In an attempt to make the supply chains for those bidding on certain projects with the Department of Defense more secure, the Department has issued a new rule. The rule, howeverm, makes it completely unclear what bidders are expected to do, and if a bidder is found to be lacking in regards to supply chain security, they can be banned from bidding on contracts without even being told where the problems are so that they can address them. The rule is is an amendment to the Defense Federal Acquisition Regulation Supplement, and was put into effect upon signing on Nov. 18. It covers bids in the areas of intelligence and cryptology, military command-and-control systems, and integral weapons components (or guidance systems). It requires that the bidders assure the security of their outsourced components, many of which are located overseas.
A law firm located in San Francisco, Morrison & Foerster LLP, concluded that the rule stems from section 806 of the National Defense Authorization Act of 2011. The rule attempts to stop cyber terrorists, hackers, or foreign governments from subverting sensitive systems through the software or components they use in the design of such systems.
Contractors have until Jan. 17 to comment on the new rule. Likely, most of the comments will focus on the lack of transparency, which allows for no process to challenge a denied bid and does not require the Department of Defense to identify problems with a bid to the bidder. If the lack of clarity and transparency in the new rule is addressed, the rule is likely to improve the security of certain mission critical systems used in national defense. It could also improve the overall integrity of the supply chain in general, especially those working within certain areas of cyber security.