“As the federal government enters its busiest acquisition period of the fiscal year, the head of the Office of Management and Budget (OMB) encouraged administrators to leverage acquisition tools to squeeze the most value out of their agency’s purchases, and said that fourth quarter spending can, “boost America’s economic recovery.”
“In a July 20 memo to agency chiefs, OMB Director Russell Vought notes that fourth quarter spending could account for as much as 40% of total annual contract spending and reminds agencies that as employees return from COVID-19 related closures, buying from U.S. suppliers can help “jump-start mission performance” and help the economy.
“Take full advantage of acquisition flexibilities and innovative tools,” Vought advised, including a new cross-agency priority goal for the President’s Management Agenda called “frictionless acquisition.” The goal sets a management platform to leverage practices that lead to more efficient outcomes, such as just-in-time delivery, and access to a broader range of innovative companies.
Category management practices are another important tool, according to Vought. The practices have saved more than $27 billion since 2016 and have made it easier for buyers to make fast, informed decisions on IT hardware, security, consulting services and other everyday needs that keep government running, he said.
Vought also encouraged the need for speedy payments contractors, in light of the economic pressure caused by the pandemic. The payment goal, he said, is for 15 days after receipt of a proper invoice and all other required documentation. He also advised agencies to consider early adoption of the Federal Acquisition Council’s developing new rules to accelerate payments to small business subcontractors.”
We unhood what is in store for cybersecurity in 2019. (Gorodenkoff Productions OU/Getty Images)
“FIFTH DOMAIN”
“If the United States wants to keep up with digital innovations from China and other countries it is necessary to change the American government’s relationship with the private sector and academia.
But when it comes to the U.S. government’s relationship with the cyber industry, structural barriers to innovation remain.”
The Department of Justice announcedsweeping indictments against Chinese hackers and the U.S. intelligence community reported that foreign countries continued to interfere in American elections.
So what comes next? Here are four overarching questions for the cybersecurity community in 2019:
What will the new Pentagon chief do with expanded cyber powers?
In August, the president gave the secretary of Defense the ability to conduct cyberattacks against foreign countries so long as they do not interfere with the national interest of the United States, according to four current and former White House and intelligence officials. But the resignation of Jim Mattis, the Defense secretary, means the next Pentagon chief will have a broad arsenal of cyber authorities.
For the cyber community, Patrick Shanahan, the current acting secretary, is a relative unknown. He has not given significant insight into how he views the role of offensive cyberattacks for the Pentagon, and his scheduled Jan. 1 elevation comes as some in the Trump administration and U.S. Cyber Command have pushed for even more authorities. However, he has spoken at length about the need for the defense industry to bolster its own cyber practices.
The new Pentagon chief may also have to decide when the National Security Agency and U.S. Cyber Command should split.
Both bodies are led by Gen. Paul Nakasone, but that may change. Cyber Command is in the process of gaining its own infrastructure to conduct offensive cyberattacks, and a Pentagon official told Fifth Domain in November that it appeared the split was all but certain to happen in the coming years, although no formal decision as been made.
What comes next in the U.S.-China cyber relationship?
The Department of Justice released a flurry of indictments against Chinese hackers in 2018, accusing Beijing’s cyber sleuths of infiltrating American government agencies and defense contractors.
The most recent round of allegations came Dec. 18, and the legal action could continue in 2019. While announcing the most recent indictments, Deputy Attorney General Rod Rosenstein accused China of breaking an agreement not to use hacked materials for commercial use, although he did not offer evidence.
The hacking allegations come amid a broader trade war between the United States and China. Experts have told Fifth Domain a trade war could increase digital tension between the two nations. If the trade war continues, experts say they see little incentive for China to limit its cyberattacks.
Will America suffer blowback for more offensive cyber operations
“The side effects of the strategy of ‘persistent engagement’ and ‘defend forward’ are still ill-understood,” Max Smeets and Herb Lin, experts at Stanford University wrote for Lawfare. “A United States that is more powerful in cyberspace does not necessarily mean one that is more stable or secure.”
