Microsoft wins $21B contract to produce 120,000 AR headsets for the Army
The Army has moved a prototype deal with Microsoft to develop an augmented reality headset into full production — calling for 120,000 headsets over the next decade under a $21.9 billion contract.
The contract comes 28 months after prototyping of the Microsoft HoloLens 2-based Integrated Visual Augmentation System (IVAS) began. IVAS is designed to help soldiers train with augmented reality headsets displaying combat situations.
The Army says the pace of the program’s development is far faster than most of its other major technology purchases, which usually take several years or even decades to field.
“The Army’s partnership with Microsoft redefined the timeline for rapid development and production of a major defense program by taking advantage of the Middle Tier of Acquisition and Other Transaction authorities, and partnering with a non-traditional defense contractor that is an industry leader in developing innovative technology,” the Army’s Program Executive Office Soldier, the office overseeing the procurement, said in a statement.
Microsoft president Brad Smith had previously said the company expected that it would likely win the production contract to build the system, telling Congress in February that the company had started constructing manufacturing capabilities for the system before the award.
The Army’s version of the HoloLens 2 headset adds more punch using Microsoft Azure cloud to pipe in training scenarios and other visuals to help soldiers better prepare for conflict. The Department of Veterans Affairs also uses Microsoft’s HoloLens.
“The same technology enables warfighters to execute the operation with real-time visual data that integrates everything from the building’s digital layout to local thermal images to facial recognition of the hostages and the identification of friendly forces,” Smith said about the technology in testimony to Congress.
Microsoft says that “soldiers have been deeply involved in the design process” over the past two years. The company praised the openness from DOD and its willingness to allow changes to the system during the prototyping phase as a key enabler of the program’s relative acquisition speed.
GSA expects Multiple Award Schedule consolidation finished this year
The General Services Administration expects to complete the third and final phase of its project consolidating 24 schedules for products, services and solutions into one Multiple Award Schedule (MAS) by the end of 2021.
Contractors had until end of day Wednesday to update their price lists so the special item numbers (SINs) and schedule numbers match what’s in the GSA eBuy! and eLibrary systems, which will help customer agencies find contracts more easily.
Now GSA wants MAS holders with multiple contracts to submit their plans by year’s end for consolidating them down to one per unique entity identifier (UEI).
“The rest of this year we’ll be focused on moving companies that have multiple contracts to one [contracting officer], so that you guys can establish your plans for any of these small businesses that do have multiple contracts,” Stephanie Shutt, director of the MAS Program Management Office, said during an ACT-IAC event Wednesday.
Contractors will have potentially the next five years to wrap up existing task orders without moving them over, in a “more natural” shift to one contract that lets the rest simply die off, Shutt said.
MAS consolidation is a “foundational” project for GSA — one of the four pillars of its Federal Marketplace Strategy for streamlining acquisition — that will pave the way for additional projects coming soon thanks to simplified terms and conditions, she added.
Contractors will be able to do e-modifications to their contracts any time to add additional SINs, and small businesses will be able to more easily partner in prime-subcontractor relationships that expand their offerings.
The MAS PMO recognizes it needs to update its systems and simplify contract language moving forward.
“A lot of our systems are old,” Shutt said. “So we are looking to see where we can update those across the board and get everything on a happier level for everyone.”
Army cloud agency expanding its team
The Army’s newly dubbed Enterprise Cloud Management Agency (EMCA) is growing its cloud operations team and extending new partnerships as the service tries to implement cloud-based tech.
The growth of the cloud team comes a year into ECMA’s operation and as it just recently gained new authorities as a field agency. It’s unclear exactly how many more cloud operators the agency hopes to add, but doing so will play a key role in supporting the deployment of a new tactical cloud network and other modernization initiatives, Director Paul Puckett said during an AFCEA webinar Wednesday.
“We are leaning in to expand our cloud operations team and really try to turn that into the new normal,” Puckett said, adding that the team will expand work on things like security and tactical deployments.
The ECMA has also expanded its partnerships across the Army, working closely with regional cyber centers, program executive offices and support commands, like the Army Network Enterprise Technology Command. Puckett said he meets weekly with other tech leaders across the service to work cohesively under the Army’s cloud modernization strategy.
“There is nothing that one does that the other is not involved in,” he said of the partnerships ECMA has formed.
