Skip to content
Photo of Michael Wagner

Mike Wagner helps government contractors navigate high-stakes enforcement matters and complex regulatory regimes.

Combining deep regulatory knowledge with extensive investigations experience, Mr. Wagner works closely with contractors across a range of industries to achieve the efficient resolution of regulatory enforcement actions and government investigations, including False Claims Act cases. He has particular expertise representing individuals and companies in suspension and debarment proceedings, and he has successfully resolved numerous such matters at both the agency and district court level. He also routinely conducts internal investigations of potential compliance issues and advises clients on voluntary and mandatory disclosures to federal agencies.

In his contract disputes and advisory work, Mr. Wagner helps government contractors resolve complex issues arising at all stages of the public procurement process. As lead counsel, he has successfully litigated disputes at the Armed Services Board of Contract Appeals, and he regularly assists contractors in preparing and pursuing contract claims. In his counseling practice, Mr. Wagner advises clients on best practices for managing a host of compliance obligations, including domestic sourcing requirements under the Buy American Act and Trade Agreements Act, safeguarding and reporting requirements under cybersecurity regulations, and pricing obligations under the GSA Schedules program. And he routinely assists contractors in navigating issues and disputes that arise during negotiations over teaming agreements and subcontracts.

On August 25, 2022, President Biden announced a new Executive Order (“EO”) addressing the Implementation of the CHIPS Act of 2022 (“CHIPS Act”).  The CHIPS Act was signed by President Biden on August 9, 2022, and, among other things, authorizes $39 billion in funding for new projects to establish semiconductor production facilities within the United

On August 9, 2022, President Biden signed into law the CHIPS and Science Act—a massive, $280 billion bill to boost public and private sector investments in critical and emerging technologies.

We anticipate significant opportunities and an evolving regulatory landscape for companies, associations, universities, and others who work in various technology sectors, including:

  • High performance computing, semiconductors, and advanced computer hardware/software
  • Advanced communications technology and immersive technology
  • Advanced energy and industrial efficiency technology (including batteries, nuclear)
  • Advanced materials science (including composites 2D and next-generation materials)
  • Artificial intelligence, machine learning, autonomy, and related advances
  • Quantum information science and technology
  • Biotechnology, medical technology, genomics, and synthetic biology
  • Data storage/management, distributed ledgers, and cybersecurity (including biometrics)
  • Natural and anthropogenic disaster prevention or mitigation
  • Robotics, automation, and advanced manufacturing

Below is an overview of the legislation and the funding and tax credit opportunities it provides for entities that participate in the research, development, production, education, or transfer of critical and emerging technologies, especially semiconductor manufacturing and research and open-RAN technology.

Overview

Headlining the bill are $54 billion in appropriations to fund the Creating Helpful Incentives to Produce Semiconductors (“CHIPS”) for America Act, which was authorized in 2021. The bill also includes $1.5 billion in appropriations for a wireless supply chain innovation fund under the Utilizing Strategic Allied Telecommunications Act, which was similarly authorized in 2021. Across these two sets of appropriations, over $40 billion are allocated for direct financial assistance in the form of competitive grants for which private companies will be able to apply. The law also authorizes over $200 billion in new programs across the federal government, paving the way for additional grants, public-private partnerships, and technology transfer opportunities.

Continue Reading Significant Funding and Tax Credit Opportunities in the CHIPS and Science Act

This is the tenth in a series of Covington blogs on implementation of Executive Order 14028, “Improving the Nation’s Cybersecurity,” issued by President Biden on May 12, 2021 (the “Cyber EO”).  The first blog summarized the Cyber EO’s key provisions and timelines, and the secondthirdfourthfifthsixthseventheighth, and ninth blogs described the actions taken by various Government agencies to implement the EO from June 2021 through January 2022, respectively.

This blog summarizes key actions taken to implement the Cyber EO during February 2022.  As with steps taken during prior months, the actions described below reflect the implementation of the EO within the Government.  However, these activities portend further actions in March 2022 that are likely to impact government contractors, particularly those who provide software products or services to government agencies.

