DoD Issues Targeted Class Deviation Updating Recently Adopted Cybersecurity DFARS Clauses

Last week, on October 8th, DoD issued a class deviation replacing DFARS 252.204-7012 and 252.204-2008 with revised clauses that give covered contractors up to nine (9) months (from the date of contract award or modification incorporating the new clause(s)) to satisfy the requirement for “multifactor authentication for local and network access” found in Section 3.5.3 of National Institute of Standards and Technology (NIST) Special Publication 800-171, “Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations.”

We previously reported on the August 26th Department of Defense (DoD) interim rule that greatly expanded the obligations imposed on defense contractors for safeguarding “covered defense information” and for reporting cybersecurity incidents involving unclassified information systems that house such information. The interim rule, which went into effect immediately, requires non-cloud contractors to comply with several new requirements, including those in DFARS 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting” and DFARS 252.204-7008, “Compliance with Safeguarding Covered Defense Information Controls.”  While the class deviation is a welcomed development for contractors that may struggle to implement the NIST SP 800-171 requirements for multifactor authentication, the deviation: (1) requires contractors to notify the government if they need more time to satisfy those requirements, and (2) does not alter any other aspect of the August 26th interim rule. 

DFARS 252.204-7012 requires prime contractors and their subcontractors to employ “adequate security” measures to protect “covered defense information.” Specifically, contractors must adhere to the security requirements in the version of NIST SP 800-171 that is in effect “at the time the solicitation is issued or as authorized by the Contracting Officer,” or employ alternative security measures approved in writing by an authorized representative of the DOD Chief Information Officer. Special Publication 800-171 describes fourteen families of basic security requirements. As described in section 2.2 of 800-171, each of these fourteen families has “derived security requirements,” which provide added detail of the security controls required to protect government data. These basic requirements are based on FIPS Publication 200, which “provides the high level and fundamental security requirements” for government information systems. The derived requirements are taken from the security controls contained in NIST Publication 800-53, “Security and Privacy Controls for Federal Information Systems and Organizations.” Among those derived requirements is one for “multifactor authentication for local and network access.”

DoD contractors and subcontractors should be aware of what the class deviation does and does not change:

  1. Effective immediately, DoD contractors and subcontractors are required to comply with the clauses at DFARS 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting (DEVIATION 2016-O0001) (OCT 2015) and DFARS 252.204-7008, Compliance with Safeguarding Covered Defense Information Controls (DEVIATION 2016-O0001) (OCT 2015), in lieu of the clauses that were issued as part of the August 26th interim rule.
  2. Under the new clauses, DoD contractors (and subcontractors, through the prime contractor) may notify the contracting officer that they need up to 9 months (from the date of award or the date of a modification incorporating the new clauses) to comply with the requirements for “multifactor authentication for local and network access” in Section 3.5.3 of NIST SP 800-171.
  3. The revised clauses apply to all DoD contracts and subcontracts, including those for the acquisition of commercial items.
  4. The class deviation only impacts non-cloud contractor information systems that are not operated on behalf of the government (e.g., contractor internal systems).
  5. DoD contractors and subcontractors that cannot meet the specific requirements of NIST 800-171, including the requirements of Section 3.5.3, may still seek authorization from DoD to use “[a]lternative but equally effective security measures.”
  6. With the exception of the targeted changes to DFARS 252.204-7012 and DFARS 252.204-7008 (i.e., affording contractors up to 9 months to comply with Section 3.5.3 of NIST 800-171, provided they notify the contracting officer), all other requirements introduced by the August 26th interim rule remain in effect.
  7. Non-cloud contractor information systems that are operated on behalf of the government remain “subject to the security requirements specified [in their contracts].”
  8. The class deviation does not impact DoD cloud computing contracts, which remain subject to DFARS 252.239-7010, Cloud Computing Services.

Ensuring Compliance With the Revised DFARS Clauses and NIST SP 800-171 Section 3.5.3

During the solicitation phase of a procurement subject to the revised DFARS clauses, DoD contractors and subcontractors should engage technical experts to determine whether they would need additional time to satisfy the NIST requirements for multifactor authentication. If a contractor determines that additional time is needed, and is later awarded a contract subject to the new requirements, then the contractor should immediately notify the contracting officer in writing and should ensure that all subsequent communications with the government are adequately documented.

Upon providing such notice, contractors will have up to nine months (from the date of contract award or modification incorporating the revised clauses) to comply with Section 3.5.3 of NIST SP 800-171, which requires contractors to: “Use multifactor authentication for local and network access to privileged accounts and for network access to non-privileged accounts.” See NIST SP 800-171, Section 3.5.3 (emphasis added). Section 3.5.3 is a derived requirement of the basic security requirement in section 3.5 for identification and authentication. Section 3.5.3 of NIST SP 800-171 notes that:

  • “Multifactor authentication” requires two or more different factors to achieve authentication. Factors include: (i) something you know (e.g., password/PIN); (ii) something you have (e.g., cryptographic device, token); or (iii) something you are (e.g., biometric). The requirement for multifactor authentication does not require the use of a federal Personal Identification Verification (PIV) card or Department of Defense Common Access Card (CAC)-like solutions. Rather, “[a] variety of multifactor solutions (including those with replay resistance) using tokens and biometrics are commercially available. Such solutions may employ hard tokes (e.g., smartcards, key fobs, or dongles) or soft tokens to store user credentials. See id., n. 22.
  • “Local access” is any access to an information system by a user (or process acting on behalf of a user) communicating through a direct connection without the use of a network.

“Network access” is any access to an information system by a user (or a process acting on behalf of a user) communicating through a network (e.g., local area network, wide area network, Internet).

DOD Issues Interim Rule Addressing New Requirements for Cyber Incidents and Cloud Computing Services

On August 26, 2015, the Department of Defense (DoD) issued an interim rule that imposes expanded obligations on defense contractors and subcontractors with regard to the protection of “covered defense information” and the reporting of cyber incidents occurring on unclassified information systems that contain such information.  Nearly three years in the making, this interim rule replaces the DoD’s prior Unclassified Controlled Technical Information (“UCTI”) Rule, imposing new baseline security standards and expanding the information that is subject to safeguarding and can trigger the reporting requirements.  Additionally, the interim rule implements policies and procedures for safeguarding data and reporting cyber incidents when contracting for cloud computing services.

