“DoD Reporter’s Notebook” is a biweekly feature focused on news about the Defense Department and defense contractors, as gathered by Federal News Network DoD Reporter Jared Serbu.
Submit your ideas, suggestions and news tips to Jared via email.
Oracle America is telling a federal court that the Defense Department violated federal procurement laws and regulations in at least seven significant ways when it designed its multi-billion dollar JEDI Cloud computing contract.
As a result, the court should order DoD to revise its request for proposals before it’s allowed to make an award, attorneys for the tech firm said.
The arguments largely echo the complaints Oracle lodged with the Government Accountability Office in an earlier, unsuccessful pre-award bid protest.
But in its lawsuit – filed last Friday and unsealed by the U.S. Court of Federal Claims on Monday – the company said GAO had been too deferential to the defenses DoD offered in that prior proceeding, including its claims that a single-award contract was justified for reasons of national security, cost and speed.
Oracle, Microsoft, and several industry associations have argued that the Pentagon’s decision to award the up-to-$10 billion contract to only one company was imprudent, since it would lock in one vendor for up to a decade and deprive the military of the benefits of competition.
But in its filing, Oracle also asserted the single-award decision was patently illegal.
“This is a straight statutory construction issue; it is not a matter of deference or national security as claimed by DoD,” attorneys for the company wrote in the complaint. “Congress has prohibited the very contract approach DoD has implemented.”
Lawyers were referring to a federal law that requires agencies to grant multiple awards whenever possible if they’re issuing large indefinite-delivery/indefinite-quantity (ID/IQ) contracts.
There are some exceptions to that rule, and DoD believes it satisfied one of them when Ellen Lord, the undersecretary for acquisition and sustainment, signed written findings saying the department would only be issuing task orders at firm, fixed prices that would be set at the time of the contract award. And since those prices would have been set after a competition with other vendors, the government could be assured it was getting fair prices, the department reasoned.
But Oracle said that argument simply isn’t true, partly because the contract also explicitly requires the winning bidder to adjust its prices to align with what it’s offering to business customers over the course of up to the next 10 years.
One clause “will require the awardee to regularly add (as frequently as daily or weekly) its new commercial offerings onto the JEDI Cloud at yet undetermined prices, and contemplates the awardee working with DoD to develop new classified offerings — none of which offerors in the JEDI Cloud competition will specify or price in their proposals,” according to the complaint.
Separately, Oracle claims it was unfairly shut out of a fair chance of winning the contract because the department deliberately set up “gate criteria” that only two large cloud companies – Amazon and Microsoft – could possibly hope to satisfy, even though the department’s own market research showed its cloud requirements could be served by multiple companies.
To pass through those gates and be considered for the JEDI award, companies need to show, among other things:
Oracle contends that some of those requirements go beyond the department’s actual needs, are barred by the Competition in Contracting Act, or, in the case of the first gate criteria, that bidders shouldn’t be measured against the cloud services they were offering more than a year before the department could possibly hope to issue any orders against the contract.
Like another JEDI protester, IBM, Oracle contends those requirements were set with one particular company, AWS, in mind.
To back that up, the complaint offered what Oracle said was evidence of conflicts of interest involving two defense officials who helped spearhead the procurement: A chief of staff to the deputy secretary of Defense who’d previously been an AWS consultant, and a member of the Defense Digital Service who planned JEDI’s requirements. That employee had previously worked for AWS, and returned to the company as a general manager in 2017.
With regard to the former DDS official, Oracle claimed the department hadn’t done nearly enough to probe a potential conflict of interest; the JEDI contracting officer’s investigation fit on a single page, it said.
The company also reproduced documentary evidence it had obtained through its GAO protest that it characterized as “attacks” on other defense personnel or industry groups who were pushing for a multi-cloud approach to JEDI.
In Slack messages quoted in the court complaint, the former DDS employee mocked one senior defense IT official, calling her a “dum dum” after she had apparently expressed satisfaction with Microsoft cloud services. In others, he appeared to respond with vulgar dismissals to an industry group’s presentation that summarized previous government research and experience with cloud acquisition strategies.
In testimony to GAO arbiters, the department said its contracting officer would “continue to comply with her conflict of interest duties concerning this acquisition.”
The Pentagon contended any potential conflict of interest issues shouldn’t stand in the way of the procurement, and that it would investigate the matter further, “if appropriate,” before it makes a contract award. It also minimized the DDS official’s involvement, saying he only worked on the JEDI procurement for seven weeks.
GAO did not foreclose the possibility that there was a conflict of interest, but said the matter is irrelevant until and unless AWS wins the contract and a protestor can show that a conflict actually played a role in the final decision.
DoD’s answer to Oracle’s court complaint is not due until Feb. 4.
