If all goes according to plan, the Defense Department is a few weeks away from releasing new guidance on how it buys and builds business IT systems.
Those systems — think logistics, pay and personnel and medical IT — often have costs ranging into the billions of dollars, have been a frequent target of criticism from Capitol Hill and are on the Government Accountability Office’s current list of high-risk federal programs. In last year’s Defense authorization bill, lawmakers told the Defense secretary to prioritize off-the-shelf software, reduce the use of customized code and streamline the department’s own business processes before it makes new IT investments.
Guidance to that effect is now headed toward Undersecretary of Defense for Acquisition, Technology and Logistics Frank Kendall’s desk after a study group spent nearly a year drawing up the recommended practices, said Jane Rathbun, Kendall’s deputy director for Defense business systems.
“What I’ve discovered since taking this position in January is that the department has a long history in weapons system acquisition, but we haven’t focused on IT acquisition with the same fervor,” she told the Federal IT Acquisition Summit in Washington last week.
Insight by GitLab: During this webinar executives from the State Department, U.S. Securities and Exchange Commission, U.S. Patent and Trademark Office and GitLab will discuss how institutionalizing a DevSecOps approach to software development is a journey that must bring together the technology and business sides to change an organization’s culture.
The draft plan of attack will include an insistence that the Defense communities who develop requirements for business systems and the acquisition professionals in charge of buying them work much more closely together, Rathbun said.
“Our functional folks don’t necessarily know how to articulate requirements and our acquisition folks don’t necessarily know anything about the domain they’re working in. We’re going to find a more integrated approach,” she said. “Secondly, we should never buy IT for IT’s sake. It has to be supporting the delivery of some business capability. We’re going to start out by identifying the problem we’re trying to solve, and that requires people sitting down and saying, ‘What is it, really, that’s not working?’ Then, they really need to articulate what they need to get that problem fixed. When you’re focused on that, you shouldn’t start with IT, you should start with business process. That’s an area we don’t train our acquirers to work in, and that’s going to change.”
Even after department officials have settled on the notion that some piece of information technology is the answer to a certain business problem, the guidance will tell them that they need to conduct consultations with industry long before they’ve decided to start a formal acquisition process.
“You have to find out what’s in the realm of the possible, because we are not on the cutting edge when it comes to business operations and business systems,” Rathbun said. “Industry does these things all the time, they do it better, they do it faster. So the first thing we’re asking people to do is bring industry in before they decide that information technology is their solution. You want to know about how they deliver the capabilities you’re looking to deliver and see what you can glean. You want to look and see what kinds of regulations and policies are potential roadblocks to doing things more efficiently. At that point, you can say, ‘OK, where can I inject IT?’”
The guidance will emphasize the need to make use of commercial business tools that already exist on the market: allowing for configuration of those tools, but shunning the development of DoD-specific customized versions since that approach has repeatedly shown itself to yield systems that are not just more expensive up-front, but also in sustainment, because vendors also have to be paid to customize each incremental upgrade.
To integrate those tools into DoD, Rathbun said leaders in charge of buying future business systems will need to assemble integrated teams that stick with a system through its whole lifecycle, from cooking up the requirements to acquiring an IT solution to keeping it up and running.
“What we’ve proposed is that the functional leaders — the logisticians, the health care providers, for example — must partner with the acquirers all the way through the process to deliver a holistic product, not just the IT,” she said. “Often the acquirers are beholden to the user community and rarely question them on why they have to keep doing business the way they do business. People have quit their jobs because technology has been inserted and they don’t want to work that way. We have to teach change management and make it a key part of the acquisition strategy, something we don’t do right now, but something that is a key part of the guidance.”
To tamp down the temptation order up customized versions of products that suit DoD’s pre-existing business processes, the forthcoming document would also set up a “configuration control board” made up of leaders from the department’s acquisition and budgeting communities along with representatives from whichever business area is implicated by a new system. That panel would have to sign off on any proposals that would alter commercial software just to suit DoD’s preferences.
Also, in order to cut down on IT operation and maintenance expenses, the department will try to undo the tendency for program managers to buy not just a software product, but also the necessary servers and data centers to run them. The guidance attempts to decouple software procurements from hosting so that forthcoming business systems can be run in shared cloud environments from the get-go.
Rathbun said her study group identified several areas that still need more work and won’t be fully addressed by the new guidance.
For one, in contrast to its weapons systems, the Defense Department’s mechanisms for planning and budgeting its IT procurements are not very well defined.
“Our funding mechanisms don’t necessarily support IT development. We have a lot of funding, obviously, but we have an opportunity to improve the funding mechanisms,” she said without elaborating. “That’s one thing we’ll be working on over the next year. The other is sustainment. We need to be able to adapt to the pace of the IT upgrades that industry is used to implementing. I don’t think we have a good handle on that.”