Originally posted on Federal News Network.
The Defense Department recently released a report, State of Competition in the Defense Industrial Base, which came to the bold conclusion that consolidation in the defense industrial market is a national security threat. The threat being that less competition means less innovation and the risk of falling behind other countries. But this threat to innovation, and by proxy security, has been a concern even without consolidation.
There is a high barrier to entry for companies to do business with the government and the DoD in particular. This means that the DoD does not always have access to the most innovative solutions because the companies driving innovation in the private sector have to jump through so many hurdles before they can even win their first government contract. The DoD report lays out five recommended actions that the government can use to mitigate this threat to innovation.
- Strengthening merger oversight
- Addressing intellectual property limitations
- Increasing new entrants
- Increasing opportunities for small businesses
- Implementing sector-specific supply chain resiliency plans
We dove a layer deeper to suggest several tactical steps that the DoD can take today to make a difference in meeting the need for increased competition and diversity in the defense industrial base.
Tailor your compliance to meet the acquisition
Security can be a huge barrier to entry for non-traditional contractors. And oftentimes it is treated more as a lengthy exercise in check boxes than a meaningful approach to cybersecurity.
To allow for and increase new entrants, it is important to revisit the compliance requirements currently attached to technology procurements: security, cleared facilities, etc. Oftentimes, these compliance requirements are not necessary for a solution to work securely, but rather become huge unintentional barriers to entry for non-traditional contractors.
Security matters, but know why and what you’re asking for. Don’t just throw the whole kitchen sink over to the vendors because it’s the way it’s always been done. This could mean that every commercial-off-the-shelf product used may not have to be fully FedRAMP compliant, for example. We should be looking at how the product is used and then look at the pieces of FedRAMP (or other standards) that are truly applicable to that use. By looking at security as it applies to the use of the product, many more solutions become secure and viable additions to the DoD infrastructure.
Of course, this is a shift that requires some work. Solicitations can no longer rely on cut and paste standard language. They will have to be tailored to communicate the discrete security requirements for each product. One way to streamline this effort is to look at products used in parallel, highly regulated markets like banking, finance and healthcare. Look at what they require in terms of security and use those requirements to guide the acceptable thresholds for security.
Starting small makes a big impact
For major weapon systems, the scope of work can be quite prescriptive. This is necessary as they are looking for a whole solution and a team on-site to guide implementation and operation. This approach does not work for technology and for too long we’ve applied the same acquisition standards to buying tanks and buying software.
We’ve seen a shift in how technology acquisitions are written as the DoD has embraced the iterative agile process. Software-dependent solicitations focus more on the outcomes or desired function of the system rather than the pieces needed to build it and the order it should be built in. This flexibility needs to continue to expand into all performance work statements (PWSs).
Technology solutions need niche parts and the handful of major integrators, no matter how big they are, simply cannot meet all of these needs at consistently high quality themselves. Even if they did, this opens up another huge risk for government: vendor lock-in. Being beholden to a single supplier for a system means government loses control of the management of the system, as well as the IP. Niche players need to be part of any solution. However, to expect them to meet the same standards as long-term government integrators is unrealistic. In doing so they would be recreating the wheel and charging the government millions of dollars to do so.
Integrators need to reach into the commercial tech community to get pieces of a whole solution. In bringing these smaller players into the fold, we cannot expect these niche players to meet the same criteria that multi-billion dollar conglomerates do. There needs to be flexibility to not only use these solutions, but give these smaller players a voice in how their technology is used.
Stay true to the aims of non-traditional acquisitions
Other transaction authority contracts are seen as one of the most innovative way to procure solutions in government. In practice, they frequently are manipulated to fit into traditional molds. OTAs say that you must have significant participation from non-traditional provider on your team, but they do not apply any specific level of participation. That non-traditional may only get 5% of the work but, because they are on the team they help the response meet the OTA requirement.
Instead, we should look at giving non-traditional suppliers a prime spot or a specific percentage of work (similar to what is done with small business contracts) on these OTAs. It’s not a perfect solution, but it builds in more accountability around ensuring smaller companies have a voice in how their solutions get implemented to drive forward innovation.
Knowing you have a problem is half the battle
It is critical to introduce new ways of thinking into the acquisition process. This is easier said than done, especially with a workforce that is traditionally and chronically under-resourced. When you are under-resourced, it’s hard to focus on implementing change. Most days all you can do is keep the trains running. However, due to a retirement wave, the workforce is changing, making this the perfect time to introduce changes.
The acquisition workforce needs training not just on acquisition, but on technology itself. With a basic understanding of how the technology works as pieces of a whole, customizing acquisitions becomes easier. Acquisition teams can focus on implementing new processes, easing old cumbersome processes, and automating manual work to introduce changes that reward innovation.
Meeting the innovation and security needs of the DoD is not easy. But with a focus from the DoD and industry alike, we can begin to implement changes to “how we’ve always done it” to introduce the technology our military needs to fulfill their modern missions.
Riya Patel is the managing director for government at Dcode.