At one time, the Department of Defense (DoD) was the engine for the United States’ development of innovative technologies. Today, the commercial sector has displaced the Pentagon. This is particularly the case with respect to information technologies, software, cloud computing artificial intelligence, machine learning, and advanced computer design.
This is why leading defense experts and technology leaders have been pressing DoD to rely more on commercial technologies whenever possible. But to do so, the Pentagon will have to figure out how to make its acquisition system faster and more adaptable in order to dovetail with the rapid pace of generational cycles in private sector IT. In addition, DoD will need to secure commercial platforms, operating systems, and networks.
For several decades following the end of World War Two, DoD was the source of the technological dynamism that not only maintained U.S. military preeminence but created entirely new technologies that are today worth trillions of dollars, including GPS, computers, the Internet, nuclear power, and virtual reality. The Pentagon not only led the way when it came to the development of advanced technologies but did so rapidly. Some amazing inventions, such as the U-2 high-altitude reconnaissance aircraft, were developed in a matter of months based on a contract that was only a few pages long.
But since the end of the Cold War, the U.S. military has seen its technological preeminence erode. Adversaries have invested heavily in capabilities specifically designed to counter areas of perceived U.S. and Western military advantage.
In addition, the locus of technological innovation has shifted from the government to the private sector. Investment by private industry in advanced technology is significantly greater than the dollars available in defense R&D. Moreover, the commercial environment is able to move faster than the government.
It is clear that if DoD is to re-establish military preeminence, it must do a better job of accessing commercial technologies. In order to do so, its military acquisition system must become more agile. It must act to conform the acquisition process to the shorter timelines and faster cycle times of the commercial world. According to three former senior DoD officials:
“In a time when the ‘refresh cycle’ of advanced capabilities is so fast, the American national security enterprise needs to move rapidly to stay ahead of competitors and adversaries. This means moving at the speed of the commercial world and devising new means of pulling commercial technology into public sector systems.”
At the same time, the Pentagon has taken important steps to access non-traditional technology providers and to speed up acquisition timelines. The Office of the Secretary of Defense and each of the Military Services have created offices precisely to enhance innovation by accessing commercial technologies and encouraging non-traditional suppliers to work with the military. In addition, the Pentagon now uses easier acquisition procedures under the Other Transactional Authority (OTA). The Army went even further, creating Army Futures Command expressly for the purpose of rapid modernization.
But despite these initiatives, DoD is still struggling to adapt its acquisition process, contracting methods, and security protocols to take advantage of what the commercial sector can offer. One recent report described DoD as an “innovation tourist,” flitting from one innovative technology area to another. Many commercial technology companies interested in working with DoD are discouraged by the still ponderous acquisition process and the lengthy periods of time between initial R&D funding and the release of an actual production contract.
While DoD can talk the talk, saying it wishes to operate the same way as the private sector, it takes too much time to actually adopt commercial technologies. In addition, the Pentagon dictates changes that drive up cost and risk to the vendor. If DoD really wants to take advantage of commercial markets, it needs to accept what vendors are building.
Acquisition timelines remain stubbornly long, particularly for software and cyber products, which can evolve in a matter of months. To receive funding in a given budget year, the bureaucratic process must begin two years earlier. A capability in the budget for FY2023 means fielding at the earliest in FY2024, more likely in FY2025. That might be “rapid” for some capabilities that DoD needs but is two generations late when it involves cyber capabilities.
Another critical concern with accessing commercial technologies is providing for adequate cybersecurity. In order to keep pace with the threat, DoD must avail itself of the best commercial cybersecurity products. Senior defense officials recognize this reality. It makes no sense to seek to acquire commercial technologies at an accelerated speed without also ensuring that the best commercial cybersecurity capabilities are available.
The failure to see the JEDI procurement through to a successful conclusion is one example of how DoD acquisition practices fly in the face of security requirements. A single cloud makes sense from a security point of view and from the point of view of ensuring seamless movement of data down to the tactical edge. One of the distinguishing features of JEDI was the high security requirements for the winning contractor. At the time the contract was awarded, there was only one company, Amazon Web Services, able to meet those standards. The decision to go with multiple contractors recreates the very problem that JEDI was intended to solve: a veritable storm of clouds across DoD with inherent incompatibilities and security seams.
The cybersecurity compliance requirements DoD imposes on industry can be quite onerous. This is particularly the case for start-ups and companies without experience in working for DoD and/or insufficient staff to handle the paperwork. The compliance process also takes too long given the speed at which threats arise and cybersecurity capabilities must evolve. DoD has made some efforts to simplify these requirements, of late. But it is still a difficult road to travel.
Senior defense officials have stressed their commitment to exploiting commercial technologies to re-establish the U.S. military’s military-technical edge. To that end, DoD itself is making strides through processes and policies such as Comply-to-Connect that are relevant to needs of commercial companies. It is employing tools that are also available for companies to implement on their own networks. In order to be successful, DoD must figure out how to access the full array of commercial cybersecurity capabilities and do so as quickly as possible. But this means changing the way the Pentagon acquires and modernizes software.
Now a 1945 Contributing Editor, Dan Gouré, Ph.D., is a vice president at the public-policy research think tank Lexington Institute. Gouré has a background in the public sector and U.S. federal government, most recently serving as a member of the 2001 Department of Defense Transition Team.