Having a larger team for cloud operations means that the Army can take a more central approach to its cloud modernization. Before ECMA was stood up as the Enterprise Cloud Management Office in 2019, Army offices faced the daunting process of migrating their data to the cloud on their own, Puckett said. The shift is from the “thousand flowers blooming” approach to a more centralized push that can orchestrate a more common cloud architecture for the Army to work within.
Other impacts of ECMA’s growth will be seen in expanded environments for tech-related initiatives. The Army’s new software factory has soldiers code within a cloud-based environment supported by the ECMA, for example.
Other projects that straddle the worlds between technology and tactical use are also moving to the cloud. Along with partners like the Program Executive Office for Command, Control and Communications-Tactical (PEO C3T), the ECMA helped launch the recent “Tactical Cloud Infrastructure.” It’s the cloud version of the former “Tactical Server Infrastructure” that used on-premise and physical stacks to get compute at the edge.
But not everything has moved to the cloud as bandwidth in austere environments is limited. Puckett said the Army is working to “figure out what data needs to be local” and what can be stored in the cloud.
IT Insights: Interview with AWS federal director Brett McMillen
Brett McMillen has devoted most of his career helping government harness information technology and tackle innovative initiatives. Since joining Amazon Web Services 10 years ago, he’s also played a contributing role to the rise of cloud computing in government.
Among other projects, he’s helped make the 1,000 Genome Project available as public datasets. He helped the Department of Veterans Affairs integrate more than 200 previously distinct websites and services to implement the Vets.gov portal. He was part of the team that helped develop a facial recognition program that Customs and Border Protection uses to improve airport security. And he worked with federal officials to obtain FedRAMP certification for AWS’s government cloud services.
Today, as Director of U.S. Federal at Amazon Web Services, McMillen sees AWS’s experience in helping federal agencies take advantage of the cloud as important as the technology itself.
In this exclusive FedScoop interview, McMillen talks about how the U.S. Census Bureau offers an example of ways that government is taking advantage of recent advances in the capabilities of the cloud:
FedScoop: Where are you seeing noteworthy progress or success in the way government is taking advantage of technology advances, like those offered by your company?
FedScoop: What critical steps did that the Census Bureau take to address those issues?
FedScoop: What were the major outcomes and lessons gleaned from the Census Bureau’s efforts that other agencies could learn from?
Learn how AWS can help your agency capitalize on today’s cloud or contact AWS.
Read more insights from AWS leaders on how agencies are using the power of the cloud to innovate.
This video interview was produced by FedScoop and underwritten by AWS.
‘Significant deficiency’ risks security of sensitive federal debt data
The agency responsible for managing the $26.9 trillion federal debt needs to improve its information system controls or risk the security of sensitive financial data, according to the Government Accountability Office.
While the Bureau of the Fiscal Service addressed five previous recommendations, 16 related to security management, access controls and configuration management deficiencies remain unresolved — on top of eight new ones in areas like segregation of duties, GAO found in its annual audit.
Details on the deficiencies were deemed “sensitive information” by BFS and not publicly disclosed, but the agency said it’s drafting a comprehensive audit remediation plan.
“These new and continuing information system control deficiencies, which collectively represent a significant deficiency, increase the risk of unauthorized access to, modification of, or disclosure of sensitive data and programs and disruption of critical operations,” reads GAO’s public report.
BFS managed to maintain “effective internal control” of federal debt reporting by strengthening access and monitoring controls around data sets that can only be altered with its mainframe change-management tool, reads the report. The agency also improved its monitoring of compliance with baseline security requirements.
But GAO found mainframe security controls weren’t used in accordance with the concept of least privilege and mainframe security architecture documents needed improvement.
Security and configuration management controls remain inadequate and responsibilities unclear, with one person sometimes in charge of activities better split between two or more people or units to catch errors and suspicious activity, according to the report.
The head of BFS has 180 days to formally respond to the report with actions taken or planned.
CMMC is under an internal DOD review
One of the most consequential programs in defense contracting is getting a second look by the Biden administration.
The Cybersecurity Maturity Model Certification (CMMC) — the new cyber standards all defense contractors will need to adhere to to bid on contracts — is under an ongoing “internal assessment,” according to a Department of Defense spokeswoman.
The DOD did not provide details on the review but said it was routine for a high-impact program like CMMC.