In the earlier GAO protest, the department successfully fought back the Oracle challenge by arguing it had wide latitude to make procurement decisions on national security grounds, and that a multiple-award strategy would only cost the government more time and money.
And on cost and schedule grounds, the department said a single-award contract was imperative when it comes to getting modern cloud services to the tactical edge as quickly as possible, and to integrate the various cloud services and legacy systems it already has in place.
“Doing that for a single solution provided to the department by either a vendor or a team of vendors is a big lift already.Trying to do that for multiple solutions, with the department operating as the integrator, would be exceedingly complex,” said Tim Van Name, the DDS deputy director. “Part of this effort is to work with the winner of the JEDI Cloud contract, so that we can help the department better understand the risk [it is] accepting, better manage that risk, but also do so in a more timely manner, so that our war fighters get access to applications and services much faster. Trying to do that with one vendor is a thing, I think, the department knows how to do. It’s going to take a considerable amount of our technical experts. Trying to do that with multiple vendors simultaneously, I just don’t think we have the technical expertise to do that well.”
The Air Force is about to join the still-small group of federal agencies who’ve found ways to dramatically accelerate the process of granting cybersecurity approvals for IT systems.
The Authority to Operate (ATO) process, a paperwork gauntlet that routinely consumes months of time before new systems are allowed to be connected to government networks, is a requirement of the Federal Information Security Management Act. FISMA tells CIOs they must know and accept the security risks each system carries with it.
But there’s no particular reason the system can’t work much more quickly, said Bill Marion, the Air Force’s deputy CIO. Service officials are expected to sign off on a new “fast-track” ATO policy within a matter of days, he said.
“We fundamentally believe this is going to help us bring capability faster,” he said last week at AFCEA NoVA’s annual Air Force IT Day. “It will bring us software modernization at a faster clip, but also provide better security.”
Marion said the new policy won’t be appropriate for every IT system, but in some ways, it will turn the traditional ATO process on its head. Rather than assessing every single system against the entire catalog of NIST security controls, the goal is to make intelligent decisions about which of those assessments really need to be performed at all for a particular system.
He offered an example: If the Army has already gone through the Risk Management Framework (RMF) and deployed a system the Air Force wants to use, does the Air Force really need to put itself through every one of those same painful paces?
“What do I think I’m going to find in that whole other 900 controls in RMF that we didn’t already flush out when we put that system in a hardened cloud computing center and put it through penetration tests? What do we expect to find, and is the juice worth the squeeze? Part of this is getting the decision in front of the approving official sooner, to then determine what parts of the RMF you even need to go through,” he said. “In some cases it may be very, very short. In some cases it may be truncated by a third, or half. It’s a fundamental retooling, but we are in a different world in how we’re managing risk.”
One reason the Air Force may feel comfortable with less quadruple-checking of those security controls on the front-end is that it’s become increasingly confident that it can spot and fix genuine cybersecurity problems after a given system is deployed.
In early 2017, it deployed a commercial tool developed by Tanium which lets Air Force cyber defenders scan the service’s entire network within a matter of minutes and automatically patch any security holes they find in real-time.
Officials ordered that the tool, which the Air Force calls Automated Remediation and Discovery (ARAD), be deployed on virtually all of its IT systems by May of 2017. Any systems that couldn’t employ the tool for one reason or another were deemed “high risk.”
The timing was fortuitous. The WannaCry ransomware attack struck computers across the globe that same month. But because of ARAD, the Air Force managed to effectively immunize its entire network from the malware in less than an hour, Marion said.
“That was game changing for us,” he said. “We had never done that before in our history. While we had been pretty fast, it typically took days or weeks to re-mediate something of that magnitude. And we did it at scale across the Air Force in 41 minutes. We have to be able to act when something happens. This belief in defense-in-depth and network-perimeter-only security, I would argue, is a failing one in this globally connected world.”
Aside from the new availability of the ARAD tool, Marion said the Air Force’s move to the new, faster ATO process will be guided by two other major factors.
Authorizing officials will need to see demonstrable evidence that any new system adheres to basic cyber hygiene, and at least some of those systems will be subjected to a new generation of penetration tests once they’re up and running, including the “bug bounties” that are becoming increasingly pervasive across government.
“I liken it to the USDA meat inspection process,” Marion said. “We don’t inspect every piece of meat, but every piece of meat could kill you. So we inspect and we review and we check our processes to make sure that bad things aren’t creeping their way back into the system. We’re finishing Hack the Air Force 3.0 right now, but we’ve got a whole series of pen tests and bug bounties planned for fiscal year 19, and they’re funded.”
It’s not yet clear how long the revamped ATO process will take, but Kessel Run, the Air Force’s new agile software development office, has been working on a “continuous ATO” model it calls “ATO in a day.”
