Federal services contractors are scratching their collective head over a State Department gambit. State put out a solicitation to sponsor three federally funded research and development centers (FFRDCs). But what the department wants doesn’t sound like anything industry or government couldn’t do already. That’s according to the Federal Drive with Tom Temin‘s guest, the Executive Vice President for Policy at the Professional Services Council, Stephanie Kostro.

Interview Transcript: 

Tom Temin   And this is an odd solicitation because you don’t think of State Department is doing basic scientific research.   

Stephanie Kostro   This is a head scratcher. I love that you use that word. In mid May State Department announced its intent to sponsor three federally funded r&d centers are FFRDCs is and what they’d like to do, according to this notice is to facilitate public private collaboration for numerous activities related to diplomacy and modernization. Public comments are due in three months in August, it’ll be two months from now. However, what is the head scratching part of this is that the areas that they would like the FFRDCs to focus on are things like operational support, which is acquisition planning and development or operational analysis and organizational innovation. The second area is emerging threats, experimentation and evaluation. The third area, is IT and cyber ops. To be honest, when I look at this time, I think some of this stuff is inherently governmental. And some of it can easily be done by private sector contractors who already have relationships with the State Department and other agencies. So that is where the head scratching comes from.   

Tom Temin   And so to establish an FFRDC, that itself is a competitive process, you might say, could a large services contractor, I mean, a lot of them kind of do this type of work, just establish themselves make an arm of themselves as an FFRDC. Those are nonprofit, right?  

Stephanie Kostro   Yeah. FFRDCs a nonprofit, they receive federal funds directly appropriated within bills. And they exist for very specific reasons. And that is to say, to provide r&d capabilities that could not effectively be met by the government or the private sector alone. These three areas are not among those that I would list for areas that cannot be met.  

Tom Temin   Right. So what will you say to the State Department like, stop it?  

Stephanie Kostro   I would say that we have seen, I would call it mission creep. Some may take issue with that phrase before FFRDCs in the past, you know, we’ve got some excellent FFRDCs that worked hand in hand with the government, the private sector has no problem with them. However, they are established for very specific reasons that could not otherwise be addressed. And so it’s this issue where we see the expansion of scope that is problematic for the private sector, and should be problematic, quite frankly, for the government as well.  

Tom Temin   And you’re watching the 2025, National Defense Authorization law still being developed in both the House and the Senate. And there’s something about FFR DCs and expanding them in that bill.   

Stephanie Kostro   Yeah, Tom, they always offer members of Congress offer amendments almost every year that talk about FFRDC is and sometimes extend the scope in ways that you know, the State Department is looking at this year, we’re looking at the House version of the National Defense Authorization Act. And there are amendments proposed for that bill that would do things like create a Technology Center on open source software security, again, this is an area that could be easily addressed by the private sector. And so when we watch amendments like this, we always keep that foundational principle in mind is what could the government do? What can the private sector do, and it’s that gap that FFRDC is are supposed to fill.   

Tom Temin   This gambit of the FFRDC sounds a little bit like the cousin of other transaction authority, where you can creep, because of the ease of it, creep it beyond the scope that it’s really supposed to be serving.   

Stephanie Kostro   And I think that is where if you do effective oversight, you can call this to mind. And so when PSC comments on things like the State Department’s notice, or like amendments that are under consideration, we really do focus on the principle underlying it as opposed to the the details or the operational details. And so again, the principle comes down to what is appropriate for FFRDC to do, what can existing FFR DC’s do with their authorities and what should the private sector address?  

Tom Temin   We are speaking with Stephanie Kostro, Vice President for policy at the Professional Services Council, and you have also submitted comments or will be submitting comments. I guess they were due yesterday, on a FAR Council gambit to establish a FAR Part 40 dealing with supply chain. What do you see there?  

Stephanie Kostro   Now we are part of PSC as part of what is called the Council of Defense and Space industry associations. We affectionately call it CODSIA. CODSIA submitted comments to this joining several associations PSE believes that FAR Part 40 is a great idea. It talks about supply chain it talks about information security, what we are seeking in this is as as they develop FAR Part 40 further that they really address clarity that they identify and define specific terms that will help the contractors support them more effectively, for example, things like information and communication technology, otherwise known as ICT. What does it mean in this context? What does it mean in supply chain security? And I’m looking forward to hearing the government’s response to some of these questions that were posing in the comments submitted yesterday.   

Tom Temin   And what specifically does FAR Part 40 seek to do with respect to supply chain and security of it doesn’t exactly sound like an acquisition issue directly that you would think it would be in the FAR?  

Stephanie Kostro   Yeah. Well, I’m glad you asked that question. What the language says is that FAR Part 40 is going to address policies and procedures for prohibitions, exclusions and supply chain risk information sharing. This is an area where contractors are very interested in what the government has to say about definitions about what compliance requirements look like, and how do you safeguard information that addresses security objectives. And so, again, we are welcoming of this FAR Part 40, we are just looking for additional definitions and what exactly they’re characterizing, as, for example, ICT. So, again, this is an iterative process. This was a request for information, we provided what we could we provided lots of questions. And we’re looking forward to further engagement with the government on this topic. 

Tom Temin   Because it’s fair to say that there are two or three different proposals and rulemakings going on now, to solicit information from contractors from industry, even if they’re not contractors, on cybersecurity related matters. You have it on the DoD side, and on the civilian side through CISA.   

Stephanie Kostro   You know, I’d characterize this as a flurry of rulemaking activity, cybersecurity, specifically, we’re seeing a lot in terms of National Institute for Standards and Technology, NIST, and their cybersecurity framework, we see a lot coming out of the Department of Homeland Security, a lot coming out of the Department of Defense, the cyber Maturity Model certification process, etc. And so, again, clarity is really important here so that when it comes to compliance, not only are contractors in full compliance with what their requirements are, because at the end of the day, we are actually more cyber secure, and our supply chains are more secure. That is the objective here.  

Tom Temin   Yes. Because that reference to like you say, ICT information and communications technology. That sounds like without saying it outright, they still want to keep China out of that particular part of the federal supply chain.  

Stephanie Kostro   If you look at the National Security Strategy, we are always keeping our eye on China. And China has so many tentacles within the technology area, both IT and otherwise. And so I think as we move forward, understanding what’s required and what is, you know, expected of contractors is going to be paramount.  

Tom Temin   All right. So I guess basically, then your comments to the FAR Council, we’re just clarification, or did you say do this or don’t do this?  

Stephanie Kostro   So we encourage them to include certain things in their FAR Part 40 as they move forward, and then asking about other items that, you know, should they be excluded from this list as they move forward on FAR part 40. It’s exciting to be part of the development of a new part of the far. I mean, I’m a acquisition nerd. So I think it’s exciting. Maybe not everyone would agree. But as we move forward, I think some of these foundational principles of what is excluded what is included in policy, it’s exciting to be part of that.  

Tom Temin   Well, if you read down in their solicitation for information and get to the lower bullets, you see words like bytedance, tick tock Kaspersky, you know, all of the big bugaboo isn’t have come up. Yeah, over the years in this area. So I guess maybe, yeah, maybe it is China and other Russia for that matter, that they’re worried about.  

Stephanie Kostro   Tom, you and I’ve talked about supply chain issues before and it is really hard for a prime contractor to know down to the Sub Sub Sub Sub tier who exactly is getting involved. And so this area of supply chain elimination, and resilience is an area of a lot of angst, and a lot of, you know, engagement between the government and contractors. We’re all learning this together. 

The post State Department’s R & D approach has industry puzzled first appeared on Federal News Network.

X