NIST Publishes Guidance to Federal Agencies on Practices to Enhance Supply Chain Security When Procuring Software

Section 4(e) of the Cyber EO requires the National Institute of Standards and Technology (NIST) to publish guidelines on practices for software supply security for use by U.S. Government acquisition and procurement officials.  Section 4(k) of the EO requires the Office of Management and Budget, within 30 days of the publication of this guidance (or March 4, 2022), to “take appropriate steps to require that agencies comply with such guidelines with respect to software procured after the date of the EO.  Section 4(n) of the EO states that within one year of the date of the EO (or May 12, 2023), the Secretary of Homeland Security…shall recommend to the FAR Council contract language requiring suppliers of software available for purchase by agencies to comply with, and attest to complying with, any requirements issued pursuant to subsections (g) through (k) of this section.”

NIST issued the Supply Chain Security Guidance called for by Section 4(e) of the EO on February 4, 2022.  The Supply Chain Security Guidance states that it “provides recommendations to federal agencies on ensuring that the producers of software they procure have been following a risk-based approach for secure software development throughout the software life cycle,” and that “[t]hese recommendations are intended to help federal agencies gather the information they need from software producers in a form they can use to make risk-based decisions about procuring software.”  The scope of the Supply Chain Security Guidance is expressly limited to “federal agency procurement of software, which includes firmware, operating systems, applications, and application services (e.g., cloud-based software), as well as products containing software.”  The Guidance further provides that “the location of the implemented software, such as on-premises or cloud-hosted, is irrelevant,” and also excludes open source software and software developed by federal agencies.  However, open-source software that is bundled, integrated, or otherwise used by software purchased by a federal agency is within the scope of the Guidance.

The Supply Chain Security Guidance defines minimum recommendations for federal agencies as they acquire software or a product containing software:

  1. Use the Secure Software Development Framework (SSDF) terminology and structure to organize communications about secure software development requirements.
  2. Require attestation to cover secure software development practices performed as part of processes and procedures throughout the software life cycle.
  3. Accept first-party attestation of conformity with SSDF practices unless a risk-based approach determines that second or third-party attestation is required.
  4. When requesting artifacts of conformance, request high-level artifacts.


Continue Reading February 2022 Developments Under President Biden’s Cybersecurity Executive Order

This is the ninth in a series of Covington blogs on implementation of Executive Order 14028, “Improving the Nation’s Cybersecurity,” issued by President Biden on May 12, 2021 (the “Cyber EO”).  The first blog summarized the Cyber EO’s key provisions and timelines, and the secondthirdfourthfifthsixthseventh, and eighth blogs described the actions taken by various government agencies to implement the EO from June through December 2021, respectively.

This blog summarizes key actions taken to implement the Cyber EO during January 2022.  As with steps taken during prior months, the actions described below reflect the implementation of the EO within Government.  However, these activities portend further actions in February 2022 that are likely to impact government contractors, particularly those who provide software products or services to government agencies.

National Security Memorandum Issued on Application of Cyber EO Requirements to National Security Systems

On January 19, 2022, President Biden signed National Security Memorandum-8, “Memorandum on Improving the Cybersecurity of National Security, Department of Defense, and Intelligence Community Systems” (the NSM).  The NSM sets forth requirements for National Security Systems (NSS) that are equivalent to or exceed the cyber requirements for Federal Information Systems set forth in the Cyber EO. The NSM also establishes methods for obtaining exceptions to these requirements for unique mission needs.

Section 1 of the NSM addresses how requirements set forth in the Cyber EO will be applied to NSS.  In general, NSS are systems that involve:  intelligence activities, cryptologic activities related to national security, command and control of military forces, equipment that is an integral part of a weapon or weapons system, or are critical to the direct fulfillment of military or intelligence missions.[1]  The NSM states that Cyber EO Sections 1 (“Policy”) and 2 (“Removing Barriers to Sharing Threat Information”) apply to NSS in their entirety, except that the Director of the National Security Agency (“NSA”) (defined as the “National Manager”) shall exercise with respect to NSS the authorities granted the OMB Director and the Secretary of Homeland Security under Section 2 of the Cyber EO.  This means, among other things, that companies that contract with DOD and other national security agencies and whose performance involves NSS, may be subject to the cyber incident reporting and standard contractual clauses promulgated in the Federal Acquisition Regulation pursuant to section 2 of the Cyber EO.