“So this is the new world order: Make sure you’ve got a basic level of hygiene coming into the mix – that’s the price of entry – bringing the sensors and remediation tools that sit on top, and then bringing a bug bounty pen testing process,” he said.
Similar concepts have been proven out in other federal agencies, including at the National Geospatial Intelligence Agency, which used the same terminology when it began working on its own speedier security approval process.
NGA has managed to get the process down to three days.
“We are continuing to build the telemetry necessary, the business rules, the promotion path for code committed to our dev/ops pipeline and to promote that as quickly as possible to operational,” Matt Conner, the agency’s chief information security officer said in an August interview with Federal News Network. “We still haven’t realized the one-day ATO, but it’s out there.”
The Defense Department has dragged its feet in implementing a host of new measures lawmakers ordered as part of a crackdown on lowest-price, technically acceptable (LPTA) contracts.
The findings are part of an annual Government Accountability Office review of DoD’s use of LPTA source selections. In its report, released Tuesday, GAO estimated LPTA is used for about a quarter of the Pentagon’s contracts and task orders that are worth $5 million or more.
But it also pointed out that DoD still has not issued the rules Congress ordered it to draft two years ago to ensure the department is only using the cost-conscious procurement method when appropriate.
As part of the 2017 National Defense Authorization Act, Congress — responding to longstanding industry complaints about a perceived overuse of LPTA — ordered DoD to make sure it satisfies eight separate criteria before deciding to go that route on a given contract, rather than using a “best value” method for picking the winner.
The legislation was enacted in December 2016. By September of this year, DoD still had not begun moving on the rulemaking process needed to implement the law.
Officials eventually opened a case to amend the Defense Federal Acquisition Regulation Supplement (DFARS) on Oct. 25, several weeks after GAO gave them a draft copy of the final report it issued this week. But they do not expect the final rules to go into effect until the fourth quarter of 2019.
Among the new mandates Congress issued was that when DoD contracting officers are using LPTA, they need to be able to clearly define the government’s minimum requirements. They should be sure that there’s no value in buying products or services that exceed those minimums, and be confident that DoD would be wasting its time if it delved deeply into questions about whether one vendor might be able offer a more innovative approach. That might be the case if the department is buying commodities such as natural gas or off-the-shelf computers.
DoD does not keep detailed records about how often it uses LPTA contracts, but GAO’s review of a sample of 2017 contracts and task orders found that, by and large, the department is almost always complying with those principles, even without the rule change.
But for three of the other tests Congress ordered, it’s clearly not.
The law also told the department it needs to provide a written justification for why it decided to use LPTA in any given contract. That happened only three times in the sample of 14 large procurements GAO examined.
In that same sample, there was only one case in which DoD was able to show that the “lowest price” it settled on included the operations and support or “lifecycle” costs for what it was buying, another requirement of the 2017 NDAA.
And in only two cases was DoD able to satisfy the law’s requirement that it only use LPTA for goods that are “predominantly expendable in nature, nontechnical, or have a short life expectancy or shelf life.”
At least some of the contracting officers GAO interviewed said that determination is a tough call, especially without DoD-level rules that might provide some more guidance.
“Specifically, a Marine Corps contracting official who purchased general use computers stated it was unclear if a computer that will be replaced every 5 years would be considered to have a short shelf life,” auditors wrote. “Additionally, an Air Force contracting official who purchased Blackberry licenses stated that it was unclear if this criterion would apply to such licenses, and if it did, whether a one-year license would be considered a short-shelf life. As a result, this contracting official stated he would not know how to consider this criterion in similar acquisitions.”
Amidst the Trump administration’s somewhat murky efforts to reorganize the federal government, the future role of the Office of Personnel Management is, to put it mildly, uncertain.
As Federal News Network first reported, the administration is aiming to diminish OPM’s central role as the governmentwide belly button for HR and civilian hiring.
Another massive step in that direction would be to remove the Defense civilian workforce from OPM’s administrative authority. Those workers make up nearly 40 percent of the total population of federal civil servants, but Mark Esper, the secretary of the Army, strongly believes they should be removed from OPM’s control altogether.
“They’re not bad people. They’re trying to construct a system that’s as fair as possible for a lot of patriotic Americans who want to work for the federal government,” he said. “But it’s not working, and I’d like to get control of it.”
“Control” would mean that the Defense Department would manage its own processes for hiring and managing its civilian workforce. Esper’s comments, made at a luncheon address to Army civilian employees, mostly addressed the federal hiring system.
The vast majority of open civilian positions are advertised via the USAJobs.gov website. The recruiting process that flows from those job advertisements, he said, is badly broken.
“I think any system where you have to go on a website and assert that you’re an expert in anything forces people to be dishonest,” he said. “If the tricks of the trade are to read the job description and then mimic it back, it’s a fundamentally flawed system.”