“As is done in the early stages of many programs, the DoD is reviewing the current approach to CMMC to ensure that it is achieving stated goals as effectively as possible while not creating barriers to participation in the DoD acquisition process,” spokeswoman Jessica Maxwell said in a statement to FedScoop.
While the program is over a year into development, new brass within the Pentagon could choose to make some big changes to what has been program loaded with controversy since inception. Many companies have expressed concern over the cost to adhere to the new CMMC standards, which require them to pay for third-party assessors to inspect their networks against a five-tiered set of controls. If a contractor doesn’t meet the CMMC level required in a contract, it won’t be eligible to bid on it.
“It is now timely to consider what we might want to do differently in the implementation of CMMC,” said Robert Metzger, the head of the Washington, D.C. offices of the Rogers Joseph O’Donnell law firm and co-author of several reports on supply chain cyber threats.
While there is uniform agreement on the need to increase the overall cybersecurity of the defense industrial base, the program has been criticized in its rollout. The initial decision to push much of the implementation responsibility of CMMC to a third-party volunteer organization — the CMMC Accreditation Body — caused some backlash. Eventually, two leaders on the board resigned over a perceived “pay-to-play” marketing scheme.
Metzger suggested the new administration could make changes to the relationship the government has with the CMMC Accreditation Body and what responsibilities it gives to the third-party group. He also anticipates the review could take a look at other issues like staffing of the program management office for CMMC, the interim final rule Defense Federal Acquisition Regulation for CMMC and funding for the program’s implementation.
“It would not surprise me at all if the new administration would want to consider very carefully how best to get this objective achieved,” Metzger said.
FDA undertaking ‘unprecedented’ data infrastructure modernization during the pandemic
The COVID-19 pandemic has given the Food and Drug Administration an “unprecedented” opportunity to modernize IT systems and data infrastructure that was just “chugging along,” according to one senior agency official.
FDA went from having an “antiquated” system that could only process low volumes of low-complexity COVID-19 reporting to developing a core diagnostic data set with clinical, graphics, testing and results data, said Dr. Sara Brenner, the associate director for medical affairs in the Center for Devices and Radiological Health.
New technologies like rapid antigen tests are being untethered from laboratories so people can self-administer them, but that requires new wireless infrastructure to harmonize data at the source and get it to the FDA and other health agencies tracking COVID-19’s spread, Brenner said.
“This rapid expansion of volume has really just completely blown the wheels off of the conventional data collection and reporting system, which was never really designed for pandemic-scale data transmission,” she said during AFCEA Bethesda‘s Health IT Summit on Tuesday.
COVID-19 tests were the first diagnostic used to track the virus’ spread so FDA could intervene and stop transmission, but now it’s working with other agencies, states, laboratories, clinicians, and device makers to expand the data coming in. The Data Standards and Execution Work Group within the Department of Health and Human Services has begun working with IT infrastructure offices at other agencies to improve data quality and flow.
“We believe that if we’d had a better data infrastructure, we would’ve been able to answer many obvious questions that people needed to know — in terms of supply chain, why do we run out of certain products and goods — better,” said Vid Desai, chief technology officer at FDA. “And that’s certainly going to be a focus for what we’re going to be looking at going forward.”
FDA published a technology modernization action plan last September and quickly followed that with an accelerated data plan. The agency also hired a chief data officer during the pandemic and is forming a data team to address infrastructure issues, Desai said.
One issue the FDA was able to get ahead of is cybersecurity, raising threat levels in mid-March of 2020 when it became clear the agency would play a critical role in COVID-19 therapeutics, diagnostics and vaccinations.
“We also knew that would attract a lot of nefarious, rogue characters who would try and stop our work, and I think our predictions were true,” Desai said. “If you think about all these supply chain attacks that have occurred in the therapeutic and vaccine distribution mechanism, literally every week we see something new there.”
What government needs to know about accelerators
Bringing cutting-edge emerging technology from the private sector into the U.S. government is critical to better serving Americans and strengthening our competitive advantage globally. And accelerators are an important tool to bridging that gap between the tech industry and federal agencies.
There’s a misconception within federal agencies that running a typical, early-stage accelerator will drive instant, innovative, lasting results for government missions. That confusion stems from a lack of clarity on what the government’s needs and goals are.
More than early-stage ideas and introductions, the government needs emerging tech companies that are fully vetted for federal and ready to scale their solutions into programs of record.