© 2015 Covington & Burling LLP

Switzerland Is the First Country to Lift Some Sanctions on Iran

Certain US sanctions on Iran may be lifted mid to late 2016 or even later.badge_button_switzerland_flag_800_2222

On August 13, Switzerland became the first country to formally lift certain sanctions on Iran, following the announcement of the Iran nuclear deal this past July. Switzerland is not a party to the Iran nuclear deal.

The Swiss Federal Council made the decision, which is a seven-member executive council that constitutes the federal government of Switzerland and serves as the Swiss collective head of government and state. This action nullifies a ban on precious metals transactions with Iranian governmental bodies and the requirement to report trade in Iranian petrochemical products to the Swiss government. It also eliminates an obligation to report to the Swiss government the transport of Iranian crude oil and petroleum products and certain rules on insurance and reinsurance policies linked to such transactions. In the financial sector, threshold values for reporting and licensing obligations in relation to money transfers from and to Iranian nationals were increased tenfold.

These Swiss measures had already been suspended since January 2014, but by lifting them on an apparently more formal or permanent basis, the Swiss government patently appears to be sending a far larger political message to sanctions compliance personnel. The Swiss government’s announcement stated, in part, the following:

Today’s decision by the Federal Council underlines its support for the ongoing process to implement the nuclear agreement, and its confidence in the constructive intentions of the negotiating parties. The Federal Council also wishes to signal that Switzerland’s positioning with respect to Iran, which was developed and maintained over a number of years, should be used to promote a broad political and economic exchange with Iran. In recent decades, Switzerland has pursued a consistent, neutral and balanced policy with regard to Iran . . . . Should implementation of the agreement fail, the Federal Council reserves the right to reintroduce the lifted measures.

It seems clear that the Swiss Federal Council is signaling that Switzerland is eager to resume normal business with Iran. Meanwhile, however, US Department of State spokesman Mark Toner said US sanctions continue to remain in place and penalties would still apply to any country or company that violates them. He told reporters that the United States wasn’t informed in advance of the Swiss move to drop its sanctions before Iran has taken the promised steps to curb its nuclear program and before the United States, European Union, and United Nations have removed their penalties.

It is also important to remember that for now, US secondary Iran sanctions will continue to remain in effect against foreign companies for probably the next 12 months or until the implementation day, no matter the consequence of this Swiss Federal Council action.

Moreover, “US Persons” are prohibited from entering into executory contracts for Iran-related transactions until US sanctions are lifted after implementation day. The US Department of State has recently suggested that that day may fall in summer or autumn of 2016, depending if and whether the International Atomic Energy Agency can certify that Iran has taken the required steps under the Iran nuclear deal.

“US persons” means US nationals, US permanent resident aliens (“Green Card holders”), entities incorporated in the United States, individuals or entities in the United States, or entities established or maintained outside the United States that are owned or controlled by a US person. For a US person to sign such an executory contract before implementation day would be a dealing in property or an interest in property involving Iran or a Specially Designated National, which is prohibited by current US regulations as applicable to US persons. The current Iran sanctions regulations expressly state that such executory contracts are property or an interest in property because they involve “contracts of any nature whatsoever, and any other property, real, personal, or mixed, tangible or intangible, or interest or interests therein, present, future, or contingent.”

On the other hand, it appears that non–US persons (as defined above) that have no US nexus (e.g., not incorporated in the United States or owned or controlled by a US person), that do not act in or through the United States or a US person and that otherwise are not generally subject to US jurisdiction may enter into executory contracts with Iran without risk of exposure of an Office of Foreign Assets Control (OFAC) enforcement case for so doing. Even in these cases, potential non–US person investors in Iran are well advised to seek clearance from the relevant regulators that these contracts do not violate United Nations, European Union, or other non–US sanctions.

At this time, it is unclear to what extent entities established or maintained outside the United States that are owned or controlled by a “US person” will be able to engage in trade with Iran after implementation day occurs. OFAC has indicated that it will resolve this question in due course, and at that time, it will issue appropriate guidance.

ARTICLE BY Louis Rothberg & Margaret M. Gatti of Morgan, Lewis & Bockius LLP
Copyright © 2015 by Morgan, Lewis & Bockius LLP. All Rights Reserved.

Negotiators Have Reached Deal with Iran – U.S. Persons Should Not Expect Quick Relief From Sanctions

On July 14, 2015, the five permanent members of the UN Security Council (China, France, Russia, the United Kingdom, and the United States) plus Germany (the “P5 + 1”) announced a Joint Comprehensive Plan of Action (JCPOA) with Iran intended to ensure that Iran’s nuclear program will be exclusively peaceful. The agreement builds on the JCPOA framework announced on April 2, 2015, and is intended to provide Iran with phased sanctions relief based on verification that Iran has implemented key nuclear commitments.

Under the JCPOA, Iran agrees to cap its uranium enrichment capability for 10 years and to accept international monitoring of its nuclear program. In exchange, the United States, European Union, and United Nations will relax sanctions on Iran in stages. Once international nuclear inspectors verify that Iran has implemented the agreed to nuclear-related restrictions, the United Nations will pass a new resolution that will terminate various resolutions currently in place. If, at any time, Iran is determined to be out of compliance with its obligations, those resolutions will “snapback” or be re-imposed against Iran. The EU further agreed to terminate its regulations implementing all nuclear-related economic and financial sanctions at the time the inspectors verify Iran is in compliance.

U.S. sanctions relief will initially be limited to the suspension of secondary sanctions that target the commercial activities of non-U.S. companies in key sectors of the Iranian economy, such as oil, gas and petrochemical industries, as well as companies in the shipping and shipbuilding and automotive sectors. In other words, the sanctions relief that was provided to non-U.S. persons earlier in the negotiations will continue. Eventually, these secondary sanctions may be eliminated (rather than suspended) but only if the International Atomic Energy Agency (IAEA) verifies that Iran has implemented key nuclear-related measures described in the JCPOA.

It is anticipated that the United Nations Security Council will endorse the Agreement over the new few days. The JCPOA and its commitments will come into effect 90 days after the Security Council’s endorsement, which will be known as “Adoption Day.” Beginning on Adoption Day, the P5+1 and Iran will prepare for implementation of the agreement, but no sanctions relief will be granted until inspectors have verified Iran is in compliance with its commitments.