Esper said he has not delved into too many details about how a replacement for the current hiring system would work in practice, but said that he’s held some initial discussions with members of Congress about a new one that would be operated by the Defense Department instead.
“And then I can have input on it,” he said. “I can work with the secretary of Defense, and the deputy secretary, to build a system that gets rid of all of those artificialities and all of the gaming that’s inherent in [USAJobs], and maybe takes a forward-looking approach. I’m not satisfied with a hiring system that takes 140 days.”
Even worse, from Esper’s point of view: the current goal for improvement is to reduce the government’s time-to-hire to about 80 days.
“That’s not how the private sector works,” he said. “If you were to say ‘I’m going to hire you in 80 days,’ people would walk. The goal I’ve given my folks is 30 to 45 days. I don’t know if we’re going to get there, but we’re going to push hard.”
Shortcomings in the governmentwide approach to civilian personnel onboarding aren’t limited to the initial hiring process, Esper said. He believes the background investigations that are needed for many of its civilian personnel in order to gain security clearances could be finished in less than a week, using one page of documentation, if the clearance process were to be conducted “as the law intended.”
The secretary said he’s trying to “peel off” challenges in the civilian hiring process on a weekly basis.
How successful he’ll be remains to be seen, but it’s far from the first time the Defense Department has attempted to assert more control over its civilian workforce and differentiate itself from the rest of the government’s civil service.
In 2015, advisors to Defense Secretary Ashton Carter urged the Obama administration to remove DoD employees from the jurisdiction of Title 5, the section of the U.S. Code that governs the federal workforce, and place them under Title 10, the section that governs military members and is controlled by DoD.
The draft recommendation would have required congressional approval, but was never formally sent to Capitol Hill.
More recently, the department has explicitly sought to exempt itself from broader Trump Administration efforts to shrink the federal workforce, saying its civilian workforce is essential to its core missions, and growth is warranted in at least some areas.
DoD’s civilian workforce is in the business of protecting the American way of life, not regulating or governing it,” Defense officials wrote in a wide-ranging “Business Operations Plan” they quietly posted online earlier this year. “While it may be appropriate for other federal agencies to reduce their civilian workforce, for the DoD, right-sizing will necessitate targeted growth to both restore readiness and increase the lethality, capability, and capacity of our military force.”
Virginia’s senior senator is pressing the Defense Department for answers after yet another exhaustive media report documenting health, safety and other deficiencies in military base housing.
In a letter to Secretary of Defense James Mattis, Sen. Mark Warner (D-Va.) demanded a briefing from Pentagon officials on what they’re doing to handle alleged failures on the part of the companies that operate the military services’ privatized on-base housing.
The issues were raised in the latest of several lengthy investigative reports on military housing by the Reuters news agency. It found multiple cases in which the firms allegedly refused to deal with serious mold, water intrusion and vermin problems, sometimes forcing them to move off-base at their own expense, and in at least one case, leaving the family to conclude its best course of action was a earlier-than-planned departure from military service.
“This is not the first time that unhealthy conditions in military housing have been documented. In November 2011, I was made aware of similar complaints regarding mold in private military housing in the Hampton Roads area in Virginia,” Warner wrote. “Working with Navy officials and impacted military families, I strove to ensure that both the Navy and Lincoln Military Housing implemented a plan to reduce these hazards. As a result, LMH agreed to offer free mold inspection to any resident requesting the service, to hire an independent professional engineering firm to survey the conditions, to update training for maintenance teams and more; the Navy also committed to improving tracking tools and enhancing oversight of property management performance. But today it appears that these changes were insufficient or ignored.”
The military services’ decision to privatize their housing was made in the 1990s at a time when officials were searching for ways to improve living conditions in what were then government owned-and-operated homes. Housing was falling into disrepair at an alarming rate back then, and as a general matter, the privatization program has been viewed by policymakers as an overwhelming success.
However, concerns about companies’ failure to deal with substandard conditions are not isolated to Virginia, nor Naval installations. This fall, the Army devised a plan to begin testing houses that were built before 1978 for lead exposure. Those actions were taken in response to another Reuters investigation, which documented more than 1,000 small children whose blood tests, administered by on-base clinics, had shown elevated levels of lead.
The Army is starting with a sample of 10 percent of those homes, and plans to finish the inspections by the end of the year, said Jordan Gillis, the assistant secretary of the Army for installations, energy and environment.
“The Army Corps of Engineers is going to produce a report for us that will really give us a baseline understanding of where we are, so then we’ll be able to decide what the appropriate next steps are,” he said. “Whether that’s additional inspections or additional mitigation, we don’t know for sure, but that should give us a good baseline to move out from.”
The inquiry involves not just lead paint — which the Army does not consider dangerous if it’s been properly covered and contained by subsequent layers of non-leaded paint — but other sources of lead as well.