In her recent testimony before Congress, Christine Fox, the former head of the Department of Defense’s powerful Cost Assessment & Program Evaluation (CAPE) unit, said: “The principal challenge DOD faces is not a lack of innovation. The tougher task is how to adopt all this new innovation more rapidly into DOD programs… We have lots of prototypes, but what we need is sustainable programs.”
So, if the need is bringing proven tech onto contract fast to improve mission outcomes in the long run, accelerators must be specialized and tailored to address that requirement. After all, accelerators are not one-size-fits-all.
First, understand the existing market
When the mandate is to innovate, the government does not need to reinvent the wheel. Rather, look to the emerging tech landscape first to assess what is available and can accelerate mission outcomes.
The National Geospatial-Intelligence Agency (NGA) launched a new tech accelerator in St. Louis to help startups develop new geospatial tech, and the first cohort will focus on early-stage startups in advanced analytics and modeling, data integrity and security, data management, and artificial intelligence. While the NGA Accelerator will provide a helpful cash infusion to spur more development of the St. Louis startup ecosystem, the reality is that the early-stage focus misses the opportunity to take advantage of existing, funded ventures that are already well-positioned to solve the same government problems.
High-growth, venture-backed companies like Fraym, Unearth, Uptake, and Hyperscience have tech solutions that are already in action in the private sector, backed by hundreds of millions of dollars of private investment, vetted for the federal market, and ready to improve mission outcomes at scale.
Of course not all commercial tech companies are equipped to support government missions and to forego rigorous evaluation is even more harmful than failing to work with the existing commercial tech landscape altogether. Good thing there are specialized training and partnership opportunities to help the U.S. government navigate the tech industry and make sure companies are fully vetted and equipped to win in the federal market.
If the tech that the government needs already exists in the commercial market, government should work with those vetted, later-stage companies that can move fast. Where technology gaps exist, government should look to earlier-stage companies, but expect that adoption will take much longer and the risk is much higher. Too often, the government spends time and money to run an accelerator to help companies develop tech that already exists, which the government could just evaluate and buy if it’s the right fit.
Go beyond ideas and introductions
From what we’ve seen at Dcode, when the government calls for an accelerator, it’s really calling for a way to work with emerging tech companies and accelerate their solutions onto contracts and into missions.
Not synonymous with incubators, angel investors, or co-working spaces, typical accelerators provide education, mentorship, and financing to early-stage companies in cohorts. Over the course of a few months, typical accelerators help companies establish themselves as corporate entities, develop products, and secure funding.
An accelerator can be a way to get commercial tech mission-ready, but there is so much more to it than generating ideas and making introductions if you want to drive real, lasting tech modernization in the government. What the government needs is a “scalerator”: a next-level model that accelerates proven, government-viable tech from the private sector into the federal market to improve mission outcomes fast in a meaningful, sustainable way.
Finding emerging tech is easy, equipping it to succeed in government is hard. Government agencies should look to venture capital firms and specific accelerators that have the expertise to guide tech companies through the government market contracting process and equip them to succeed. More than winning just a singular contract award, to get over the “valley of death,” these tech companies must have a strong grasp on government use cases, federal contracting, and operational processes to scale into programs of record.
Don’t stop at educating tech
Showing tech companies all the ins and outs of working with the U.S. government through a typical accelerator is only half the battle. If there’s no contract and plan to pull the right tech in, then you won’t be able to advance missions with commercial technology.
In addition to accelerating tech companies, federal agencies must better define problem sets, know the emerging tech landscape, employ innovative procurement, align innovation hubs with their mission-focused offices, and connect with leaders across other agencies to share lessons learned. It’s critical that government teams know how to scale solutions to advance their mission. Then they will be ready to work with cutting-edge tech companies that make sense for the mission.
Accelerators that provide education only for tech companies won’t cut it. There’s a reason government leaders have been requesting training from Dcode for years on how to innovate like a startup, evaluate like an investor, and apply agile procurement. Forward-leaning leaders recognize the need to shift culture and processes on the government side too.
Given this evident need for complementary education, if an accelerator does not also equip the government side, the effort will fall short.
We already know that if the U.S. does not bring new, cutting-edge, commercial emerging tech into the government, our country will continue to fall behind globally in the competition for economic prosperity and national security. The time is now to work smartly and swiftly with organizations that can bring the most promising, innovative tech from the private sector onto public sector contracts.
