“It is a first-of-a-kind-type tool at DLA where we use machine learning, predictive analytics and variables and multiple input data sources to really focus on risk from three perspectives: suppliers, item or product procuring and pricing,” said Michael Scott, the deputy director of DLA’s logistics operations, on Ask the CIO. “We bring all of that together in an interactive tool for when our acquisition specialists are going through the process of the acquisition and awarding contracts. This is a real-time capability where they can get input on any of those three attributes in terms of the level of risk of what they are about to do.”
Scott said the tool provides historical and current information about everything from fraudulent activity to price fluctuations. DLA supports every military service and agency as well as 40 other agencies and expects about $35 billion in sales in fiscal 2018.
“It’s used today to scan through roughly 1 million bids a day in our procurement enterprise,” he said. “Since March, it has identified more than 350 high risk CAGE codes or supplier entities. It’s probably one of our top concerns right now from a process perspective is the rise in the number of fraudulent or bad actor companies who are trying to get into our business. This new tool has been very helpful in identifying that from the onset and allowing us to put controls in our systems to not allow them to get business from DLA.”
Kathy Cutler, the director of DLA’s Information Operations and chief information officer, said the business analytics tool pulls data from public and private sector data including from Dun & Bradstreet, and processes it through an analytical engine looking for trends or red flags.
“We have a ton of data in DLA and we’ve had a ton of data for years, more than we know how to use in some cases. And obviously there is a ton of data out in the commercial space as well that will help us make these decisions,” Cutler said. “We are trying to fine tune the engine and this is the first step in doing that. We are saying what are the other rules and other things we need to put in place to make sure we are going through that data in a systemic process and then producing those flags so the buyer on the floor knows they need to check another source of information or do more background checks behind whatever they are seeing.”
This approach to reviewing and analyzing products isn’t new for DLA. Cutler said the agency has been using this approach for cybersecurity and emergency response acquisition teams.
But what’s different is the business analytics tool expands the depth of the oversight and number of products that receive this kind of attention.
“As the tools have improved and we get more intelligence from different sources, I think it’s led to a sophistication on what our team actually looks for,” Cutler said. “Years ago, it used to just be they see traffic going back and forth on their network and it looks good. Now they are getting more sophisticated on what that traffic is and what are those patterns they need to detect to say they either need to do something different here or need to alert another part of the enterprise that something may be amiss.”
DLA faces email spoofing attempt
A perfect example of this change happened earlier this summer. Cutler said DLA received a question from a vendor about information the agency supposedly was asking for that they don’t normally seek.
The DLA cyber team traced the email request back to its source and found someone was spoofing the agency’s domain and sending a request asking for private information.
“We found it and blocked it, but it’s a level of sophistication that’s out there that we need to protect against from a cybersecurity perspective. It’s also contributing to how we are protecting the overall supply chain and mitigating those risks,” Cutler said.
Scott added the recognition of potential and real cyber threats by suppliers, customers and DLA employees has increased significantly over the last few years, and that too has made a big difference in how the agency protects its supply chain.
“The biggest risk right now goes back to the supplier aspects. There are some pretty bad activity of people posing as good companies to do business with and they are pretty good at it,” Scott said. “The second one all the data capabilities that Kathy’s group is bringing to bear and not just in this tool, but in her predictive analytics, the ability to get more granular on the pricing based on even types of items, specific items to set tighter thresholds on what we do because so much of our work is automated. It’s just good stewardship for us to be as sophisticated as we can so we don’t see real smart folks just get into a trend of just steadily increasing prices when it really shouldn’t be.”
Along with the data analytics, DLA also is fighting against counterfeit parts through a technology called DNA marking of microcircuits. Scott said this product is high in the supply chain risk and counterfeiting by foreign entities and critical to weapon systems.
DLA is considering how to expand the use of DNA marking for other technology products.
She said DLA is using the J6 Enterprise Technology Services (JETS) program contract for about 95 percent of that work. JETS is a multiple award contract DLA awarded to 142 companies in 2016 and it has a ceiling of $6 billion.
One priority is application rationalization and getting rid of redundant capabilities.
“A few years ago, we had over 1,200 different types of applications. We’ve got that down to about 260,” she said. “We are going to continue to rationalize those applications that we have so that we have a very manageable IT footprint, we can reduce costs and we can reduce the cyber risk that having more information in more applications and keep those things up-to-date.”
Cutler said her long-term goal is to drive down the number of applications to single digits.
The JETS program also is opening the door for DLA to move more systems to the cloud.
DLA already has 90 applications hosted in the cloud. Cutler said they are considering how to migrate the rest of the systems to the cloud whether commercial or the Defense Information Systems Agency’s MilCloud 2.0.
She said recently DLA put its warehouse management system in the Amazon cloud.
“This is technology refresh from the legacy system that we have in our depots today that does the receipt, store and inventory type of functions,” she said. “We just started with a pilot [in July]. We will continue to look for those types of opportunities because we are trying to modernize our IT, use those capabilities that make the most sense and are most cost effective.”