Through a system once known as contract court and now called Services Requirements Review Boards (SRRBs), the Defense Department is looking to cut 10 percent of its spending on contracted services within DoD’s “fourth estate” this year.

In fiscal 2016, all of the DoD elements outside the military departments, including the Office of the Secretary of Defense and the Defense agencies, are going through SRRB process for the first time. The boards are meant to unearth and scrutinize every service contract worth $10 million or more, ask whether there’s still a valid requirement for that contract and whether the money could be better used elsewhere within the same organization.

(more…)

While the Defense Department has made some strides over the past year in simplifying the way it buys cloud computing services, individual DoD components are still, to a large extent, on their own when it comes to picking a provider and shepherding them through the military’s security approval process. The Navy hopes to change that beginning next month with a managed service it’s calling its “Cloud Store.”

Version 1.0 of the store will have a decidedly limited selection: its catalog will include just one provider, Amazon Web Services, leaning on an existing contract the Navy’s Space and Naval Warfare System Command already holds with AWS.

But by the end of this calendar year, the Navy says it will open a 2.0 version that will feature multiple infrastructure-as-a-service providers and let Navy commands quickly sign up for services that are pre-authorized to handle information up to what DoD defines as “impact level 5” — one step below classified data.

(more…)

Anyone who’s attended a cybersecurity conference over the past five years has heard numerous government speakers proclaim that this is the year in which we’re going to get rid of usernames and passwords for federal IT purposes. Passwords, after all, are relatively easy to steal, and human nature being what it is, some system administrator somewhere uses the same password to order pizza and to log into a national security system.

But the Navy appears to be extremely serious this time. A message to the fleet dated Feb. 5 says administrators of all unclassified systems have only one week left to implement two-factor authentication using Common Access Cards, DoD’s implementation of the personal identity verification (PIV) credentials that President George W. Bush first ordered agencies to roll out with Homeland Security Presidential Directive 12 back in 2004.

(more…)

When U.S. Transportation Command transitioned a nearly $1 billion contract to move service members’ vehicles around the world to a new company a year and a half ago, seemingly everything that could have gone wrong actually went wrong. Hundreds of personally owned vehicles were temporarily lost, others were damaged, destroyed or improperly stored. Now it appears TRANSCOM also made up to $162 million in improper payments to its new vendor.

The estimate comes from a newly-released DoD inspector general report in which auditors say TRANSCOM and its subordinate Army Surface Deployment and Distribution Command maintained an ongoing stream of payments to the vendor, International Auto Logistics, even though many of the firm’s invoices lacked basic, required information like invoice numbers, payment terms and total dollar amounts.

(more…)

When the Army launched its first Network Integration Evaluation (NIE) back in the summer of 2011, the idea was to use actual soldiers from a brigade combat team to test and evaluate a lot of new tactical IT systems all at once in Texas and New Mexico, making sure the systems played well together and were easy for soldiers to use before sending them into live fire situations in Afghanistan.

The concept has proved to be fundamentally sound, says a new report from DoD’s Office of Operational Test and Evaluation (DOT&E), but the Army has a long way to go before it can credibly say its tactical networks are soldier-friendly.

“Network components, both mission command systems and elements of the transport layer remain excessively complex to use,” the office wrote in its annual report to Congress last week. “The current capability of an integrated network to enhance mission command is diminished due to pervasive task complexity. It is challenging to achieve and maintain user proficiency.”

(more…)

The Defense Department group in charge of fighting improvised explosive devices entered its fourth incarnation last week. It’s been known as JIEDDO —the Joint Improvised Explosive Device Defeat Organization — for most of the past 10 years, though it started out as a humble Army task force. Lately it’s been the Joint Improvised-Threat Defeat Agency (JIDA), and now it will become the Joint Improvised-Threat Defeat Organization (JIDO).

The latest reshuffling of the organizational chart is born out the current concerns among members of Congress that once DoD creates new bureaucracies they can never be shut down. The Pentagon’s earlier decision to turn the former JIEDDO into JIDA last summer raised alarm bells on Capitol Hill because it created a brand new member of the “fourth estate” — the combat-support agencies and field activities that lie outside the military departments, each with their own command structure and staffs.

(more…)

In the days after the Office of Personnel Management announced that hackers had stolen the security records of nearly 22 million feds, former feds, would-be feds and government contractors, the fact that those records had not been encrypted was one of the many points detractors used to heap scorn on OPM.

Encryption is coming, although no one can quite say when. As part of the Defense Department’s role in building a new IT system for background investigations, it will encrypt the data it handles with techniques appropriate to a national security system, officials said Friday during a hastily arranged pre-blizzard conference call.

(Federal News Radio reporter Nicole Ogrysko has a top-notch writeup on the broader security clearance reforms and the standup of a new National Background Investigations Bureau.)

Although the new NBIB will report to the director of OPM, the office of the DoD chief information officer will be in charge of IT security, with the Defense Information Systems Agency handling most of the legwork and contracting to build and run the eventual IT system.

(more…)

The Defense Department and its military services spend several billion dollars each year to build and maintain massive enterprise resource planning (ERP) systems dealing with everything from logistics to human resources and finance. Some of that spending over the years has been, shall we say, unproductive.

At least some of the department’s ERP costs have been driven by duplicative hardware and other infrastructure investments, and the Defense Information Systems Agency thinks it can help. It’s building an ERP “center of excellence” to advise the military services on how to share computing resources between the massive systems — a task that makes sense for the agency, given that the Army and Air Force have already made the decision to transition several of their large programs to DISA’s data centers and stop hosting them separately.

(more…)

Remember the REAL ID Act? If not, you could be easily forgiven. Implementation of the 2005 law — one of the federal responses to the 9/11 attacks — has been delayed and recalibrated over fights about undue encroachment of federal power so many times over so many years that the law, so far, has impacted almost no one.

But people who hold drivers licenses from the handful of states that have not yet complied to the law’s strictures are now being denied entrance to military bases. Licenses from Minnesota, Illinois, Missouri, New Mexico and Washington are no longer valid identification at DoD facilities. For most people who work at those facilities, it’s a moot point since they have separate DoD-issued ID cards. But vendors and other visitors are now being turned away, Defense officials say.

(more…)

The Air Force has just declared full operational capability on its first-ever cyber weapons system.

This is important for a couple reasons. First, it’s not an early prelude to Skynet, as far as we can tell. Second, semantics are important here: designating a piece of information technology as a “weapon” is a very conscious strategy to deal with the Pentagon’s planning and funding processes, even if said system will never attack anyone or anything.

(more…)