“We believe encapsulation is an effective approach, but we’re conducting inspections to ensure that it is in fact effective,” Gillis said. “While we’re in there, we will also test water at the tap for the presence of lead. You can be contaminated or exposed through sources other than lead paint, and water is one of them. So we’ll test water at the tap, and we’ll do a visual inspection for the condition of any asbestos as well.”
The Army says it’s accommodating families who have asked to move out of their current houses over lead or asbestos concerns, but says only a handful have asked to do so. However, a fact sheet produced by the Army itself notes that most children who’ve been exposed to lead don’t exhibit any immediate symptoms, and blood tests are the only way to know for sure that they’ve been exposed in ways that might be harmful.
The Reuters investigations are not the only indication of substandard living conditions in privately-managed on-base housing.
The Defense Department’s inspector general has several recommendations that the Pentagon has not dealt with to the IG’s satisfaction, including from a 2015 inspection of military housing in the national capital region.
That review, which examined a sample of housing at two bases — Joint Base Anacostia-Bolling in Washington, D.C., and Fort Belvoir in Northern Virginia, found 316 separate electrical, fire, and other safety and health problems.
Among many other recommendations in its 2015 report, the IG said the Army and Navy should conduct more routine inspections to ensure their housing contractors were complying with standards.
The Army disagreed.
“Guidance received from the [office of the assistant secretary for installations] prohibits Army personnel from conducting health and welfare inspections of privatized homes,” officials wrote at the time. “Lack of available resources and projected future reductions in resources do not adequately provide for or allow additional oversight of housing facilities.”
That, in a nutshell, is a key part of the upshot of the latest Reuters investigation.
Families living in military housing can’t complain to state and local officials who would otherwise handle health concerns or myriad other tenant protections offered under state laws. That’s because the houses are on military property. But the military services themselves have tended to take the position that it is not their business to involve themselves in individual landlord-tenant disputes.
The Naval Facilities Engineering Command, which oversees all of the Navy and Marine Corps’ privatized housing contracts, has only “a limited role” in day-to-day operations, NAVFAC’s assistant commander, Scott Forrest told the news agency.
During last week’s formal activation ceremony for the Army’s new Futures Command — held, coincidentally, just 24 hours before the death of Sen. John McCain (R-Ariz.) — Army leaders disclosed something about the command’s origins not yet publicly discussed.
The senator himself played an instrumental role in the command’s creation, starting more than two years before officials publicly announced their plans to stand it up, they said.
“None of this would be happening without someone who’s not here today, and that’s Sen. John McCain, an American hero,” Gen. Mark Milley, the Army’s chief of staff said at the Austin ceremony on Friday.
Milley went so far as to characterize the creation of AFC – which the Army calls its most significant reorganization since Vietnam – as “Senator McCain’s idea.”
Although the new four-star command took more than two years to plan and design, with deep involvement by the service’s most senior leaders, Milley recalled that the genesis was a private meeting he had with McCain, the chairman of the Senate Armed Services Committee, just before his Aug. 2015 confirmation hearing to become Army chief.
“He talked to me about a lot of the problems and challenges he thought the Army had in the area of acquisition, procurement, science, technology, research, development, modernization, and all of those things,” Milley told reporters later. “And he said, ‘You really have some significant challenges here, and I want you to think about how you’re going to reform the Army.’ I wasn’t the first person he ever told that to, but I was on the eve of confirmation. I said, ‘Oh, I’d better be paying attention to this guy, because this is the guy who’s either going to confirm you or not.’”
Milley said the planning efforts for AFC included months of quiet, ongoing conversations with McCain about how the command would be structured and how the Army could solve some of its procurement challenges by moving its modernization functions “under one roof.” Those plans were eventually revealed to the public in October 2017.
There were times during the planning process when the idea of a new modernization command appeared to have ground to a halt, in part because of a lack of political appointees within the Army who could champion the idea, according to Gen. John Murray, who became AFC’s first commander on Friday.
But Ryan McCarthy received Senate confirmation as undersecretary of the Army in August 2017, and quickly got behind it. So did Mark Esper, the secretary of the Army, when he was confirmed in November.
“I really thought that it was dead,” Murray said. “We worked very hard for about a year on it, and then Gen. Milley just quit mentioning it. But sir, I think you were really waiting for the right political leadership, and I believe the right political leadership arrived. You very quickly gained the backing of Secretary Esper and then really the muscle and the horsepower of the dynamic duo: the undersecretary and [Vice Chief of Staff] Gen. [James] McConville that really drove this home. And none of it would have been possible without Senator McCain and entire congressional support.
Two senior staff members from McCain’s office also attended the ceremony, which was held just an hour after the senator’s family announced he would be discontinuing medical treatment.
John Cornyn, the senior senator from Texas, also noted McCain’s role.
