The Defense Department is putting technology programs in a box — literally.
DoD says the Joint Chiefs instituted the “IT Box” concept to ensure programs meet cost, schedule and performance goals and focus on rapid and small increments.
The IT Box approach also is trying to solve well-documented problems with how the Pentagon buys and implements technology.
“The Chairman of the Joint Chiefs of Staff has modified the department’s Joint Capability Integration and Development System, which develops our requirements by introducing the IT Box concept to support more rapid acquisition timelines,” said Katrina McFarland, DoD’s assistant secretary for acquisition, Wednesday before the Senate Armed Services Subcommittee on readiness and management support. “On approval of a requirement formulated in an initial capabilities development document, requirements management is delegated to an appropriate body in a sponsor’s organization. The organization is then not required to come back for requirements changes unless they exceed the parameters of the IT Box.”
McFarland said there are four sides to the box: One to provide oversight and management of the product, a second to develop the capabilities requirement, a third to develop the cost for the application and system development and a fourth to determine the costs of sustainment and operations.
Four years after Section 804
The IT Box is one of several parallel and ongoing efforts to improve DoD’s acquisition of IT.
Most of the reason for the process improvements is from Congress. In the fiscal 2010 Defense Authorization bill, lawmakers included a provision, commonly known as Section 804, requiring DoD to study and recommend improvements to Congress on how it buys and manages technology.
DoD delivered the report to Congress in November 2010 describing new IT acquisition processes, an implementation plan of these new processes and legislative changes that Congress needs to fix.
“About 75 to 80 percent of what the report to Congress discussed has been initiated and implemented. Implemented is not completed,” McFarland said. “As you are aware, the system has a slow progress, and many of the items within Section 804 regard the early onset or the initiation of the program. We have programs that didn’t benefit from those specific initiatives that are very important to make the products what we want them to be. We will continue to do clean-up in a lot of those areas.”
She said the use of the IT Box concept already is starting to pay off.
McFarland said one program that benefited from the IT Box concept is the Integrated Strategic Planning and Analysis Network (ISPAN). The Air Force reported in January 2013 that ISPAN program had delivered increment two in 15 months, while increment one took 60 months.
But the change in how DoD views major IT programs will take time.
The Government Accountability Office is working on a report that will demonstrate how much DoD needs to improve.
“We are looking at incremental development across the government. So we took 37 investments at DoD, and OMB has some guidance that everyone has to do everything in six months. One out of 37 at DoD will deliver in six months,” said David Powner, GAO’s director of IT and management issues. “DoD said ‘That’s unrealistic,’ and I agree. They said ‘We strive for 12 to 18 months’ and we said, ‘OK, let’s bump it up to 12 months.’ Out of those 37 investments, only 10 will deliver something in a year. You still have a lot of projects that don’t deliver anything for years. That’s the mode we need to get out of in the government.”
Agile approach needs reinforcement
McFarland said GAO’s initial finding represents one big hurdle for DoD. She said services struggle when it comes to understanding just how big or small of an increment they could actually successfully build. Too often, she said, DoD tried to bite off more than it could chew.
Powner said GAO’s work reinforces that the acquisition process changes DoD is proposing in the 5000 guidance are desperately needed. Powner said DoD, like many agencies, needs more flexibility in system development, which comes from using modular contracting.
DoD recently released a draft version of the updated Section 5000 guidance, which hadn’t been updated since 2008.
McFarland said part of the draft 5000 guidance includes how best to adopt a modular, open system methodology that is flexible to deal with changing circumstances and needs.
“It describes acquisition models where, across each model, the policy addresses the realization that IT capabilities may evolve, so desired capabilities may be traded off against cost and initial operational capability to deliver the best product to the field in a timely manner,” she said.
McFarland said the changes to the DoD 5000 guidance also have to do with changing the DoD culture when it comes to understanding and accepting risk.
“The challenge we have right now is, we have a system called the Defense Acquisition Management Information Research, and it reports based on a very distinct approach from weapons systems,” she said. “For us, we focus on costs, schedule and performance. Risk is embedded in each. We have multiple players who come in — program manager, the Office of Secretary of Defense functional staff — and we all rate on a program. What has to happen is those two from a standpoint of IT are aligned. Right now, there are differences in lexicon in how we think. So we have drafted up the first effort to try to look at how we make those risk factors look the same, so we don’t report on two metrics and confuse people even more.”
Inaccurate, old data
The metrics piece is huge because GAO continues to chide DoD for not updating its progress on the federal IT Dashboard. Part of what McFarland and others are doing is trying to standardize how they ensure transparency in the status of IT programs.
GAO’s Powner said DoD hasn’t updated its data on the IT Dashboard since September 2012, and the information on the dashboard is inaccurate.
He said DoD lists 93 IT investments on the IT Dashboard. Of those, 81 are in green status or low risk, and 12 are in yellow or medium risk. Powner said DoD shows no projects rated high risk or red. He said GAO has done its own research and found that DoD isn’t putting all their major IT investments on the Dashboard.
“In order to manage problem projects, you need to acknowledge you have problems,” Powner said. “If you acknowledge you have red projects, you govern them differently. It’s not that they are doing a bad job because they are red. There are red projects across the federal government and across the private sector. You can’t fix the problems unless you acknowledge you have a problem.”
Teri Takai, DoD’s chief information officer, said DoD struggles to get a clear rating for the Dashboard. She said DoD is working on better aligning how it does ratings with how they are defined by OMB on the Dashboard.
Takai said her office and McFarland’s office are working on a new directive that will better define what the status of a project is.
DoD is taking several other steps as well to fix IT acquisition. Secretary Chuck Hagel signed a memo Dec. 4 to consolidate and realign the deputy chief management officer and the CIO offices.
Takai said her office has completed the development of a plan of action and milestones to meet Hagel’s mandate of giving the CIO more visibility, oversight and governance over IT resources.
“We are taking actions necessary to increase visibility into IT budgets and spending patterns, and are strengthening our analysis of IT investments and evolving our processes for IT governance and oversight,” Takai said in her written statement to the subcommittee.
The CIO’s office now will oversee the technical aspects of Defense business systems, while the DCMO will continue to lead the requirements processes.
Kevin Scheid, the acting deputy chief management officer, said these changes should improve DoD’s progress on how it manages and deploys business systems.