Skip Navigation Links
Architecture
DCGS Industry Advisory Group (IAG)
Business Model Sub-group
Identity and Access Management Sub-group
SOA Implementation Sub-group
DCGS Worldwide Conference 2009
Information Assurance (IAWG)
Information Sharing

 IT Acquisition Continued 

AFEI Task Force Report: Industry Perspectives on the Future of DoD IT Acquisition 

Summary Continued

The over-arching recommendation is to institute continuous, iterative, development, test, and certification processes that drive the Commercial IT state of the art to deliver more trusted, standard, off-the-shelf building blocks.  In this model the ability to “bundle” trusted components becomes a critical unit of production.  Specific recommendations are summarized as follows:

  • Approach IT acquisition strategy as continuous “Tech Refresh” throughout system development and lifecycle.  Buy-down risk with as much pure COTS  as possible. 
  • Contractually require providers to nurture “Beta Development Communities” among operational customers.
  • Enforce two basic network architectural principles: (1) All devices must be routable nodes of Local Area Networks (LAN); (2) All LANS must be routable nodes on Wide Are Networks (WAN).
  • Invest in basic research to close COTS gaps with respect to Defense Enterprise requirements and “open source” the results.  In particular:
    • Fund COTS IT vendors to develop improved Information Assurance (IA) and Semantic Interoperability (SI) solutions
    • provide developed GOTS IA and SI components as Government Furnished Equipment (GFE) to industry at large.
  • Develop automated test, certification, and accreditation (C&A) for IA and Interoperability process based on modular risk vs. reward trust model (evaluate relative need-to-protect vs. need-to-share.) Provide reusable end-to-end security tools, templates, and policy that allow quick introduction and use.
  • Include continual post-deployment testing as an aspect of life cycle support.
  •  Categorically define “open, modular, scalable, architecture” via a suite of “enterprise ” level requirements and associated objective value-based metrics for desired operational outcomes, need-to-know vs. need-to-share, information processing efficiency, and acquisition process efficiency across an enterprise system. Use these objective metrics as basis of source selection and contracting; demand creative contracting per acquisition imperatives!
  • Create a persistent, virtual, online, service-based, enterprise Development, Test, and Certification environment including enforced cross-program workflow, i.e. federated governance.
  • Empower engineering-level government officials as Enterprise Chief Information Officers and Enterprise Chief Architects, with mandate, training, and scope-of-authority necessary to deliver enterprise capability rapidly, innovatively, and incrementally.
  • Create a living executive dashboard that informs continuously evolving acquisition policy per all the above. 

These recommendations apply equally to all Defense activity that involves IT.  Even programs that aim to develop platforms, (in this sense “platform” means military vehicles like missiles, ships, tanks, etc.) weapons, or sensors over long time frames must continuously evolve their IT components to avoid becoming obsolete before Initial Operating Capability (IOC).  

The DoD should begin implementation of the improved IT acquisition process immediately by chartering a number of independent three-year pilot projects who’s sponsors are incentivized for their own reasons to develop enterprise capability. These pilots will lead to a self-sustained persistent Development, Test, and Certification environment associated with a flourishing marketplace of “net-ready” re-useable components. 

New policy and training should follow observed successes in this pilot initiative.  New legislation should learn from the unintended consequences of previous legislation such as Goldwater-Nichols, Clinger-Cohen, and FY07 NDAA re Major Automated Information System (MAIS) reporting.  These laws have led to de-incentives for innovative behavior, and incentives for increasing bureaucracy. 

New legislation should repeal MAIS reporting requirements and incentivize the desired innovative, risk-accepting behaviors associated with successful commercial IT practitioners.   In particular, it should automate oversight processes, define and mandate an enforceable enterprise-enabling innovative role for government acquisition professionals, eliminate bureaucratic overhead, and mandate and reward specifically defined better-speed-to-better-capability.

1 | 2 |