“I wish he could be here, because I know that he was key,” Cornyn said. “I know he would love to be here and be pleased.”
Just a few weeks ago, Congress ordered the Defense Department to provide a written progress report on how it’s solving problems it’s found with the implementation of its new $5.5 billion electronic health record. But senators now appear to feel that some outside oversight is in order as well.
In an amendment to the “minibus” appropriations bill the Senate passed on Thursday, the chamber voted 95-0 to require the Government Accountability Office to conduct its own study of MHS Genesis. In particular, lawmakers want to know:
The amendment, sponsored by Sen. Bill Nelson (D-Fla.), is part of the Senate’s $854 billion funding bill for DoD and the departments of Health and Human Services, Labor and Education. The appropriations language still must be reconciled with the House. If it’s enacted, GAO would have to produce a report within six months.
The study would be in addition to a separate report lawmakers ordered DoD itself to compile as part of the 2019 Defense authorization bill the president signed earlier this month. That directive also demanded answers about how DoD has solved the issues uncovered in the initial OT&E findings, and prohibited the department from rolling the system out at any more hospitals and clinics until it furnishes the report.
During a conference call with reporters late last month, Defense health officials said they had chosen the next four sites that will receive MHS Genesis. They include three California bases: Travis Air Force Base, Naval Air Station Lemoore and the Army health clinic at the Monterey presidio, plus Mountain Home Air Force Base in Idaho.
But they were unwilling to predict a timeline for any further deployments until the OT&E process is complete and DoD makes its next milestone decision for the overall program.
“The next wave of deployment will be the first facilities to field the standard baseline of MHS Genesis, and will benefit from the results of our optimization period as well as improvements to our training, deployment and change management strategy, all based on lessons learned,” said Stacy Cummings, the program executive officer for Defense health management systems. “We remain agile and iterative in our approach to MHS Genesis deployment, and we’re committed to identifying the right capabilities and delivering those capabilities to our customers.”
The Army has already begun to merge its cyber and electronic warfare functional areas, based on the belief that the two disciplines are so interdependent in modern warfare that they’re better-managed as one.
But that may have been only the first step. The new commander of Army Cyber Command believes that if some integration is good, more is better. He said it’s time to think seriously about absorbing other historically-distinct mission areas — or “tribes” — including information operations.
“Cyber Command was probably the appropriate term on 21 May of 2010, when Gen. [Keith] Alexander stood it up, and we stood up Army Cyber Command about a month later. But I think we’re well past that now,” said Lt. Gen. Stephen Fogarty, who assumed command of Army Cyber in May.
Fogarty told AFCEA’s TechNet conference in Augusta, Georgia, last week that he’s advocating for a rebranding along with an expanded mission set. He suggested the names “Army Information Warfare Operations Command” or “Army Information Dominance Command.”
“I think you’re going to see the same thing up at Fort Meade for U.S. Cyber Command, or at least that’s what I will advise,” he said. “Because what I’ve really tried to do is distill the lessons we’ve learned from operating in the cyber domain alongside those that are operating in the information environment. And what I’ve come to believe is that frankly, the overlap is much deeper. It’s much greater than just kind of these bumps in the night, and the next stage of this is actually bringing all of that together.”
Fogarty said his views were informed, at least in part, by the fact that existing adversaries are already combining cyber and information operations, even if they don’t have specific military doctrine or career categorizations that describe those distinctions in the way the U.S. military does.
“ISIS came on the scene very rapidly, and part of their power was their ability to hit a global audience, be able to inspire recruits, be able to make themselves look much larger than they were. And this was an instance where they use social media, they used cyber to really promote their IO message, and that was an important part of their toolkit,” he said. “What they’re able to do is actually take that narrative and as long as they can keep it alive, frankly our kinetic effects in theater will not be able to completely destroy them.”
The Army has already said that it will begin to formally integrate its electronic warfare career field (“functional area 29”) with its cyber counterpart (“functional area 17”) this year. By October, soldiers from the formerly-separate disciplines will begin training together at the same schoolhouse at the Army Cyber Center of Excellence at Fort Gordon, Georgia.
But Fogarty said the Army needs more convergence in order to quickly move through an information chain he formulates as: “Sense, Understand, Decide, Act.”
“Whoever can do this faster than their adversary will enjoy a decisive advantage. It doesn’t matter you’re the commander on an Abrams tank or an Apache helicopter or you’re a cyber defender,” he said. “I’ve got to be able to sense what’s going on in the environment, and it can’t be limited to just the cyber domain, I have to understand what’s going on in the entire information environment. Then I have to create understanding, which is very different than situational awareness: As a commander, I’ve got to understand my framework and tell you how to array your sensors.”
