“DoD Reporter’s Notebook” is a biweekly feature focused on news about the Defense Department and defense contractors, as gathered by Federal News Network DoD Reporter Jared Serbu.
Submit your ideas, suggestions and news tips to Jared via email.
Saying the Army has dragged its feet for too long in implementing its share of the now seven-year-old Federal Data Center Consolidation Initiative, Army Secretary Eric Fanning has issued highly detailed orders to three-and-four star generals in the Army’s headquarters and functional and geographic commands, telling them precisely what must be done to close 60 percent of the service’s 1,200 data centers by the end of 2018 and 75 percent by 2025.
The 88-page directive lays out in exquisite detail which centers must be closed and by what date, lamenting that the Army is devoting too much of its $8.3 billion IT budget to systems, applications and brick-and-mortar server facilities it does not need.
The end objective is to move the vast majority of the Army’s systems to one of three environments: the Defense Information Systems Agency’s enterprise computing centers, commercially-run cloud services or a handful of regional Army Enterprise Data Centers (AEDCs) that the service will continue to own and operate.
“Progress in system and application virtualization and rationalization has been slow, and our data center closure and consolidation efforts have come to a virtual standstill,” Fanning wrote. “We can no longer afford the luxury of unconstrained IT expenses nor accept the risk to the Army and the nation posed by cyber threats directed against Army capabilities.”
The same memo gives Army commands until the end of January to migrate their desktop and laptop computers to Windows 10, a target that was previously established by the DoD CIO but that the Army has had a difficult time meeting.
In what appeared to be a response to industry complaints that new Defense Department rules would disincentivize companies from embarking on new research projects on their own initiative, the Pentagon is developing a new web portal to make it easier for firms to let the government know about their independent research & development (IR&D) activities.
At issue is a final rule DoD published in November. Reasoning that the government needs more insight into the more than $4 billion in reimbursements it issues to contractors for IR&D projects each year, DoD required large firms to hold a “technical interchange” with at least one DoD official before starting work on a R&D project — at least if they wanted to be reimbursed for their allowable costs.
But among other complaints, contractors said the process left them at the mercy of the government and its employees’ ability and willingness to meet with vendors.
Under a new process Frank Kendall, the undersecretary of Defense for acquisition, technology and logistics, outlined in a memo last week, contractors will be able to use a web tool at the Defense Innovation Marketplace to enter a description of the project they’re planning. DoD will then forward the information to the appropriate officials, who will then respond with a dated letter acknowledging they’ve been made aware of the company’s plans.
The Air Force is standing up a new, full-time office dedicated to protecting its weapons systems from cyber attacks.
The Cyber Resiliency Office for Weapons Systems (CROWS) was born from the notion that even though a modern jet fighter is essentially a flying network of computing systems that’s vulnerable to cyber threats, it’s an exquisitely customized one that doesn’t quite fit the procedures the government usually employs to protect its traditional IT systems.
“The cyber threat is more than just network intrusion or traditional malware — it also affects our weapon systems and presents a clear and present danger to successful mission assurance,” Dennis Miller, the new office’s director, said in an Air Force statement.
CROWS will be based at Hanscom Air Force Base, the Massachusetts installation that hosts the service’s Lifecycle Management Center (AFLCMC). It will be staffed by subject matter experts from across the Air Force, including personnel who’ve traditionally been in charge of thinking about up-front systems engineering for new platforms, operation and maintenance of weapons systems and long-term sustainment.
The new “horizontally-integrated” organization reached initial operating capability on Dec. 21.
Almost exactly one year ago, Defense Secretary Ash Carter rebuked his Navy secretary, Ray Mabus, for submitting budget plans that Carter believed put too much emphasis on quantity over quality. Mabus evidently hasn’t been persuaded: the final force structure assessment prepared under his watch calls for a significantly bigger fleet than the Navy’s own growth plans called for two years ago.
The 2016 update to the Navy Force Structure Assessment, sent to Congress last week, asserts the service needs a fleet of 355 ships in order to adequately perform its missions. That’s a big change from the 2014 plan of 308 ships the Navy has been building toward.
