“DoD Reporter’s Notebook” is a biweekly feature focused on news about the Defense Department and defense contractors, as gathered by Federal News Network DoD Reporter Jared Serbu.
Submit your ideas, suggestions and news tips to Jared via email.
Having acknowledged in congressional testimony a few weeks ago that the Defense Department is not doing enough as part of the now 5-year-old Federal Data Center Consolidation Initiative, Terry Halvorsen, the department’s chief information officer, now plans to be much more “prescriptive” about what each military service and DoD component must do to rein in their costs.
Speaking to reporters on a conference call Friday afternoon, Halvorsen wasn’t ready to say what exactly he’ll prescribe, but said the department nowadays is less concerned about the number of data centers it owns than how much they cost to operate. And the cost of labor is the main metric DoD will use to decide whether a particular data facility is unduly expensive.
“The biggest cost driver we have in our data centers is people, and what we’ll look at is how many people are doing what. If you still have a lot of people doing monitoring and maintenance of servers, that’s a bad use of people,“ he said. “That can be automated today, and in our efficient data centers, that’s exactly what we’re doing.”
The DoD CIO’s office has launched a survey of all of the department’s data centers to determine their costs, with labor at the forefront. Halvorsen said once he receives the breakdown of highest-cost sites, he’ll issue new policies telling the Defense components which own them to reduce their expenses.
Assuming the Army completes its planned drawdown to 450,000 active duty soldiers by the end of next year, the service will own and operate 21 percent more real estate and facilities than it can conceivably put to productive military use.
In this year’s budget presentation, officials continued the fourth year of what’s so far been a fruitless quest to use another round of base realignments and closures to reduce what they say is $500 million in annual wasted spending. But having gotten the message from Congress that there’s no BRAC round in the offing, they’re also looking for more cost-effective ways to use the land Army continues to own through a “base of the future” study, due to start later this month.
The project is partially about mitigating the BRAC dilemma, but not entirely so. In many locations, bases currently function as walled-off, self-sustaining miniature cities-within-cities for reasons that don’t have much to do with their current missions, said Katherine Hammack, the assistant secretary of the Army for installations, energy and environment, who wants to use the initiative to rethink what military bases should and shouldn’t do over the longer term.
The Defense Department is taking a serious look at overhauling its process for accrediting commercial cloud computing products as secure-enough for military use.
Among the ideas DoD is considering: Changing its security approach in a way that would give much more weight to the security techniques a company uses instead of whether one of their particular cloud offerings checks all of the security boxes in a fairly static government document.
Within the next several weeks, the Pentagon will announce a working group of DoD and industry security experts charged with improving the existing security and accreditation process for commercial cloud, the latest version of which was published in an updated security requirements guide (SRG) last month.
“I think we have reached the point where we can no longer accredit specific hardware or software, we’ve got to accredit the process,” said DoD Chief Information Officer Terry Halvorsen. “Today, if you’re fielding a cloud environment, companies like Microsoft and Amazon and Google make changes to their clouds and improve their security almost nightly. Our current process can’t sustain that. We’ve got to look at security and accreditation on a process basis, and at a certain point, maybe even vendor-by-vendor, where we would say, ‘Hey, your security process for these specific areas is good, we like it, we’re going to keep evaluating you on a yearly basis, but otherwise we’re going to accept your tools as you develop them.’ If we don’t do something like that, that we can’t keep pace, and we can’t be agile.”
Emboldened by legislation that gives the military service chiefs a bigger role in the DoD acquisition process, Gen. Mark Milley said last week that he intends to “rip apart” the plodding procurement of a new service pistol for the Army, saying it’s “ridiculous” that what ought to have been a commercial off-the-shelf acquisition has dragged on for years.
Milley, the Army’s chief of staff, said his service will arrive at decisions within a matter of weeks on a new way forward for the Modular Handgun System, which has been in the works — formally, at least — since 2011. Thus far, the estimated $580 million procurement has involved a requirements document totaling more than 360 pages and a testing process slated to take two years in order to replace the 9mm Beretta pistol soldiers have been using since the mid-1980s.
“We’re going to deliver in short order,” Milley told the Senate Armed Services Committee last Thursday. “We’re going to make it right for the soldiers and the taxpayer and make sure that we get a new handgun. The system’s been very frustrating in the sense of lots of paperwork, lots of bureaucracy, ridiculous amounts of time: two years of testing and $17 million to do a test. We’re just ripping that all apart and we’re going to make it better.”
Milley did not specify exactly how the Army would adjust this particular procurement, in which vendors were asked for their final proposals by Feb. 12.
As of last week, all of the Defense Department components that fall under the direct control of the Office of the Secretary of Defense (OSD) are barred from hiring any new civilian employees.
On first blush, it’s a drastic step — a measure DoD hasn’t taken since 2013, when sudden budget cuts also forced temporary furloughs for most of its existing workforce.