“We have become enamored with process, and I think it takes us far too long to act on what we’re seeing, what we understand, what we decide,” he said. “Right now, we’re in a race — and we’re in a race with pretty sophisticated adversaries. So this notion of speed is very important.”
By “sophisticated adversaries,” Fogarty means large nation states, including Russia and China, highlighting the need to also integrate the military’s intelligence capabilities with its cyber operations.
“How long did it take us to understand what the Russians did in 2016 to the elections? They were moving a lot faster than we were,” he said. “We were occupied on an adversary by the name of ISIS and the Russians were focused on an adversary called the United States of America. … We were much slower, I believe, to sense, understand, decide and act, and we cannot afford to place ourselves in that position in the future.”
The House and Senate’s final agreement on the 2019 Defense authorization bill does not go as far as abolishing the military services’ own medical commands, but it does push the Military Health System in the unmistakable direction of more centralization and less reliance on Army, Navy and Air Force-specific ways of delivering health care.
The legislation, which the House passed last week and the Senate is expected to adopt in the next few days, leaves the Army, Navy and Air Force’s respective health commands in place, but moves many of their responsibilities to the Defense Health Agency. It also gives the DHA director more authority over the operation of military treatment facilities and orders the agency to reorganize those hospitals and clinics into a new regional management structure.
“It continues to demonstrate Congress’ interest in being able to help move the MHS into a modernized health care system,” said Vice Adm. Raquel Bono, the current DHA director. “And I welcome the support and their interest in helping us move towards that integrated system of readiness and health that we’ve been working on for some time now.”
The bill sets up a new research and development organization within DHA, effectively moving the Army’s Medical Research and Materiel Command to the DHA director’s control. DoD could choose to migrate other service-specific medical research organizations to DHA, but it’s not explicitly required to do so.
Similarly, it moves the Army Public Health Command, the Navy-Marine Corps Public Health Command and Air Force public health programs in to a new DHA Public Health organization.
And although the Senate did not win over House colleagues with language that would have moved almost all of the rest of the military services’ medical functions to DHA, the bill leaves that possibility open, telling the Defense secretary to deliver a report next spring on the feasibility of setting up a new “Defense Health Command.”
In the meantime, the NDAA repeats an earlier edict that the Defense Health Agency take over the administration of the more than 400 MTFs currently run by the Army, Navy and Air Force. In its most recent progress report to Congress, DoD had requested a three-year “phased implementation” for that change, but after accusing DoD of dragging its feet, lawmakers set a new deadline of Sept. 30, 2020.
In that new administrative structure, Congress made clear that the DHA director would have absolute control of every Defense organization in the organizational chart between DHA headquarters and a military treatment facility, including the responsibility to issue performance ratings for the commanders of each hospital and clinic.
Those clinics, in turn, will be organized into three or four health “regions” — two in the continental U.S. and one or two overseas — each commanded by a one-star general or admiral.
The Senate had proposed a system of four regions in the U.S., but lawmakers acceded to DoD’s suggestion that it would make more sense to have the MTF regions aligned with the two East and West regions it uses for the contracts in its TRICARE managed care system.
“We recognize that with many of the functions that we do, particularly with health IT, there is great value to regionalizing our functions and our support,” Bono said. “It lets us scale much more quickly and be able to provide support in a broad way as we have these regionalized areas. How that final configuration will look is yet to be determined while we’re still waiting to see if this pending legislation actually does become a statute.”
Among the other new powers granted to the DHA director by the new NDAA:
Besides requiring even more centralization than what conferees agreed to in the final NDAA package, the Senate’s version of the bill accused DoD of stonewalling Congress’ previous orders to eliminate administrative overhead and layers of management in the Military Health System.
“For example, [DoD’s] plan would reduce total medical headquarters personnel by only 165 full-time equivalent positions — out of 6,400 total positions — through 2023,” members of the Senate Armed Services Committee wrote. “Clearly, the plan demonstrates that the services intend to maintain many, if not most, existing medical headquarters functions and current staffing levels while disregarding the call for innovation and efficiency included throughout the Department’s National Defense Strategy.”
The final bill omits most of the Senate’s more-incendiary language.
But in a report to Congress last month, Defense officials signaled that they agreed with at least part of the Senate’s diagnosis of the MHS’ governance problems.
“Governance continues to be based on a broad set of councils, work groups, integrated product teams and other formally-chartered working groups as well as ad hoc working groups that often require unanimous support to advance initiatives and change. These governance bodies consume a significant amount of time and personnel resources. The result is often a sclerotic decision-making process that has the effect of demoralizing staff and other stakeholders who seek to make timely improvements in MHS policy, readiness and health care delivery,” Defense officials wrote.
The Air Force’s aircraft fleet is getting on in years. One problem with that is that replacement parts are becoming more expensive and more difficult to find, since many of the original manufacturers don’t even exist anymore. But the service is launching a two-year pilot project that may help solve the problem.