Meagan Metzger is the founder and CEO of Dcode, a privately-owned company focused on connecting tech and government to bring commercial solutions to critical challenges.
Army’s cloud office gets upgraded to an agency
Goodbye Enterprise Cloud Management Office; hello Enterprise Cloud Management Agency.
The team tasked with laying the foundation for the Army’s enterprise technology modernization has a new name and upgraded status, the Army’s Office of the CIO announced Monday.
The boost in status to a field operating agency of the CIO instead of just an office comes a year after the erstwhile ECMO became functionally operational. The agency will retain its director, Paul Puckett, and continue to report to Army CIO Raj Iyer. The change gives “new responsibilities and authorities to orchestrate and synchronize enterprise-wide cloud activities,” Iyer said in a statement to FedScoop.
“The formation of the ECMA as a new field operating agency represents the Army’s commitment to centralized acceleration to the cloud and adopting new digital technologies to implement the Army’s Digital Modernization Strategy,” Iyer said.
ECMO was originally stood up in November 2019, reaching its “functional” operating capability in March of 2020 — a status designating less than fully operational as it was short on staff due to the pandemic. The office was set up to lay the foundation for much of the modernization the Army hopes to achieve in migrating to the cloud. On top of this core mission, last March the then-ECMO helped support the rapid shift to teleworking on a new cloud-based Commercial Virtual Remote Environment.
Since that initial pivot to telework support, the agency has worked on building out core enterprise technology modernization capabilities. One example of its work is cARMY, the Army’s enterprise cloud environment that leaders have said is important in supporting broader programs like Project Convergence, which aims to fuse battlefield data in multi-domain operations.
Matthew Travis hired as CMMC Accreditation Body CEO
The third-party board implementing the Department of Defense‘s new cybersecurity standards for contractors finally has a CEO after months of searching.
Matthew Travis, a former deputy director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, has been tapped to lead the Cybersecurity Maturity Model Certification Accreditation Body (CMMC-AB) — the organization tasked with overseeing the ecosystem of assessors who will inspect the IT networks of the 300,000 companies in the defense industrial base.
Travis will lead day-to-day operations of the CMMC-AB, a job that has largely been filled by the AB’s board of directors in the nearly 15 months since it was incorporated.
“We are extremely thrilled to have someone as respected and accomplished as Mr. Travis lead the Accreditation Body,” Board Chair Karlton Johnson said in a statement released Monday. “His organizational development skills as well as in-depth understanding of security and the Federal government will enable us to continue to quickly ramp-up AB operations and execute against our mission in service of the nation’s defense,”
Travis joined DHS in 2018 supporting what was then the National Protectorate and Programs Division — CISA’s precursor. His work to transition and stand up CISA within DHS was an attractive experience for the AB, which is also a rapidly growing organization steeped in government work. Travis resigned from CISA in November 2020 after then-Director Christopher Krebs was fired.
A former naval officer, Travis also served as a White House liaison from the Office of the Secretary of the Navy in the late ’90s. His public resume shows work experience focused primarily on homeland security and counter-terrorism technology.
The AB had been searching for a CEO since the summer of 2020.
“Joining and leading the CMMC-AB is a tremendous opportunity. I look forward to using my collective experiences of running a security company start-up as well as my time at CISA, where I focused on supply chain risk, to ensure we mitigate risks as they relate to both the DoD and the contractor community,” Travis said in a statement. “There is no more important cyber mission right now than building a trusted, verified, and resilient cybersecurity ecosystem within the Defense Industrial Base.”
CMMC is the new requirement the DOD is phasing into contracts to certify companies’ cybersecurity to shore up its supply chain. The new model is a tiered system where contractors will need to pay for an assessment from a CMMC-AB-certified assessor, which will inspect the company’s networks and give it a 1-to-5 score based on the ability to meet the security controls laid out in the CMMC model.
Since CMMC’s initial introduction in 2019, supply chain security has become an increasingly more important topic in defense and government contracting following the SolarWinds supply chain breach that impacted a multitude of government networks.
“When we look at where true cyber risk currently resides, the CMMC mission is a critical component of the safety and security of our nation and its citizens,” Travis said.
DOD officials have spoken previously about their hopes that DHS, Travis’s former employer, will adopt the CMMC model or something similar to it for the supply chain of civilian agencies.