What changes, if any, will be made in primary U.S. sanctions, such as the Iranian Transactions and Sanctions Regulations (ITSR), is less certain. Under the Iran Nuclear Review Act, passed into law in May 2015, the president must transmit the agreement to Congress, which then has 60 days to review it. During Congress’ review period, the president may not waive, suspend, reduce, or provide relief from statutory sanctions or refrain from applying existing sanctions. In other words, there will be no sanctions relief for U.S. persons in the immediate future. If, as some members of Congress have threatened, Congress issues a joint resolution of disapproval, which the president in turn has threatened to veto, there is another waiting period during which the president may take no action to reduce sanctions.

Thus, the status quo will likely continue for quite some time, and from the perspective of U.S. primary sanctions – those that apply to U.S. individuals and entities, as well as entities owned or controlled by U.S. persons – no changes are imminent.

©2015 Drinker Biddle & Reath LLP. All Rights Reserved

Twitter Terrorism: Criminals Choose the Hack Attack

In what appears to be yet another brazen demonstration of capability following an earlier hijack of government social media sites, a group calling itself the Syrian Electronic Army (SEA) recently hacked into the U.S. Army’s main news and public information website, positing its own message for website visitors: “Your commanders admit they are training the people they have sent you to die fighting.” In response, the Army was forced to shut down the site to implement additional security measures to protect its systems.

Earlier this year, two of the U.S. military’s Central Command social media websites on YouTube and Twitter were similarly attacked and compromised. There, organization profile images were replaced by those of ISIS supporters on the official Twitter page, and two ISIS propaganda videos were uploaded to the Central Command YouTube account. Over the past several years, SEA has initiated similar attacks on the Twitter accounts of the BBC, The New York Times, 60 Minutes and the Associated Press.

Business Concerns

While the U.S. government reported that none of the internal systems were compromised and that there was no loss of classified information, the attacks have certified the anxiety of many business leaders over the potential vulnerability of their own companies, and highlight the concerns regarding the lack of knowledge or ability to prevent such attacks. Recent surveys have confirmed that risks associated with social media, whether through external portal access or internal sabotage, are among the top concerns facing businesses in 2015.

Without question, social media has become a crucial advertising vehicle for thousands of businesses around the world. The number of Facebook, Twitter, LinkedIn and other social media users continues to grow at an exponential rate, allowing businesses access to many new customers and clients every day. The ability to maintain control over these new electronic profiles, however, has become increasingly difficult as the perpetrators become more skilled and the targets more prized. In one particularly publicized account in 2013, social media hackers changed the Twitter account name of a premiere fast-food company to that of its chief competitor and posted multiple offensive tweets. Thereafter, damage control was all that could be done.

Businesses in 2015 have become enthralled by virtually unlimited access to customers and business partners via online platforms. Unfortunately, many have focused on the potential profits arising from such undertakings without sufficient consideration for the problems that too frequently arise from the use of such platforms. Social media has become the soft underbelly of many growing businesses eager for success but unaware of its vulnerabilities. In addition to direct attacks, courthouses nationwide have been flooded by lawsuits tied to the use and regulation of social media sites. The governance of employee use of social media, ownership of content and retention of information gathered through social media are generating more litigation every day. While increased exposure may be the incentive, preventative medicine will likely prove integral to long-term success.

Such “preventative medicine” includes not only the appropriate policies and procedures on access to and use of social media, but also an understanding of the vulnerabilities created by using these online platforms.  Most importantly, organizations must train their employees on these issues. Defending itself from perils arising out of social media starts at the first line of defense – the user.

© 2015 Wilson Elser

Congress Scrutinizes Iran, as the Deadline for a Final Deal Approaches; Ceasefire Violations in Ukraine Continue; Congress to Hold Hearings on ISIL; The House is Expected to Turn to Trade Measures At Some Point in June

Vice President Mourns Death of Son

Late on Saturday, 30 May, the White House informed the public that Vice President Joseph Biden’s son, Joseph R. “Beau” Biden III , passed away after a two-year battle with brain cancer. He was 46 years old.

Iran

Despite media reports last week that yet another delay may be necessary, the State Department denied another extension may be needed beyond 30 June to conclude a final deal with Iran regarding its nuclear facilities. Under Secretary of State for Political Affairs Wendy Sherman, who leads the U.S. negotiators in the discussions with Iran, announced her resignation last Wednesday. She will continue to lead the U.S. negotiators in the discussions with Iran until a final deal is reached.

Secretary of State John Kerry is returning to Washington early, after concluding a round of talks with Iran and after breaking his leg during a bicycle ride over the weekend in Europe.

On Wednesday 3 June, the Senate Foreign Relations Committee is expected to hold a hearing titled, “Implications Of The Iran Nuclear Agreement For U.S. Policy In The Middle East.” The day before, the Committee will receive a closed briefing on Iran’s nuclear program.

On Tuesday, 2 June, the House Foreign Affairs Committee will hold a hearing titled, “Americans Detained In Iran.”

Russia/Ukraine Crisis

Last Thursday, the State Department criticized reports that the Russian government plans to classify military deaths during special operations in peacetime. Spokesperson Jeff Rathke alleged that the law is a misplaced effort to cover up Russian active duty military personnel fighting and dying in eastern Ukraine, and further serves as a blow to freedom of the press. The United States continues to urge Russia to fully implement the Minsk agreements, warning that otherwise “the costs will continue to rise.” While the media is reporting on a Russian military build-up along eastern Ukraine’s border, the State Department declined to confirm whether the Obama Administration believes that Russia is preparing for a new offensive against Ukraine.

On Wednesday, 27 May, Vice President Biden asserted that U.S. sanctions on Russia must and will remain in place until the Minsk agreements are fully implemented. He expressed hope that European leaders will renew the existing sanctions when they meet at the end of June until the Minsk agreements are fully implemented. He emphasized that in the interim, the United States will continue to expose the truth about Russia’s actions and will coordinate closely with its partners to ensure that further Russian aggression is met with further costs if Russia again moves beyond the line of contact.