Experts also warn of making any rush judgments about the effectiveness of these offensive cyberattacks. Current and former intelligence officials worry that uncovering and attributing a hack can take more than a year, and, even then, that process is not perfect.
One former official pointed to the leaked documents about Russian targeting of American election infrastructure in 2016 that was sent to the news organization the Intercept. It took months for the intelligence community to understand the full extent of the hack, the official said, an example of how long it takes to detect a cyberattack.
However, all of that means it is reasonable to expect that the merits of the new offensive cyber operations may not be known publicly for years.
Will Congress take action to streamline cybersecurity contracting and research?
Yes, changing the way government does business is ambitious. But experts argue that if the United States wants to keep up with digital innovations from China and other countries it is necessary to change the American government’s relationship with the private sector and academia. The effort to streamline cybersecurity funding and research will fall to the new Congress, in which Democrats will take over the House of Representatives.
But when it comes to the U.S. government’s relationship with the cyber industry, structural barriers to innovation remain.
On average, it takes roughly seven years for an idea to get a contract inside the U.S. government. In that length of time, a product is already two generations old. Former Pentagon officials have used the digital fight against the Islamic State as an example of how long the process takes. It took roughly two years for Cyber Command to receive the proper equipment and training after the order to digitally defeat the Islamic State, officials told Fifth Domain.
In addition, the cybersecurity industry is watching a series of bills in Congress. Sen. Mark Warner, D-Va., has pushed for a streamlined security clearance process, and industry officials told Fifth Domain they expect him to continue the effort in the new year. The bill could make it easier and cheaper to get a security clearance.
And many in the federal cybersecurity community have called for a change in academia’s relationship with cybersecurity.
The universities and research institutions in the United States focusing on quantum computing are “subpar,” George Barnes, deputy director at the NSA said in June.
Experts say that quantum computers will make traditional cybersecurity methods obsolete because of the expansive computing power.
However, new investments in artificial intelligence and a new Solarium Commission, which was created to help contextualize cyber in the broader national and economic security discussion, may provide solutions to these problems.”
“One constant in the acquisition reform debate of the last two decades …… “buy more commercial items in a commercial fashion, and do it quickly and cheaply.”
Now, nobody argued that you could buy F-35s or ships that way, but as competitors such as China and Russia fielded weapons in double-quick time and software and computer hardware became increasingly important to a weapon’s effectiveness, so did speeding up purchases and lowering their costs grew in importance.
“The data now supports what was long suspected — that the purchase of commercial items was declining. The question is why? The answer can likely be found in the overreaction to the perceived contracting abuses of of the Iraq War.
“While commercial items and the Iraq War shouldn’t be linked, they became so in the so-called ‘war on profits’ that was initiated early on in the Obama Administration,” Greenwalt argues. “In a typical overreaction applied to a different set of circumstances….the DOD bureaucracy, instead of going after bloated cost-type contracts and move to a more fixed-price, commercial-like, performance-based contracting approach, decided to do the opposite and reign in commercial item contracts where profit margins are traditionally higher.”
Part of the problem appears to be that Pentagon acquisition officials just don’t know much about buying commercially. To cope with that, the Defense Contract Management Agency (DCMA) created six Commercial Item Centers of Excellence staffed with engineers and price/cost analysts to advise contracting officers in how to determine what can be bought commercially.
“According to DCMA officials,” the GAO report says, “experts at these centers began reviewing cases in June 2016 and since then have examined 437 cases that contained approximately 2300 items. They recommended that the contracting officer make a determination that an item was commercial in 94 percent of the cases reviewed.”
But Greenwalt isn’t really optimistic, even though he pushed hard to make sure the acquisition community had the policy and legal tools to buy more commercially.
“The linkage between higher profits and higher risks and performance that occurs on commercial item contracts was forgotten in order to keep as many traditional cost-type programs (with somewhat reduced fees) going during a budgetary downturn,” he says. “Congress acted in the last two NDAAs to try and roll back this situation, but since none of the rules to implement new commercial item legislation have been enacted yet, it is doubtful we will see much improvement soon in the statistics.”
ROSE COVERED GLASSES 