Importantly though, officials fully acknowledge that the bigger Navy would be too expensive to fit within the governmentwide budget caps that have been in place since 2012 and will remain through 2021 unless Congress eliminates or raises them.
The Navy said in a statement that the new force structure assessment “was not constrained by Budget Control Act funding levels” but insisted that “if funded, this plan is executable, as each ship class called for in the FSA has an active shipbuilding line already up and running.”
The new assessment calls for growth in several areas compared to the prior plan, most notably, 12 aircraft carriers instead of 11, 104 large surface warships instead of 88 and 66 attack submarines instead of 48.
First there was the U.S. Digital Service, then the Defense Digital Service. Now the Army says it’s becoming the first of the military services to launch a digital service “outpost” and wants a dedicated team of technology experts from outside the government to tackle its own problems.
Like USDS and DDS, the new Army Digital Service wants to hire employees on a term-limited basis —anywhere from three months to two years at a time — to tackle information technology challenges it hasn’t solved on its own. Officials offered few details about what projects the team will work on or how many staff members will be dedicated to the Army, but said the parent organization, the Defense Digital Service, has about two dozen employees and plans to hire about 20 more in the coming months.
“We have an almost unlimited target set of problems where we want some help,” Army Secretary Eric Fanning said at a New York kickoff event Friday afternoon. “I know the other military services are talking about doing the same thing because there’s so much potential in this model in an area where we have so much to do. What we can guarantee you is that you’ll be working on projects around an incredible mission, and you will have a significant impact, and you’ll have impact quickly and noticeably.”
The existing Defense-wide digital service has already worked on several fairly high-profile projects since Defense Secretary Ash Carter announced its standup a year ago, including an overhaul of the aging Defense Travel System military employees use to book airfare and hotels, speeding up the development of the next generation of GPS control systems, and the Hack the Pentagon challenge, the government’s first bug bounty.
As part of the response to two massive data breaches involving systems at the Office of Personnel Management, the federal government decided to put the Defense Department in charge of building a new information technology backbone to house and process all of the data involved in security clearance investigations, one that would be safer from foreign attacks.
As one way to achieve that goal, the Defense Information Systems Agency, the lead agency in charge of the IT development, is considering opening up the National Background Investigation System’s underlying source code to the general public as soon as it’s fully baked. The theory is that it’s far better for white-hat hackers to find and help squash security bugs before the new system comes online than for bad-guy hackers to discover and make use of them to steal yet another batch of data.
Maj. Gen. Sarah Zabel, DISA’s vice director, said the idea was first proposed to her agency by the Defense Digital Service.
“I’ll confess, I was horrified when I first saw the suggestion,” she said. “My reaction was, ‘No, you can’t tell everybody about the business logic in our systems.’ Then I started thinking about it. Why not? The business logic isn’t the secret, it’s the underlying data, so let’s put the source code out there,” Zabel said last week at AFCEA NoVa’s annual Air Force IT day. “We’ve identified a couple of programs within DISA where as soon as the software development is done, we’ll publish the source code and we’ll do a bug bounty on that.”
To do so, DISA will leverage the indefinite-delivery-indefinite-quantity contracts DoD issued in the second phase of its Hack the Pentagon initiative earlier this year.
Advocates and defenders of the federal bid protest process received some welcome news last week as part of the House-Senate agreement on this year’s National Defense Authorization Act. The final deal stripped two key Senate provisions that were seen as hostile to the protest process.
In a major reversal from the Senate’s earlier position, NDAA conferees agreed to give the Government Accountability Office permanent jurisdiction to hear and decide bid protests of any task order worth more than $10 million. GAO’s earlier authority to hear challenges to individual orders on major multiple-award contract vehicles like Alliant, EAGLE 2 and OASIS was only temporary, and lapsed entirely at the end of September.
Meanwhile, the Senate passed a standalone bill on Wednesday that would do much the same thing, granting GAO permanent jurisdiction over civilian agency task orders. The bill went to President Barack Obama for his signature after earlier passage by the House.
“This is a common-sense policy that I am thrilled to see pass the Senate,” Rep. Mark Meadows (R-N.C.), one of the bill’s sponsors said in a statement. “In the federal government’s issuing of contracts, transparency and fairness are always standards we should strive toward, and we are now one step closer to updating our laws and ensuring that civilian award protests can continue.”
