Army charts 30-day acquisition process for new cyber capabilities

Getty Images/iStockphoto/gorodenkoff

The Defense Innovation Unit-Experimental broke new ground for Defense acquisition by setting up a process that gets vendors on contract in as little as 60 days. Now the Army thinks it can move twice as quickly with a new rapid prototyping process designed specifically for cyber defense.

The service’s program executive office for enterprise information systems (PEO-EIS) is in the process of putting together a vendor consortium that will make use of DoD’s other transaction (OT) authorities, a trend which has grown over the past year as Congress and the Pentagon have granted Defense components greater leeway to enter into agreements that sidestep the Federal Acquisition Regulation.

First, the Army needs to hire an independent firm or group to manage the consortium, and is meeting with candidates this month. The winner, expected to be selected in May, will be in charge of recruiting companies into the consortium to make sure the Army has a healthy base of cyber defense vendors to choose from, recommending new technologies for the government to prototype, managing security approvals for newly-selected technologies through the Risk Management Framework, enforcing the Army’s open architecture standards, and general administration of the consortium.

Once the consortium, known as C-RAPID, is up and running, the Army plans to turn to its member companies for between 6 and 24 prototype projects each year, with each competition wrapped up within 30 days.

Advertisement

After PEO-EIS gets notification from Army Cyber Command or Training and Doctrine Command that they need a particular capability, it will ask companies to submit two-page white papers on how they would solve the problem; they would have seven days to respond. A panel of government and consortium experts will review the responses within four days.

After the government narrows the field, the remaining candidates would defend their ideas in a “shark tank” setting about ten days later, and the best would be invited to demonstrate their offerings at a “crucible” event at an Army cyber range. If the government is happy with what it sees, the company could be offered an other transaction agreement on-the-spot.

It remains unclear, however, how many of the prototypes might make their way into full-scale production projects. In briefing documents to industry, the Army said a “small number” of the prototypes would be assessed by Army Cyber Command for inclusion into its formal programs of record.

Even as DoD has worked to broaden the use of OTAs beyond DIUx and make them a more traditional part of how its acquisition bureaucracy does business, DIUx itself has struggled to move prototypes into follow-on production contracts. It had entered into 59 pilot contracts as of the end of 2017, but only brokered its first two production agreements in the last few months.

However, vendors and Defense customers who have been involved in those agreements have spoken highly of the OTA process as it’s evolved, and the Defense Information Systems Agency is among those that intend to largely emulate the procedures DIUx developed.

DISA recently gained its own authority to enter into OTAs, and plans to significantly ramp up its use of them in 2018. It plans to follow the guidebook DIUx assembled for its process, which it calls the “commercial solutions opening.”

“It is an innovative way of contracting, and it’s available to virtually all companies,” Tony Montemarano, DISA’s senior procurement executive told the agency’s annual industry conference last month. “You have to figure out what the rules are, get your lawyers involved, but it’s an alternative way for us to get to you. It’s available to big business and small business, so please take a run at it.”

Indeed, while OTAs were originally designed in the late 1980s to pursue small and “non-traditional” vendors, Congress has also allowed DoD to use them for agreements with large Defense companies as long as they’re partnered with a non-traditional company that does a “significant” proportion of the work.