Also last Wednesday, NATO Secretary General Jens Stoltenberg said that he was deeply troubled by Russia’s escalating rhetoric about its nuclear weapons, as well as increased flights by its nuclear-capable bombers. The Secretary General said that if Russia places nuclear weapons in Kaliningrad, near Poland, or in Crimea, the balance of security in Europe would fundamentally change. President Barack Obama met with Secretary General Stoltenberg last Tuesday and discussed Russia’s increasingly aggressive posture in eastern Ukraine, among other topics.

FIFA

One day after Senators Robert Menendez (D-New Jersey) and John McCain (R-Arizona) sent a letter to the International Federation of Association Football (“FIFA”) Congress encouraging the international soccer governing body reconsider granting a fifth term to President Sepp Blatter, Swiss law enforcement agents arrested top FIFA authorities last week in connection with a U.S. Department of Justice investigation. Nine FIFA officials and several corporate executives have been indicted in New York on charges involving a racketeering conspiracy, as well as wire fraud and money laundering. Much of the attention is focused on Qatar being named host of the 2022 World Cup, but Senators Menendez and McCain were critical of Mr. Blatter for his support of Russia’s successful bid for the event in 2018.

Last Thursday, State Department Spokesperson Rathke denied that a recent U.S. Department of Justice investigation against FIFA leadership is an attempt by the US to influence the organization’s internal processes, including its selection of Russia as host of the 2018 World Cup. He emphasized that the investigation and its associated indictments are focused on addressing corruption allegations within the organization. While more arrests are expected, Mr. Blatter was re-elected – reportedly without U.S. support – on Friday.

Syria/Iraq Crisis

The U.S. military has started training Syrian opposition fighters in Turkey to combat ISIL, an expected expansion of the program first launched in Jordan several weeks ago.  Secretary Kerry is expected to join by teleconference a meeting in Paris this Tuesday of Foreign Ministers who are part of the coalition against ISIL.

On Wednesday, 3 June, the House Foreign Affairs Subcommittee on the Middle East will hold a hearing titled, “U.S. Policy Towards ISIL After Terror Group Seizes Ramadi and Palmyra.”

On Tuesday, 2 June, the House Foreign Affairs Terrorism Subcommittee will hold a hearing to review the State Department’s Counterterrorism Bureau.

Africa

On Thursday, 4 June, the Senate Foreign Relations Subcommittee on Africa will hold a hearing entitled, “Security Assistance in Africa.”

On Wednesday, 3 June, the House Foreign Affairs Africa Subcommittee will hold a hearing titled, “The Future of U.S.-Zimbabwe Relations.”

South China Sea

At the International Institute for Strategic Studies Summit in Singapore over the weekend, Secretary of Defense Ashton Carter said about China’s activities in the South China Sea:

“Turning an underwater rock into an airfield simply does not afford the rights of sovereignty or permit restrictions on international air or maritime transit.”

House June Agenda – Trade Measures Ahead

House Majority Leader Kevin McCarthy (R-California) released a Memorandum last Friday outlining his chamber’s June agenda. While the agenda does not definitively state when, the House is expected to consider: (1) Trade Promotion Authority (TPA); (2) Trade Adjustment Assistance (TAA); (3) a trade preferences measure (AGOA/GSP/Haiti program); and (4) a customs measure.

House Majority Leader McCarthy notes in the “Additional Items” section of the Memorandum:

“To preserve American interests abroad, grow our economy, and increase commerce, the House will likely consider H.R. 1314, The Trade Priorities and Accountability Act of 2015 (as amended by the Senate), which reauthorizes Trade Promotion Authority (TPA) and strengthens Congress’ role in trade policy. When TPA is considered, the House will also consider the Trade Preferences Extension Act of 2015 and the Trade Facilitation and Trade Enforcement Act of 2015.” (Emphasis added).

Customs Measure

In a letter dated 22 May to Senate Finance Committee Chairman Orrin Hatch (R-Utah) and Ranking Member Ron Wyden (D-Oregon), House Ways and Means Committee Chairman Paul Ryan (R-Wisconsin) said he intends to include four amendments in the House version of a customs and enforcement bill (H.R. 1907) that failed to advance in the Senate’s version of the TPA bill. These changes include:

  1. Trade remedy law changes championed by Senators Sherrod Brown (D-Ohio) and Rob Portman (R-Ohio), currently pending in the House as H.R. 2523.

  2. Compromise language on human trafficking originally offered by Senator Robert Menendez (D-New Jersey).

  3. An immigration-related amendment originally offered by Senators Ted Cruz (R-Texas) and Hatch.

  4. An amendment championed by Senator Dan Sullivan (R-Alaska) that would create a principal negotiating objective regarding opportunities for U.S. exports in fish, seafood and shellfish.

Despite an International Monetary Fund assessment that China’s currency is no longer undervalued, some argue a provision to address foreign currency manipulation is still needed.

Trans-Pacific Partnership

Chief negotiators of the Trans-Pacific Partnership (TPP) continued negotiations in Guam last week, though a lack of TPA remains a significant obstacle to concluding some of the agreement’s more complex chapters. Meanwhile, Assistant Secretary of State for East Asian and Pacific Affairs Daniel Russell said on 27 May that the United States welcomes the Republic of Korea’s interest in joining the TPP in the future. On 26 May, the White House announced that President Barack Obama would welcome Korean President Park Geun-hye to the White House on 16 June.

Transatlantic Trade & Investment Partnership

Last Thursday, the European Parliament’s International Trade Committee passed a non-binding resolution that endorsed inclusion of an investor-state dispute settlement (ISDS) mechanism in the Transatlantic Trade & Investment Partnership (TTIP) agreement and also called on the United States to adopt higher labor standards.

Cuba

Last Friday, the Obama Administration formally removed Cuba’s designation as a state sponsor of terrorism. State Department Spokesperson Rathke said,

“The rescission of Cuba’s designation as a State Sponsor of Terrorism reflects our assessment that Cuba meets the statutory criteria for rescission.”

Cuba has been on the list for nearly 30 years.

2015 Climate Investment Reports Released

Last Friday, the State Department began a staggered released of its 2015 Investment Climate Statements. These reports cover more than 175 foreign markets and provide country-specific information and assessments on investment-related laws and other pertinent factors for doing business abroad. U.S. embassies and consulates prepared the statements to assist U.S. companies with making informed decisions regarding investment in foreign markets.

