In funding everything else in sight, the Congress hasn’t left out federal contractors. So far in the big stimulus bill, contractors got an extension of section 3610, which gives them a sort of ongoing protection from the pandemic. To discuss, Federal Drive with Tom Temin welcomed the president and CEO of the Professional Services Council, David Berteau.
Insight by Exterro: Capt. John Henry, operations officer of the USCG Cyber Command, discusses how the Command prepares for and responds to cyber incidents. Justin Tolman, forensic subject matter expert at Exterro, will provide an industry perspective.
Tom Temin: The president and CEO of the Professional Services Council, David Berteau, and David, whatever bill it takes, contractors will take it for this particular extension, just tell us what exactly is going on.
David Berteau: Tom, you mentioned funding. And of course, one of the key aspects of section 3610, which was put in place in the original CARES Act back in March of last year, is that it does require no additional funding. It basically authorizes programs across the government, civilian agencies, the intelligence community and the Defense Department to reimburse contractors for costs they incur, keeping skilled personnel and key workers on the payroll when they can either access the facility due to some restrictions, Covid-19, etc, or do the work remotely. It’s a lot of work. We’ve teleworked a lot, right? And you and I’ve talked about this, there’s plenty of teleworking going on across the federal government now. Both federal civilian employees and military personnel as well, and of course, contractors. But there’s a lot of jobs that cannot be done remotely, lab work, repair work, you know, touch labor, work on a classified system inside a government secure facility, those are things you can’t do from your basement. And those are folks where if you can’t get into the facility, and you can’t do the work remotely, you don’t want to fire them, because these, this workforce has taken years to build up and oftentimes built up to meet the needs of the particular agency customer, whereas you know, NIH or NSA. And so 3610 has been used repeatedly. But at a very nuanced level. Basically, no contract modifications, nothing that’s caught inside the Federal Procurement Data System, no data needed, you just charge to a different number, and submitted with your invoice and if it’s approved, and you’ve met the formulas laid out by the agencies, then you get reimbursed for it. What’s interesting is in GAO looks at it, the IG looks at it, they don’t see a lot of evidence of its use necessarily because it’s down at the level of the programs. So we’re really delighted that Congress, Senate actually voted, had 94 votes in favor of the amendment on the floor on Saturday to extend section 3610 through September 30.
Tom Temin: Yeah, and you could have actually differing situations I mean, people in Huntsville, Alabama, or Fort Worth, Texas, contracting types of employees could be in the buildings, where is in headquarters and the Pentagon and so forth, or whatever could be still teleworking for a while?
David Berteau: Absolutely. And it also goes back and forth, right? We think, you know, we’re getting the infection rates down, we’re getting hospitalizations down. But the, you know, new cases are still at the level that last summer, we thought was exorbitantly high. And then we come down 70,000 cases a day, it’s still a lot. Nobody can really predict with the variants that are coming out where this is going. So it’s an authority. It’s there if you need it, but it’s not there if the government doesn’t need it. And so we’re really excited to have it extended.
Tom Temin: And then another major thing going on is the national security guidance coming out of the Biden administration, this as the spreading attack on Microsoft exchange servers operated by so far state and local government and industry. We don’t know yet whether federal government has been hit. So the cyber issue just seems to be getting to be a much louder drumbeat.
David Berteau: It’s a huge drumbeat. And it’s important that this interim guidance be issued, because the administration is building its budget to submit, you know, extensively, it’ll be submitted there early May a couple months late, but three months late, actually, but not consistent with what a new administration often does. They take a look at the budget submit their own, and they need guidance. The agencies need guidance in terms of what the priorities are as they build those budgets. So this interim guidance gives you a lot of additional things on which to spend money, cybersecurity being a very top one. There are also other emphases, you know, new technologies across the board, fighting the pandemic, fighting climate change, climate effects, etc. But I think the key thing that the guidance does not do is it doesn’t tell you what you’re going to reduce in order to find the funding to increase in those areas necessary. No question that contractors will play a key role in both helping the government identify the threats and in responding to those threats almost across all of those areas, but especially in cybersecurity. We’re interested to see what’s in the budget though, because only funds can turn into contracts.
Tom Temin: Sure. We’re speaking with David Berteau, President and CEO of the Professional Services Council. And the cybersecurity spending question is getting to be interesting because it is going up year after year. And yet in this latest attack again on Microsoft exchange directories, services, no amount of spending could have stopped that because there was an exploit that was discovered before Microsoft discovered it and they rushed to get out a patch so far as we can can tell, but how can you spend against that kind of wildcard type of event happening?
David Berteau: One of the things that I think we’ve actually learned from the pandemic, as well as some of the recent cyber attacks, is that our greatest vulnerabilities are with our oldest systems, our legacy systems that maybe patches are no longer issued and updates are no longer deployed. There was one other issue in the in the Covid bill that passed the Senate, which was authorizing up to a billion dollars for the modernization fund, TMF, which actually would help the government increase its pace of replacing legacy systems. We believe that probably the single most important thing you can do to increased cybersecurity both in the government and in the companies and in state and local is, in fact, update your systems have the most up to date system. Microsoft events that were described over the weekend, show that that’s not enough. But without that you have no prayer to get where you’re going. So we’re really looking forward to that focus. And I think it should be part of the administration’s new infrastructure bill. It’s not just infrastructure and roads and bridges across America, it’s infrastructure to manage the federal government and its contractors as well.
Tom Temin: Yeah, so not to shovel ready, but also screwdriver ready, I guess, you might say, your soldering iron ready but..
David Berteau: And code ready…
Tom Temin: And code ready. But with respect to that billion dollars authorized for TMF, I mean, agencies have not dived in to scoop up what they can get from the smaller TMF’s that have been happening year after year. Because to modernize, you have to have a target system designed and ready to go. And I don’t think a lot of agencies know what they’re to-be state really is.
David Berteau: If you look at the results from the previous administration, in the modernization fund, the one that was centrally managed by OMB, you’ll see it took a long time to identify targets. I think they were going slow. They wanted to make sure they got it right. So the Agriculture Department’s was the first one and it was fairly successful. But the real power inside the original legislation, the Modernizing Government Technology Act, was in letting agencies set up working capital funds that they didn’t need a central fund, they didn’t need central management, they could actually set up a fund that would where the original investment in the new technology would be replaced by the savings from canceling the legacy systems. One of the things you and I have watched over the years though, is you can put the new one in place, but it’s awfully difficult to get rid of the old one. And I think that’s one of the great challenges. I think the new administration can do a lot in terms of let’s actually kill the legacy systems, use the savings to fund the new modern.
Tom Temin: Well, it’s gonna be an exciting week. David Berteau is president and CEO of the Professional Services Council. As always, thanks so much.
David Berteau: You’re welcome, Tom and look forward to the end of this week and on into March and April.