Section 1 of the NSM also requires the Committee on National Security Systems (CNSS) and the national security/intelligence agencies to take several actions to modernize NSS consistent with Section 3 of the Cyber EO.  For example, the NSM requires all agencies that own or operate NSS to update their existing plans to use cloud technology and to develop plans to implement Zero Trust Architecture by March 18, 2022.  The NSM further requires owners or operators of NSS to implement multifactor authentication and encryption of data-in-transit and data-at-rest on such systems by July 18, 2022.  The NSM also requires NSS owners and operators to adhere to the standards for enhancing software supply chain security developed under section 4 of the Cyber EO except where “otherwise authorized by law” or where the National Manager grants an exception.  Section 3 of the NSM sets forth the procedures and conditions for granting exceptions to NSS from the requirements of the Cyber EO.

In addition to the requirements described above, the NSM requires national security agencies to adhere to a process to be developed by the Director of NSA to identify and then inventory the NSS under their control according by April 19, 2022.  This guidance and inventory will be critical to defining the scope of application of the requirements of the memorandum.

The NSM also requires such agencies to report all known or suspected compromises of or unauthorized access to such NSS to the Director of NSA in accordance with procedures to be developed by the Director of NSA.  The NSM authorizes the Director of NSA to issue Emergency Directives and Binding Operational Directives to NSS owners and operators that are similar to the directives that the Cybersecurity and Infrastructure Security Agency (CISA) is authorized to issue to civilian agencies.
Continue Reading January 2022 Developments Under President Biden’s Cybersecurity Executive Order

In a December 2020 speech, Deputy Assistant Attorney General Michael Granston warned that cybersecurity fraud could see enhanced enforcement under the False Claims Act (“FCA”).  On October 6, 2021, Deputy Attorney General Lisa Monaco announced that the Department of Justice (“DOJ”) would be following through on that warning with the launch of the DOJ’s Civil

Under the January 2021 “Made in America” Executive Order 14005, President Biden established a new Made in America Office to oversee and administer domestic preference requirements in federal procurements.  Housed within the Office of Management and Budget (“OMB”), the Made in America Office was tasked with, among other things, reviewing and approving agency waivers

As discussed in our prior client alert, the

For the last several years, GSA has been piloting just such an alternative:  the Transactional Data Reporting (“TDR”) program, through which the government collects transaction-level data on products and services purchased through the Schedule to make data-driven decisions that save taxpayer dollars.  GSA has been running a TDR pilot program for several years to test the potential for a new regulatory regime, though the program sometimes has been the source of criticism and controversy.  Now that controversy has heightened further:  GSA’s Office of Inspector General published an audit report on June 24, 2021 that is sharply critical of the program, only to see GSA’s Federal Acquisition Service (“FAS”) Commissioner publicly reject the report’s conclusions and defend TDR’s effectiveness.
Continue Reading The End of CSP and PRC Requirements? — GSA’s TDR Pilot Program Faces Further Internal Criticism

The American Rescue Plan, signed into law last month, includes $1.9 trillion in economic stimulus, healthcare, and related funding.  And just last week the Biden administration released an infrastructure proposal, the American Jobs Plan, that includes $2.3 trillion in transportation, connectivity, power, and other critical infrastructure investments.Contractors are right to view these plans

When the United States government decides to intervene in False Claims Act litigation after initially declining intervention, it is not “déjà vu all over again.”  Instead, as one court has recognized, the “government is getting on a moving train,”[1] and it can only be permitted to “intervene at a later date” if it can

We and the third parties that provide content, functionality, or business services on our website may use cookies to collect information about your browsing activities in order to provide you with more relevant content and promotional materials, on and off the website, and help us understand your interests and improve the website. Privacy Policy

AcceptReject