Looking Ahead

Washington will likely focus on the following upcoming matters:

  • 7-8 June: G-7 Summit in Schloss Elmau, Germany

  • 16 June: President Obama will host President Park Geun-hye of the Republic of Korea

  • 24-24 June: NATO Defense Ministerial in Brussels

  • 30 June: US Export-Import Bank charter expires

  • 30 June: P5+1 Talks with Iran deadline to reach a deal

  • 13 July: President Obama to host Conference on Aging

  • [TBD] July: President Obama to travel to Kenya attend the Global Entrepreneurship Summit

  • 15 September: 70th Session of the UN General Assembly (UNGA) opens in New York City

  • 24 September: Pope Francis to address Congress and meet with President Obama

  • 28 September: General debate of the UNGA begins

Department of Defense Moves Forward with Stricter Sourcing Requirements for Photovoltaic Devices

Earlier this week, the Department of Defense (“DoD”) issued a proposed rule to revise (and make stricter) the unique sourcing requirements applicable to certain photovoltaic devices that are used in the performance of DoD contracts.  Specifically, unless an exception under the Trade Agreements Act applies or a contractor secures a waiver based on public interest or unreasonable cost, the proposed rule would require photovoltaic devices provided under a covered contract to be both manufactured in the United States and made “substantially all” from components or materials that are also mined, produced, or manufactured in the United States.  DoD contracts covered by the proposed rule involve the provision of photovoltaic devices that are—within the United States—either (i) installed on DoD property or in a DoD facility or (ii) reserved for the DoD’s exclusive use for their full economic life.  Although the proposed rule does not apply to contracts under which the DoD directly acquires photovoltaic devices as end products, it does extend to energy savings performance contracts and power purchase agreements under which the DoD effectively acquires electricity produced by photovoltaic devices that are installed and managed by contractors.  As we have previously discussed, these contracts represent significant opportunities, especially given the DoD’s continued focus on securing sources of renewable energy.

The proposed rule implements new sourcing requirements set forth in the National Defense Authorization Act for Fiscal Year 2015, which overlap with existing requirements established in the National Defense Authorization Act for Fiscal Year 2011 that are contained largely in DFARS 252.225-7017.  Although the new requirements are largely consistent with existing requirements, which make the Buy American Act applicable to photovoltaic devices provided under similar contracts, the new requirements contain key differences that may complicate existing supply chains.  Importantly, the DoD has interpreted the new requirements to foreclose existing exceptions and waivers on which contractors may currently rely to provide photovoltaic devices that are manufactured outside the United States or made from foreign components.  In addition, whereas existing requirements apply only when both the DoD has reserved the exclusive use of a photovoltaic device and the device is to be installed on DoD property or in a DoD facility, the new requirements apply when either condition is satisfied.  As a result, a number of contracts will suddenly be subject to new sourcing requirements under the proposed rule, including contracts under which the DoD does not have an exclusive right to power generated from a photovoltaic device installed on DoD property or in a DoD facility, such as when a contractor is authorized to export power produced by such a device to a commercial grid, as well as contracts which have a term that is less than the full economic life of such a device.

The proposed rule mirrors existing requirements in that the primary effect of the current application of the Buy American Act to covered photovoltaic devices is to require contractors to ensure that the devices are manufactured in the United States.  Although existing requirements also technically require covered photovoltaic devices to be made “substantially all” from components or materials that are mined, produced, or manufactured in the United States, this requirement has been waived under existing regulations, as described below.  The proposed rule also mirrors existing requirements in that it recognizes a significant exception to contractors’ obligation to ensure that covered photovoltaic devices are manufactured in the United States by making the proposed rule’s application subject to the Trade Agreements Act, which provides an exemption from the Buy American Act’s requirements under contracts valued above certain dollar thresholds and requires contractors to provide photovoltaic devices that are “substantially transformed” in an authorized country, such as Canada, the United Kingdom, or Italy.  The application of the “substantial transformation” test under the Trade Agreements Act dramatically increases the number of available sources of supply as it focuses on the point at which a photovoltaic device is transformed into a new and difference article of commerce rather than the origin of its components or its final point of assembly.  Thus, under both the proposed rule and existing requirements, without considering other limitations on imports, a contractor could provide a photovoltaic device that is substantially transformed in an authorized country—such as the United Kingdom—from components manufactured in an otherwise unauthorized country—such as Malaysia.  DoD’s previous clarification that the relevant test focuses on the final place of substantial transformation remains unaffected by the proposed rule.

However, because the National Defense Authorization Act for Fiscal Year 2015 merely imposes key obligations from the Buy American Act and, unlike existing requirements, does not make the Buy American Act directly applicable to covered contracts, the proposed rule does not recognize other exceptions that currently apply to existing requirements.   In particular, the proposed rule does not recognize the waiver of the Buy American Act for components of commercially available off-the-shelf items, which the DoD has interpreted to apply to components of all photovoltaic devices covered by existing requirements.  Thus, in circumstances in which the Trade Agreements Act does not apply, contractors will be forced to trace the origin of the components of each photovoltaic device to ensure that “substantially all” of the components—which has been interpreted to mean more than fifty percent of component costs—have been manufactured in the United States.

More importantly, as the Trade Agreements Act will likely apply to the majority of covered contracts given the relatively high value of energy savings performance contracts and power purchase agreements, the proposed rule does not recognize general exceptions to the Buy American Act for (i) photovoltaic devices manufactured in other countries with which the United States has reciprocal defense procurement agreements, such as Turkey and Egypt, (ii) other foreign photovoltaic devices that are available at a cost that is less than the cost of domestic photovoltaic devices after a fifty percent adjustment to the foreign devices’ cost, and (iii) photovoltaic devices that are substantially transformed in the United States but potentially assembled in another country or made with foreign components in circumstances in which the Trade Agreements Act applies.  Although the proposed rule provides the DoD with authority to effectively implement these exceptions on a case-by-case basis, contractors will need to be cognizant of the circumstances in which a waiver can be requested and ensure that they actively pursue waivers when required.

The proposed rule will likely have a minimal impact on contractors that source photovoltaic devices through relatively uncomplicated supply chains that involve countries covered by the Trade Agreements Act.  However, contractors that have supply chains that source items from other countries or rely on existing exceptions to the Buy American Act should consider the impact of the proposed rule on their existing practices, especially considering complications that can arise in determining the origin of photovoltaic devices that include wafers, cells, and modules manufactured or assembled in different countries.

