Once again the federal technology community was left flabbergasted and wondering “why?” from a decision by the Defense Department around cloud computing.
This time it’s the Defense Information Systems Agency, which — until it suddenly changed its mind late on Friday — had made a decision that left us all questioning the initial rationale behind yet another cloud acquisition program.
DISA, which receives mostly high marks from industry for its inclusiveness and openness to innovation, decided to do the exact opposite. It initially wanted to limit responses to a request for information for a cloud program office only to 14 large and 23 small vendors on its Systems Engineering, Technology, and Innovation (SETI) vehicle.
But pressure by three industry associations and other experts convinced DISA to change its mind and let other companies beyond those 37 submit RFI responses.
Insight by Micro Focus Government Solutions: Learn from agency and industry executives as they explore why protecting data requires a comprehensive approach involving every part of the IT chain – people, policy, infrastructure and applications in this exclusive executive briefing.
“We appreciate DISA’s swift response and resolution,” said Megan Petersen, ITI’s senior director of policy, public sector and counsel, in a statement to Federal News Network. “We look forward to submitting comments to this important effort on behalf of ITI’s members. We encourage DISA to provide additional opportunities for ITI and the broader tech industry to share perspectives on buying cloud and other innovative technologies.”
Before the change of heart, ITI, the Alliance for Digital Innovation and the Internet Association wrote to DISA questioning its decision to limit RFI responses.
“As trade associations representing hundreds of global technology companies—including major cloud service providers—we are in a unique position to offer valuable perspective regarding DoD’s questions,” the Jan. 27 letter stated. “By polling our diverse members and consolidating responses, we can provide DoD with significant market intelligence. To ensure DoD’s market research is comprehensive, we encourage the government to publicly post this RFI and allow companies and trade associations with relevant experience and insight to contribute responses to this important effort.”
DISA released the RFI to the SETI contractors in early January seeking feedback on creating a Cloud Computing Program Office (CCPO) “to streamline contract processes to enable the DoD to procure cloud IT professional services within weeks instead of months from the identification of requirements. This RFI is seeking information regarding all methods and approaches — and feasibility — to shorten procurement timelines and to simultaneously support agile contracting practices.”
To some, that RFI is the future embodiment of the JEDI — the Joint Enterprise Defense Infrastructure — program. DISA is asking 11 questions about the current and future approaches to buying cloud services, conducting market research and developing requirements.
The industry groups questioned why DISA would just go to this small group of contractors for information rather than a broader, and even non-traditional, set of companies.
One industry source, who requested anonymity because they were worried about impacting their relationship with DISA, said it’s unclear why the agency started with a narrow group.
“After the first RFI, you never see an agency open it up wider after hearing from that first group,” the source said. “You usually start wide and go narrower once you figure out what is possible. If this is the first step, it will lead them further away from market leaders and the best companies out there.”
Before DISA reversed course on Friday, its answers to questions about the RFI provided limited insight into its rationale.
A DISA spokesperson said the reason to go only to the SETI contract holders with the RFI is to gain perspective from innovative, and even some non-traditional, contractors.
“We will conduct an analysis after responses are received to determine the next steps in conducting market research, if required. This reflects our overall strategy of approaching the effort in an iterative fashion,” the spokesperson said. “The recent RFI is only a first step in conducting market research to identify viable paths to accelerate the acquisition of cloud professional services so that mission partners can acquire the necessary technical support to migrate and operate in various cloud environments. DISA is starting with targeted market research under the SETI contract vehicle and, after analyzing the information, will determine the next iteration of market research required for this endeavor.”
But if you look at the SETI contractor holders, particularly the unrestricted group, the list is mostly a who’s who of vendors: IBM, Northrop Grumman, Leidos, Booz Allen Hamilton and Deloitte. It’s harder to tell if the SETI small business awardees are where DISA is referring to asking non-traditional contractors, but it’s hard to imagine these vendors are on the cutting edge if DISA is trusting them to be a part of a contract with a ceiling of $7.5 billion.
The other concern that some in industry raised about using only SETI contractors is how can DISA protect itself from potentially having a conflict of interest in the future solicitation to set up the program office? Many of these contractors have relationships with cloud providers and even if DoD finally comes to its senses and makes multiple awards under JEDI, there will be no way to isolate the people who run the program office from the folks who support the implementation of cloud services from Microsoft, Amazon Web Services and other providers.
The DISA spokesperson didn’t directly address the conflict of interest concern except to say there are regulations and policies that prohibit those kind of actions.
“The recent RFI is only a first step in conducting market research to identify viable paths to accelerate the acquisition of cloud professional services so that mission partners can acquire the necessary technical support to migrate and operate in various cloud environments. The market research effort will continue to iterate as information is analyzed,” the spokesperson said.
DISA offered no details on its timeline for the next steps to eventually create a cloud program office solicitation.
John Weiler, the executive director of the IT Acquisition Advisory Council, said too often DoD makes this kind of mistake by limiting market research. He said it’s a main reason for many of DoD’s IT failures. He said narrowing input from knowledgeable sources increases the risk of missing out on true innovation.
The JEDI program is often held out as an example of failed market research, despite DoD conducting extensive conversations with industry. The concern remains that DoD had an end goal in mind so the industry days and other feedback were mostly for show.
Speaking of JEDI, DoD seems to be more open than ever to reconsidering its path forward. In a report to Congress, which DoD provided to the press, it says should it lose one part of AWS’s JEDI protest before the Court of Federal Claims, the Pentagon may need to look at alternative paths.
DoD told Congress that if the court denies its motion to dismiss AWS’s claims of improper influence, the complexity and length of time of the case “might bring the future of the JEDI cloud procurement into question. Under this scenario, the DoD CIO would reassess the strategy going forward.”
This is the first time DoD has broached the topic of reassessing the JEDI strategy.
Even if the court dismisses AWS’s claims of improper influence, DoD says work on JEDI would remain paused for at least four or five more months while the rest of the case is litigated.
The fact DoD is even open to rethinking its JEDI strategy is a significant change to the entire conversation that we’ve had over the last three-plus years. Let’s hope DISA is paying attention to how the battleship is starting to turn and maybe it can realize the shortcomings of its cloud program office strategy more quickly.