, as in the past, the new rules average it over five, allowing growing businesses to remain “small,” and thus eligible for contracts set aside for smaller enterprises, for a longer period of time.
That’s a benefit because when a business stops being officially small, it needs to have the momentum to jump from, say, being a $15 million company to being a $40 million company, so that it will be better prepared to compete against $200 million companies in the open market.
Impact of a new administration
For defense contractors, the number-one issue is always the federal budget, and many wonder whether the large spending increases of the past few years will continue. But the most recent National Defense Authorization Act, which includes a moderate increase in spending, passed with broad bipartisan support and overcame a presidential veto. Looking ahead, if the government wants to ensure that the national defense strategy is always fully supported, a bi-partisan agreement might be considered to put a floor on defense spending.
Next steps for government contractors
The government, at least for now, is still very focused on the response to the pandemic. Beyond that, the biggest regulatory change is the CMMC cyber security requirements. As it has done at least since the beginning of the pandemic, the government continues to face the challenges that are in front of it. Misinformation and uncertainty opened the door for an increase in cyber crime and other criminal activity over the past year, in addition to other kinds of military and commercial aggression from nation states. These are the issues that are going to be tackled first. Acquisition reform and other possible regulatory changes are likely to be delayed. Contractors, too, need to focus on what’s in front of them.
One positive result of the government’s mobilization against the pandemic has been a greater sense that everyone is in this together. For contractors, that means reaching out to their customers—the government agencies they work with—to find out what they’re struggling with and to find solutions.
The most important thing is to have continuous, open communication. The same advice extends to contractors’ communication with their bankers, who can help them keep up with the shifting priorities and requirements of working with the government and make sure their company is well positioned for the post-pandemic future.
This content was originally posted by Bank of America here and is reshared with permission.