Indeed, normally when a government agency orders a hiring freeze, it’s a brute-force method to reduce staff size and cut personnel costs immediately. But this time around, Robert Work, DoD’s deputy secretary, is using the freeze to compel Defense organizations to fall in line with a “delayering” initiative he first ordered last July. As soon as they do that, they’ll be free to hire again.
The order applies to most of the “fourth estate,” a term, that in this context, refers to offices outside the three military departments. All Defense agencies, for instance: the Defense Information Systems Agency and the Defense Logistics Agency are affected, as are all “field activities,” a catch-all term for about a dozen large OSD offices that include Washington Headquarters Services, the Defense Technical Information Center and the DoD Education Activity.
Within the next month, the Navy expects to issue a request for proposals to support a new concept it’s calling the “Cloud Store.” As the name suggests, the idea is to let Navy commands easily choose from among several commercial cloud service providers once they’ve drawn up a solid business case to move a given application out of government data centers, without having run the twin gauntlets of procurement and security approval each time.
As of this month, the store is officially up and running. During the initial rollout, there’s only one product on the shelf: Amazon Web Services (AWS). But the Navy plans to make awards for a 2.0 version of the store by the end of this year. If all goes according to plan, the Navy will have several different commercial cloud providers on contract and pre-approved to handle applications at security levels up to the most sensitive categories of unclassified data, Erle Marion, the commercial cloud computing lead within the Navy’s Data Center and Application Office (DCAO) said in an interview on Federal News Radio’s On DoD.
When Peter Levine, the Defense Department’s deputy chief management officer, was challenged at a House subcommittee hearing last week on what he’s doing to improve the department’s less than stellar track record for deploying business IT systems, he began by disputing the premise of the question.
“We don’t have a not-stellar record, we have a horrendous record,” he said. “I think that of all the things the department does badly, that’s one of the things we do the worst.”
Levine, a former longtime Capitol Hill staffer who’s been on the job as DCMO since last May, offered a fairly clear diagnosis that boils down to a too-many-cooks-in-the-kitchen problem: His office is in charge of overseeing and approving spending on business systems, the DoD chief information officer certifies the technical bits, but the Pentagon’s acquisition apparatus, in the end, calls most of the shots that drag out systems’ schedules and make them more expensive than necessary.
Top officials from the Department of Veterans Affairs will meet this week with leaders from several leading veterans’ service organizations, seeking common ground on a legislative proposal that would overhaul the appeals process for veterans’ compensation claims.
In budget testimony last week, VA officials told lawmakers the appeals process set in federal law is “archaic and unresponsive.” But they want the buy-in of veterans’ advocacy groups before they send Congress any formal plan to streamline the process.
“We’re gonna lock everybody in a room, we’re gonna slip food under the door and no one’s coming out until we have something written down that everybody agrees with and that you can pass immediately,” Secretary Bob McDonald told the House Appropriations Committee last week.
VA’s Veterans Benefits Administration (VBA) has made notable progress in cutting its backlog of initial compensation claims, from a peak of 611,000 in 2013 to 81,000 as of last week, including by hiring more claims staff and requiring them to work mandatory overtime. But the appeals process, handled by the separate Board of Veterans Appeals, has gotten comparatively little attention.
VA defines a backlogged claim as one that’s kept a veteran waiting more than 120 days for a decision.
But days aren’t a useful yardstick for measuring the wait time involved in the appeals process: The average delay is currently five years, and for many veterans, it’s much, much longer.
Last week, the Defense Department announced it would be launching the federal government’s first-ever “bug bounty,” banking on the idea that there’s a nascent community of white hat hackers that’s been itching to help the Pentagon with its cybersecurity challenges but hasn’t been able to until now.
In the first go-round of the Hack the Pentagon challenge, officials will ask pre-registered security experts to attempt to infiltrate one of DoD’s public websites and report back on any vulnerabilities they find in exchange for cash prizes. But a senior Defense official, who outlined some aspects of the program for reporters on condition of anonymity, said DoD wants to expand the same concept to effectively crowdsource the process of penetration testing for myriad other Defense systems.
“We see this growing into something that we can use as a much bigger tool to help make our systems more secure, not only for the Department of Defense but for the broader federal government. Because of that, we need to test this approach on a live system,” the official said, adding that DoD sees the effort as part of Secretary Ash Carter’s Force of the Future Initiative.
The Defense Department has been publicly pushing the military services to make cybersecurity a job for their entire rank-and-file information technology workforces, not just employees with “cyber” in their duty titles. The Navy Department just took a few big steps in that direction, including by making clear that military members and civilians can be reassigned or dismissed from government service altogether if they don’t stay current on their cyber defense training.
An instruction signed by Navy secretary Ray Mabus on Feb. 10 and posted publicly last week makes several updates to how the Navy and Marine Corps manage their IT workforces, including by getting local commanders more involved in monitoring the qualifications of their own people.
Commanders at all levels will have to delineate precisely which positions under their charge meet the Navy’s new definition of the “cyberspace information technology workforce.” The definition is extremely broad: “Personnel who design, build, configure, operate, and maintain information technology, networks, and capabilities.”