© 2015 Covington & Burling LLP

ISIS’s Destruction of Antiquities and Ancient Sites

Greenberg Traurig

Iconoclasm and Looting

The recent destruction of sculptures and other objects in the Mosul Museum, as well as the ancient cities and archaeological sites of NimrudHatra, and Dur Sharrukin[1] by the Islamic State of Iraq and Syria (ISIS), sometimes also referred to as the IslamicState of Iraq and the Levant (ISIL), has been widely condemned.[2] Many have identified the motivation behind the destruction as an ideology-driven iconoclasm.  [UNESCO Director-General, Irina Bokova, condemned the destruction, noting that “the attack was in direct violation to the most recent Security Council resolution 2199 that condemns the destruction of cultural heritage and adopts legally-binding measures to counter illicit trafficking of antiquities and cultural objects from Iraq and Syria.” See Iraq: UNESCO Outraged over Terrorist Attack against Mosul Museum,” UN News Centre, Feb. 26, 2015. To view a video of the destruction at the museum, see Ben Wedeman and Dana Ford, “Video Shows ISIS Militants Destroying Antiquities in Iraq,” CNN, Feb. 27, 2015. See also Kareen Shaheen, “Isis fighters destroy ancient artefacts at Mosul museum,” The Guardian, Feb. 26, 2015.]

Iconoclasm and looting

Art historian Simon Schama, placing ISIS’s actions in the context of many other historical iconoclasms, observed that:

[t]he obliterators . . . act from the same instinct of cultural panic that the supreme works of the past will lead people astray from blind, absolute obedience.  Neither beauty nor history have the least interest for them because they live in and force others to inhabit a universe of timeless subjection.  The mere notion that the achievements of humanity might rise to the level of sublimity is itself a sacrilegious affront.  In a way this is a backhanded compliment to the power of images. And yet when this puerile and fearful instinct leads to irreversible acts of annihilation, it is not only their own immediate culture that is the victim but the entirety of humanity, which loses a piece of its memory as surely as if a slice of our collective brain had been removed by a mad lobotomist. [Simon Schama, “Artefacts under Attack,” The Financial Times, Mar. 13, 2015.]

The Taliban’s demolition of the Bamiyan Buddhas in March 2001 exemplifies this “cultural cleansing,” but it also shows how changeable iconoclasts’ views can be.  In 1999, shortly after the Taliban assumed power in Afghanistan, the Taliban Minister of Culture “spoke about the respect due to pre-Islamic antiquities and also mentioned the risk of retaliation against mosques in Buddhist countries. . . . He made clear that, though there were no Buddhist believers in Afghanistan, ‘Bamiyan would not be destroyed but, on the contrary, protected.’” [Pierre Centlivres, “The Death of the Bamiyan Buddhas,” Middle East Institute website, Dec. 2009.]  However, on February 26, 2001, Taliban leader Mullah Muhammad Omar “issued a decree ordering the elimination of all non-Islamic statues and sanctuaries in Afghanistan.” [Id.] Within weeks, the buddhas had been destroyed.

Similarly, in 2012, the Al-Qaeda-related Islamic group Ansar Dine engaged in widespread ideologically-driven destruction of mosques, monuments, and manuscripts in Timbuktu, Mali [Federico Lenzerini, “The Role of International and Mixed Criminal Courts in the Enforcement of International Norms Concerning the Protection of Cultural Heritage,” in Francesco]. “Timbuktu’s ancient mosques and monuments,” observers noted, “built of mud and limestone bricks, [had] endured centuries [until Ansar Dine] swept across Mali’s north. . . . Intolerant of the city’s mystical Sufi traditions, they banned music, and took hoes, pickaxes and bulldozers to the shrines where saints were buried, and which they considered idolatrous.  16 mausoleums were destroyed, including two that sat alongside the vast 14th-century Djingareyber mosque.” In the case of the monuments of Timbuktu, the destruction of the buildings was itself not enough.  Complete elimination – including making it impossible for the monuments to be rebuilt with the same materials — was the goal.  After the monuments were destroyed, Ansar Dine “carried the clay obtained from the monuments outside the city . . . to prevent them from being rebuilt with the same clay in the future.” [Lenzerini, at 61.]

The ravages of recent weeks are only the latest examples of ISIS’s targeting of cultural heritage, erasing cultural sites and symbols they find offensive to their worldview or to establish a “pure” narrative of their own preeminence.  In July 2014, ISIS destroyed the 14th-century mosque that housed the Tomb of Jonah. [See Mark Movesian, “Why Did ISIS Destroy the Tomb of Jonah?” First Things, July 28, 2014; see also “Video Shows Islamic State Blowing Up Iraq’s Tomb of Jonah,” NPR, July 25, 2014.]

However, iconoclasm and “cultural cleansing” do not appear to be ISIS’s sole purpose in destroying ancient sites.  While ISIS declares that “ancient art [is] idolatry that must be destroyed,” reports indicate that the destruction of that ancient art is part of a looting scheme that monetizes that ancient art to fund ISIS’s activities.  “[T]he archaeological devastation is not about ideology,” David Kohn hasreported, “but income. . . . [ISIS] often brings in contractors who use bulldozers to dig up sites as efficiently as possible.”  Louise Shelley, writing in the current special issue of Foreign Affairs, describes the sources of ISIS’s funding, including the sale of oil, but also “the sale of counterfeit cigarettes, pharmaceuticals, cell phones, antiquities, and foreign passports.” [Louise Shelley, “Blood Money: How ISIS Makes Bank,” Foreign Affairs, Mar. 2015.]

War Crimes

United Nations Secretary General Ban Ki-moon condemned the destruction, designating the actions as “war crimes,” and issuing a statement calling on the international community “to swiftly put a stop to such heinous terrorist activity and to counter the illicit traffic in cultural artefacts.” [Kareem Shaheen, “Isis attacks on ancient sites erasing history of humanity, says Iraq,” The Guardian, Mar. 9, 2015.] UNESCO Director-General Irina Bokova likewise issued a statement after the destruction of Nimrud stating that she had “alerted the president of the Security Council as well as the Prosecutor of the International Criminal Court” concerning the unlawfulness of the destruction under international law.

