Securing our nation from cyber threats requires identifying and addressing the root causes of our vulnerabilities.  One such cause is the defense procurement process, which is hallmarked by delays and under inclusiveness.  The Department of Defense and Congress must work together to speed up the process and allow additional players in the game in order to acquire advanced technology to effectively fight the digital war that is now upon us.

Defense procurements are intended to provide the necessary tools for the military to execute its mission of defending freedom in the real and virtual world.  But before these tools can be placed in the hands of the end user, the defense department must lead a multiyear procurement process.  The process typically involves three key elements: requirements development, industry engagement in a series of sterile forums, and an appropriation by Congress allowing a request for proposal (RFP) to go forward.

ADVERTISEMENT

While it historically led to modest success for standard vehicles or floating platforms, this process is unfit for the digital age.  This is because the morphing of cyber attacks and the evolution of the technology used to prevent them far outpace the procurement process’ creep.  As the purchase cycle plods on, the product being acquired becomes obsolete, and modifications must be inserted into the products requirement.  Modifying the product can delay the process by months and sometimes even years.  Moreover, sequestration led to increased scrutiny of RFPs for jumbo procurements.  If the RFP does not pass muster, a mid stream requirement change will be issued, setting a program back.  While the beefed up review and approval process is undoubtedly important, it is also time consuming and unpredictable.

To be a legitimate bidder in the procurement process a company must commit millions to the research and development necessary to engineer a solution.  The result is only a limited number of players have the overhead to compete.  Moreover, winning a bid requires Washington insider insight and know how.  Would-be contractors must understand the intricate labyrinth that is DoD, knowing who and when to call, what websites and forms to use, etc.  Moreover, they must be equipped to spend years lobbying the government to shape its requirements to match technology in the company’s portfolio.  These barriers to entry make the procurement process unwelcome and undesirable to newcomers.  This is exceedingly problematic because in the digital age the companies that can offer the most advanced solution cheaply and quickly are frequently not the big five defense contractors but instead are small and innovative firms in Silicon Valley—often startups.

One silver lining is the recently announced Better Buying Power 3.0.  With Under Secretary of Defense for Acquisition, Technology, and Logistics Frank Kendall at the helm, DoD plans to realign Internal Research and Development (IRAD) spending.  The proposed realignment calls for DoD to take on a gatekeeper role over IRAD spending, with an eye towards increasing and improving engagement between the Department and defense contractors regarding the DoD’s upcoming needs.  This makes good sense, as there is currently a communication gap that leads to a guessing game in which companies devote millions of dollars to develop products the DoD does not actually need and then—in an attempt to avoid losses—devotes enormous efforts to convincing the DoD it should purchase them anyway.  Everyone would benefit from a more rigorous IRAD investment process that allows the defense contractors to better understand their customer—the DoD—so they can provide the best possible product in a timely manner.  Not only could millions of dollars be saved, better and broader communication about the DoD’s forecasted cyber requirements would reduce the need for lobbying and insider information.  Most importantly, the increased efficiencies would contribute towards protecting us all from cyber threats.

The reform of Better Buying Power provides an opportunity to increase DoD’s engagement with small, innovative companies.  Silicon Valley executives already serve as trusted advisors on the digital warfront, but their expertise could also be harnessed to develop products and systems for the government.  Under Secretary Kendall should use the realignment process to pull Silicon Valley’s finest into the procurement fold, assuring they are informed of DoD’s future requirements and that Department personnel are available to serve as envoys to tech companies as they navigate the complexities of the procurement process and the inner workings of DoD.

Comprehensive cyber reform is a complicated problem for which there is no silver bullet.  However, finding ways for the procurement process to keep pace with ever evolving threats and technology and to be welcoming to non-traditional players is an essential piece in the complicated puzzle of protecting America from cyber threats.

Norton is a homeland-security and public-safety policy expert. He has served as a senior defense-industry executive and as deputy assistant secretary of the U.S. Department of Homeland Security in the Office of Legislative Affairs. He is an adjunct professor at Johns Hopkins University, teaching courses on cyber, homeland security and the legislative process. Follow him on twitter @jamesnorton99