GAO already had permanent authority to hear protests to task orders on Defense Department contract vehicles; in this week’s NDAA agreement, Congress moved to increase the threshold for those protests to $25 million.
Last week’s House-Senate agreement on the 2017 Defense Authorization Bill contained about 100 provisions dealing with acquisition — not all of which we’ll even attempt to summarize in this space. But several were built around a common reform theme Congress began in last year’s bill, attempting to reform the acquisition system to suit a world in which leaders of the Defense committees believe that most innovation is happening in the commercial sector.
Besides restructuring and bifurcating the large front office that’s currently responsible for both acquisition and R&D, the bill adds several new authorities that build on last year’s trend of letting DoD sidestep the traditional acquisition system.
“The national security problem starts from the fact that we no longer drive research and development,” Bill Greenwalt, a senior Senate Armed Services Committee staffer, said at an event hosted by the Center for a New American Security last week. “We reformed the system 20 years ago to try to access commercial items, but it’s not as agile as we would like it to be. It’s risk-averse, it’s compliance-oriented, and it’s optimized to win the Cold War against an adversary that thought in five-year plans.”
For starters, Congress wants to reinforce the authority DoD already has to conduct streamlined acquisitions with commercial companies under Part 12 of the Federal Acquisition Regulation and encourage the military to use commercial items wherever possible.
The expected nomination of retired Marine Corps Gen. James Mattis to become secretary of defense differs from other future cabinet nominees in one major respect: Both the House and the Senate would have to advise and consent, since his confirmation depends on a one-time change to federal statutes that require military officers to have been retired for at least seven years before becoming the civilian leader of the Pentagon.
But early reactions from Democratic officeholders who would be in a position to oppose a waiver of that sort seemed to suggest a relatively easy path for Mattis. Some were plain and simple endorsements; others amounted to strong statements of support for his fitness for the job, mixed with some unease about compromising principles of a civilian-controlled military.
“He has proven himself a capable leader on the battlefield and earned a reputation for the kind of strong organizational skills necessary to run the Pentagon and oversee the finest military in the world,” said House Majority Whip Steny Hoyer (D-Md.), the House’s number-two Democrat. “I congratulate him on his appointment, and I also look forward to welcoming Gen. Mattis to military installations throughout Maryland after he is confirmed.”
In her written statement on the nomination, House Minority Leader Nancy Pelosi (D-Calif.) harshly criticized Defense and military-related statements President-elect Donald Trump made on the campaign trail, but made no suggestion that Mattis would face serious opposition.
Several key GOP members of Congress began to weigh in this weekend with strong disapproval over suggestions that Adm. Michael Rogers, the director of the National Security Agency and commander of U.S. Cyber Command, may be fired during the final weeks of the Obama administration.
In a statement Saturday, Rep. Devin Nunes (R-Calif.), the chairman of the House Intelligence Committee, said he had asked Defense Secretary Ash Carter and National Intelligence Director James Clapper to testify about why they’d recommended that the President remove Rogers in October, citing a report in the Washington Post.
“Since Adm. Rogers was appointed as NSA director in April 2014, I have been consistently impressed with his leadership and accomplishments,” he wrote in a letter giving Carter and Clapper until 5 p.m. Monday to offer dates on which they’d be able appear before the committee.
Nunes is also a member of President-elect Donald Trump’s transition team, and Rogers reportedly is under consideration by the Trump team to be the next Director of National Intelligence after having met with the President-elect late last week without disclosing the meeting to the current administration or the military’s chain of command.
But Sen. John McCain (R-Ariz.), the chairman of the Senate Armed Services Committee, who withdrew his endorsement of Trump in the waning days of the presidential campaign, also expressed displeasure about Rogers’ potential removal.
“Any suggestion that Adm. Rogers should be fired is certainly unwarranted,” McCain said Sunday, adding that the admiral has his full confidence. “He is an officer, a professional, and a warrior of the highest caliber. All too often, Adm. Rogers and the forces he leads have struggled to perform their mission because of the administration’s inability to formulate a clear cyber strategy and provide sufficient authorities.”