International law protects cultural heritage from destruction and plunder during armed conflict (both international and internal) through a variety of instruments. Many of these instruments impose obligations on countries, not individuals, setting out the rules of war. [ Lenzerini, at 41-42.]  These instruments include Convention (IV) Respecting the Laws and Customs of War on Land of 1907,[3] the 1954 Hague Convention for the Protection of Cultural Property in the Event of Armed Conflict (which imposes not only obligations to safeguard cultural heritage during international/cross-border conflicts, but also, importantly, during internal conflicts), the two 1977 Protocols to the Geneva Conventions on Humanitarian Law of 1949,[4] the Second Protocol to the 1954 Hague Convention,[5] and the 2003 UNESCO Declaration on the Intentional Destruction of Cultural Heritage.[6] Individual criminal liability for the destruction of cultural heritage was slower to develop, but is embodied in the statutes of the International Criminal Tribunal for the Former Yugoslavia and the International Criminal Court (ICC), which, like the 1954 Hague Convention, imposes criminal liability not only for actions taken during international conflicts, but also during internal conflicts. [7]

In the case of individual criminal responsibility for ISIS militants for the destruction in Mosul, Nimrud, and elsewhere, an initial obstacle lies in neither Iraq nor Syria being party to the Rome Statute.  However, while the ICC’s jurisdiction is limited, states may accept the court’s jurisdiction for a particular case.  Even in the absence such state acceptance, the ICC has jurisdiction in cases in which the Security Council refers the matter to the prosecutor.  Either option, however, faces steep political obstacles.

Challenges to enforcement do not reduce the importance of establishing and maintaining the international legal norms that have developed in this area. Resolutions and declarations by the United Nations and the international community’s condemnation of these acts of destruction carry significance in themselves, even though they do not halt the acts themselves.  It is also important to recognize that treaty-based legal protections for cultural heritage not only have deep roots in the norms of customary international law, but they also contribute to the articulation and development of those customary international law norms, which have an independent legal validity in international law. [Francesco Francioni and Federico Lenzerini, “The Destruction of the Buddhas of Bamiyan and International Law,” 14 EJIL 619, 634 (2003).]

Still, as Simon Schama notes:

 the wringing of hands over this loss to humanity will have no effect on those for whom it is as nothing compared with the claims of divinity.  It is understandable that, when asked on BBC Radio 4 if he would countenance military intervention to save Nimrud, the Assyriologist John E. Curtis answered in the affirmative.  But a Unesco strike squad belongs, alas, to comic book dreams.  Even before its planes could be fueled, the bulldozer boys will be congratulating themselves on having reduced masterpieces to rubble and dust. [Simon Schama, “Artefacts under Attack,” The Financial Times, Mar. 13, 2015.]

ARTICLE BY


[1] Kareem Shaheen, “Isis Ransacking of Ancient Assyrian City Confirmed by Iraq’s Head of Antiquities,” The Guardian, Mar. 12, 2015. (“[Dur-Sharrukin’s] city walls were razed, and some elements of the temples, but we don’t know the exact extent [of the damage],” Iraq’s director of antiquities, Qais Rasheed, told Reuters. “Looting took place, and then the razing.”); Anne Barnard, “Race in Iraq and Syria to Record and Shield Art Falling to ISIS,” The New York Times, Mar. 8, 2015. (“In just a few days last week, [ISIS] destroyed parts of two of northern Iraq’s most prized ancient cities, Nimrud and Hatra. On Sunday, residents said militants destroyed parts of Dur Sharrukin, a 2,800-year-old Assyrian site near the village of Khorsabad.”).

[2] UNESCO Director-General, Irina Bokova (“The destruction of Hatra marks a turning point in the appalling strategy of cultural cleansing under way in Iraq.”)(“Islamic State ‘Demolishes’ Ancient Hatra Site in Iraq,” BBC, Mar. 7, 2015; Thomas P. Campbell, Director of the Metropolitan Museum of Art (“It’s the erasure of human identity, and nothing less than cultural cleansing.”)(Kia Makarechi, “At Persian New Year Gala, Met Museum C.E.O. Condemns ISIS’s “Sickening” Destruction of Antiquities,” Vanity Fair, Mar. 13, 2015. See also Graham Bowley and Robert Mackey, “Destruction of Antiquities by ISIS Militants is Denounced,” The New York Times, Feb. 27, 2015; Sturt Manning, “Why ISIS Destroys Antiquities,” CNN, Mar. 9, 2015; Zack Beauchamp, “ISIS’s War on History: 11 Cultural Treasures Lost Forever to the Group and Its Predecessors,” Vox.com, Mar. 11, 2015.

[3] Convention (IV) Respecting the Laws and Customs of War on Land and Its Annex: Regulations Concerning the Laws and Customs of War on Land, The Hague, 18 Oct. 1907. (The Regulations annexed to the Convention state: “In sieges and bombardments all necessary steps must be taken to spare, as far as possible, buildings dedicated to religion, art, science, or charitable purposes, historic monuments, hospitals, and places where the sick and wounded are collected, provided they are not being used at the time for military purposes.  It is the duty of the besieged to indicate the presence of such buildings or places by distinctive and visible signs, which shall be notified to the enemy beforehand.”).

[4] Protocol Additional to the Geneva Conventions of 12 August 1949, and Relating to the Protection of Victims of International Armed Conflicts (Protocol I), 1125 UNTS 5 (Article 53 provides:  “Without prejudice to the provisions of the Hague Convention for the Protection of Cultural Property in the Event of Armed Conflict of 14 May 1954, and of other relevant international instruments, it is prohibited: (a) to commit any acts of hostility directed against the historic monuments, works of art or places of worship which constitute the cultural or spiritual heritage of peoples; (b) to use such objects in support of the military effort; (c) to make such objects the object of reprisals.”); and Protocol Additional to the Geneva Conventions of 12 August 1949, and Relating to the Protection of Victims of Non-International Armed Conflicts (Protocol II), 1125 UNTS 609 (Article 16 provides: “it is prohibited to commit any acts of hostility directed against historic monuments, works of art or places of worship which constitute the cultural or spiritual heritage of peoples, and to use them in support of the military effort.”).

[5] Second Protocol to the Hague Convention of 1954 for the Protection of Cultural Property in the Event of Armed Conflict, 1999, 2253 UNTS 172.