As a general matter, the vast majority of the dollars the military spends on large weapons systems has nothing to do with their upfront procurement costs: 70 percent of a program’s lifecycle expenses are connected to long-term sustainment, including spare parts and maintenance-related labor.
But in the Air Force’s case, those costs are growing even larger as its aircraft fleets get older. Take, for instance, the B-52: the last new airframe of that type rolled off the assembly line in the early 1960s. And companies that are willing or capable of making replacement parts are becoming more and more scarce.
“Just in the first quarter of this year, we had 10,000 requests for parts where there wasn’t even a single bidder,” Air Force Secretary Heather Wilson said at an event hosted by the Washington Post last week. “Sometimes that’s because the company’s no longer in business — and there’s no business case for building one part.”
But there’s a vital mission case for building them. As an example, she held up a rudder trim wheel for the 60-year-old KC-135 refueling tanker, 3D-printed by airmen.
“If you don’t have it, you can’t fly, and the company that makes them is no longer in business,” she said. “It cost us about $55, including all of the engineering and everything else. If I had to go out and have [the acquisition community] set up the traditional way to do it, it would be over $700.”
The Air Force wants to find out just how regularly it can repeat success stories like that, so last week, it announced the creation of what it calls the Rapid Sustainment Office. The service says it will focus on topics like predictive maintenance and agile manufacturing.
That includes 3D printing, but also cold spray repair technologies, robotics and automation, corrosion detection and repair, nondestructive inspection, and advanced composite repair technologies. The office will start out on a two-year trial basis, but the Air Force will transition it into a permanent organization if it proves successful.
But even though the Air Force is slowly increasing its capability to make its own spare parts, the process is not always as quick or easy as it could be.
That’s because for at least some systems, the government doesn’t own the technical data rights that would tell it exactly how to manufacture parts for the systems it owns, meaning airmen have to reverse-engineer them from scratch.
“We need better laws with respect to intellectual property, because it’s a lot like the ink in an inkjet printer,” said Lt. Gen. Lee Levy, the commander of the Air Force Sustainment Center. “You can get an inkjet printer for not a whole lot of money, but you’re going to have to buy the ink year over year over year. Our procurement strategies haven’t adapted to that. And when we say intellectual property, some people believe that it’s an all or nothing proposition. We don’t want all of the intellectual property to sell it on the open market. What we really want is enough of the intellectual property that we can take care of what the nation has asked us to take care of.”
Levy said that’s especially critical when there is no commercial market to provide replacement parts for a particular weapons platform.
“Quite frankly, a lot of companies lose interest in taking care of some of these weapons systems over time,” he told a recent hearing of the House Armed Services Committee. “We collectively worry about companies who don’t want to take care of those platforms: B-52, KC-135, B-1, we could go on and on. But having that intellectual property gives us the ability to do these kinds of things without having to reverse engineer it.”
Levy acknowledged that up until this point, the Air Force has been slower than it could have been to adopt advanced technologies like additive manufacturing. That level of caution is partly because of the military’s concerns over cybersecurity, and the need to make sure the parts it prints are genuinely airworthy.
“Because ultimately, I don’t want to print this at one of my air logistics complexes. I want to send these ones and zeros downrange to Guam, where I’ve got continuous bomber presence, and I want my folks to be able to print it out right there,” he said. “And so when we develop our technical data packages, we need to do it in a way that we can ensure a cyber pedigree. If I send you those ones and zeroes, you and I both need know that the ones and zeros I sent you were the ones you got, and when you print this out, it’s exactly what you expected it to be. This is not an area where we need to be arbitrary or capricious.”
In a statement, Wilson said the Air Force is standing up the new Rapid Sustainment Office because it doesn’t want to pay premiums for parts that it could otherwise manufacture on its own.
But even if money were no object, officials think they’re going to have to become more and more reliant on their own organic industrial base to make replacement parts.
The B-52, after all, is expected to stay in the air for several more decades. And Levy said the supply chain for older platforms like that one is getting “extraordinarily brittle.”
“We’ve tended to believe that the Defense industrial base is sort of this arsenal of democracy, and that’s simply not the case anymore, particularly for sustainment,” he said. “A large number of the vendors that we buy from are single-source vendors, and in some cases we have no vendors. These are small companies with 10, 15, 20 employees, and when there’s irregular or inadequate funding, it radiates uncertainty to those small businesses, and they make decisions. When they do, there’s no 1-800 number I can call for B-52 parts. When we can’t get someone to build or make the part for us, we sometimes end up doing it ourselves, and that sometimes takes longer.”
|Jan 16, 2019||Close||Change||YTD*|
Closing price updated at approx 6pm ET each business day. More at tsp.gov
* YTD data is updated on the last day of the month.