[6] Article VII, in proclaiming the principle of individual criminal responsibility for acts of destruction of cultural heritage, affirms: “States should take all appropriate measures, in accordance with international law, to establish jurisdiction over, and provide effective criminal sanctions against, those persons who commit, or order to be committed, acts of intentional destruction of cultural heritage of great importance for humanity, whether or not it is inscribed on a list maintained by UNESCO or another international organization.”).

[7] UN General Assembly, Rome Statute of the International Criminal Court (last amended 2010), 17 July 1998, ISBN No. 92-9227-227-6. (Article 8(2)(b)(IX) provides that the term ‘war crimes’ includes “Intentionally directing attacks against buildings dedicated to religion, education, art, science or charitable purposes, historic monuments, hospitals and places where the sick and wounded are collected, provided they are not military objectives.”  Article 8(2)(e)(IV) imposes a corresponding liability during internal conflicts, stating that war crimes includes, in conflicts not of an international character, “Intentionally directing attacks against buildings dedicated to religion, education, art, science or charitable purposes, historic monuments, hospitals and places where the sick and wounded are collected, provided they are not military objectives.”).

©2015 Greenberg Traurig, LLP. All rights reserved.

Senator McCain Renews Focus on Ending Cost-Plus Contracts

Covington_NL

A longtime and well-known proponent of defense acquisition reform, Senator John McCain assumed the chairmanship of the U.S. Senate Armed Services Committee (“SASC”) on January 6.  Sen. McCain has been particularly outspoken concerning cost overruns on major systems procurement projects.  He has characterized the “cost-plus” contract structure as among the key causes of these overruns, and has described implementing a ban on “cost-plus” contracts as among his top three priorities for the 114th Congress (along with countering cyber-threats and addressing sequestration).

Sen. McCain’s antipathy toward cost-plus contracts is nothing new:  during the 2008 presidential campaign, he made waves in the contracting community by declaring during a debate with then-Senator Barack Obama that “particularly in defense spending, which is the largest part of our appropriations – we have to do away with cost-plus contracts.  We now have defense systems [in which] the costs are completely out of control. So we need to have fixed-cost contracts.”

Sen. McCain renewed his criticism of cost-plus contracts in a recent public appearance:  “I’m continuing to try to ban them [a]ll. . . If you don’t ban them, here’s what happens:   [contractors] come in with a lowball contract, so they can get the contract, and then . . . the costs mount.”  By way of analogy, the veteran lawmaker highlighted the faulty incentives he believes are created by such an arrangement:  “If you had a roof that leaked would you ask a guy to come and fix it with a cost-plus contract?!”

At the time of Sen. McCain’s 2008 high-profile criticism of cost-plus contracts, many experts in the contracting community expressed skepticism that an outright ban was desirable or even possible.  They posited, for example, that cost-plus contracts can be the best tool for the job in certain circumstances, such as high-risk research and development projects where the requirements (and thus the expected costs) are ill-defined.  A prominent contracting official even contended, as summed up by one think tank’s analysis of the issue, that “contractors would simply not bid on high-risk endeavors . . . if they were operated under fixed-priced contract structures.”

While the merits of cost-plus contracts remain a subject of vigorous debate, the Arizona senator’s SASC chairmanship and his party’s control of the Senate better position him to pursue this issue in 2015.  In addition, other key stakeholders appear favorably disposed toward defense acquisition reform.  Representative William “Mac” Thornberry, the new chairman of the U.S. House Armed Services Committee, has been studying the issue and collaborating with industry on recommendations.  Additionally, Ashton Carter, President Obama’s pending nominee to be the next Secretary of Defense, is a former chief acquisitions official at the Pentagon and a proponent of reform.

Acquisition reform figures to play a prominent role in Carter’s upcoming confirmation hearing, although the most likely forum for a specific proposal on cost-plus contracts is the FY2016 National Defense Authorization Act (“NDAA”).  One factor to watch as the NDAA process gets underway is whether Sen. McCain is able to build bipartisan support in Congress – and identify key allies across the aisle, and across the Hill – for the reform or elimination of cost-plus contracts.  Outgoing SASC Chairman Carl Levin, who co-authored a symposium-style report on defense acquisition reform with Sen. McCain in October 2014, has retired from Congress.  Also recently departed from the Hill is Representative Henry Waxman, whose proposal to require agencies to minimize cost-plus contracts passed the House in 2008.

It thus remains uncertain how Sen. McCain plans to realize his vision of ending cost-plus defense contracting.  However, given the emphasis that the new SASC chairman has consistently placed on the issue, cost-plus contracts will likely remain a prominent topic within the broader and seemingly dynamic context of acquisition reform in the 114th Congress.

ARTICLE BY

Veteran's Day: In Flanders Field . . .

Allen Matkins Law Firm

Today is Veterans Day.  The date commemorates the ending of the First World War on November 11, 1918 at 11:00 a.m.  The following year, President Woodrow Wilson proclaimed the first “Armistice Day”, as it was then known:

“To us in America, the reflections of Armistice Day will be filled with solemn pride in the heroism of those who died in the country’s service and with gratitude for the victory, both because of the thing from which it has freed us and because of the opportunity it has given America to show her sympathy with peace and justice in the councils of the nations.”

A custom arose among allies of wearing poppies in remembrance of the soldiers who were killed in the Great War.  Why poppies? The association was inspired by a very popular poem written by Canadian Lieutenant Colonel John McCrae. The poem opens with these lines:

In Flanders fields, the poppies blow
Between the crosses, row on row,

John McCrae did not live to see the end of the war. He died of an illness in France in 1918.

It has been 100 years since the start of the First World War in July 1914.  The United States did not declare war until April, 1917.  England is commemorating the centennial by installing 888,246 brilliant red ceramic poppies in the moat of the Tower of London.  The BBC has published these stunning pictures.

More than 4 million American soldiers served in the American Expeditionary Forces during World War I.  The last of these Doughboys, Corporal Frank Buckles, died in 2011 at the age 0f 110.

California is currently home to 1,851,570 veterans, including 1,387,510 who are wartime veterans.

Today is Veterans Day.  Let’s all remember and honor the service of the men and women who have served our country.

ARTICLE BY

Keith Paul Bishop

OF

Allen Matkins Leck Gamble Mallory & Natsis LLP