DIU’s Mike Brown is Biden’s pick to head DOD acquisition
Mike Brown, the director of the Defense Innovation Unit, is set to be the Biden administration’s pick to head the Department of Defense’s acquisition and sustainment enterprise.
The White House on Friday indicated President Joe Biden’s intent to nominate Brown as undersecretary of defense for acquisition and sustainment.
Brown comes from a long career leading technology companies in Silicon Valley before he was tapped to bridge the gap between the DOD and his old tech community at DIU in 2018.
His expected nomination was one of three the White House announced for the Pentagon Friday, including picks of Michael McCord to be DOD’s comptroller and Ronald Moultrie to be undersecretary of defense for intelligence and security. Secretary of Defense Lloyd Austin gave a strong recommendation for the three.
“Each of these individuals is talented, experienced and highly qualified for the critical national security roles they will, if confirmed, undertake on behalf of the Department,” Austin said. “Their deep experience in national security will prove essential in guiding our efforts to defend this nation and secure our interests around the world.”
It’s unclear who will replace Brown at DIU. Once officially nominated, he will need to receive Senate confirmation.
Brown’s job at DIU focused on rapid prototyping and acquisition, handling a couple billion dollars a year. But his new job would focus on acquisition programs at a much larger scale worth hundreds of billions of dollars and that are often the opposite of rapid. Brown’s nomination represents a potential sea change for the department by putting a former technology official at the helm of acquisition. Brown’s predecessor Ellen Lord was a former defense industry executive when she took on the role in 2017.
The former CEO of cybersecurity company Symantec, Brown would also oversee critical cybersecurity programs to secure the defense industrial base, like the Cybersecurity Maturity Model Certification (CMMC). The program is currently under an internal review.
Brown has also been influential in his thoughts on U.S. technology competition with China. He has frequently spoken on the think tank circuit about Chinese tech development and co-authored an influential paper about economic competition and civil-military fusion in tech.
“National security follows economic security and prosperity,” Brown once said.
With a new CEO, CMMC AB board will boost focus on strategy, chairman says
It’s a busy time to be in supply chain cybersecurity, especially for the board chairman of the Cybersecurity Maturity Model Certification (CMMC) Accreditation Body, Karlton Johnson.
At a time when the federal government is still reeling from the recent widespread SolarWinds hack, Johnson leads the volunteer organization charged with implementing the Department of Defense’s new CMMC standards for all defense contractors that many hope will stop the next pilferer of DOD data.
Now, Johnson’s leadership of the AB board is reaching a pivotal point: He is focused on hiring professional staff and transitioning what was a board of directors intimately involved in the day-to-day operations into one that can strategically guide a scaled organization.
In his first extended interview with FedScoop, Johnson said the board he leads will move from a body of “director do-ers” to become a “governing board.”
That means new faces on the board, new hires at the staff level and new ethics policies.
“I haven’t really seen the work changing significantly; actually I’d say it’s become more laser-focused,” Johnson said. “Especially bringing on the CEO.”
The board recently made one of its most important hires, bringing on Matthew Travis to be CEO of the AB. Johnson spoke highly of Travis, describing him as “sharp” and bringing necessary skillsets to the job. Travis is just the first major hire of many the AB wants to make in the coming weeks and months, filling out staff positions to carry out the massive undertaking before the organization, Johnson said.
“We are pretty excited because it’s a significant milestone,” he said of hiring Travis, who started last week. The most important part of the accreditation body’s developing role “is that professional staff we are bringing on,” Johnson said.
Johnson said Travis will take on some of the roles the chairman and other board directors currently fill, like managing the relationship with the CMMC Program Management Office and leading the daily operations of the organization.
The road ahead
The program the AB is implementing is DOD’s latest attempt in securing its manifold IT supply chain from hackers. The CMMC model has five levels of cybersecurity strictness— with level one being the most basic and level five including hundreds of complex controls — that all contractors will need to be certified against or risk losing access to DOD contracts.
Raising the army of assessors needed to inspect all the networks of the 300,000 defense contractors will be the AB’s responsibility. Beyond just credentialing assessors and assessment companies, the AB will also license training and testing providers, give stamps of approval to consultants willing to pay and generally oversee the quality of the complex CMMC ecosystem.
“I am focused on delivering that capability; I am focused on taking it to the next level,” he said.
To deliver the CMMC “capability,” more work remains for the board and the new staff alike. While consultants abound, contractors still await fully licensed assessors and Certified Third-Party Assessment Organizations (C3PAOs) who will be able to actually certify a company. Although full implementation of CMMC requirements will be phased in slowly through fiscal 2026, there is concern in industry over a demand crunch where assessments take more time than anticipated and there aren’t enough assessors to fan out across the defense industrial base.
Johnson says he is confident in the AB’s ability to meet demand. The AB has trained about 100 provisional assessors and cleared roughly the same number of assessment organizations through its initial application screening. But much remains to be done to turn them into fully credentialed assessors, like DOD completing its own assessment of assessors through the Defense Industrial Base Cybersecurity Assessment Center (DIBCAC).
“We remain on target,” Johnson assured.
Johnson was reluctant to disclose current timelines or estimates the AB is using to determine what that target is, or how it will meet it. But he did commit to engaging with industry and the media more regularly when the AB makes those decisions.
“Today, [based] on what we were asked to do, we are able to meet that demand,” he said.
New faces, same concerns
The daunting task of making CMMC work has come with its share of controversy and consternation from those it will impact. One of the most consistent criticisms has been a lack of communication and questions over conflicts of interest with the volunteer board members.
Johnson partially attributes the latter to “malicious influencers” spreading falsehoods or context-less information about the volunteer board. Regardless, he said the board will continue to increase its public engagements and work directly with industry to answers questions.
He also hinted at adding new ethics policies.
“From day one we have had conflict of interest policies in place. Those policies not only continue to be in place, but we are strengthening those as we go,” he said.
AWS Leader Teresa Carlson leaving Amazon for Splunk
After more than a decade leading Amazon Web Services’ public sector business, legendary government IT leader Teresa Carlson is joining Splunk‘s leadership team as president and chief growth officer.
Carlson’s first day with Splunk will be April 19. In her new role, she will focus on growing the company’s business transformation efforts, accelerating growth and advancing its cloud initiatives.
“I am thrilled to join the passionate and talented team at Splunk, and motivated by this opportunity to bring exciting cloud and data solutions to global customers across all industries,” Carlson said in a statement. “Together, we will build on Splunk’s legacy of innovation as one of the fastest-growing companies in the history of enterprise software.”
Since joining Amazon Web Services in 2010, Carlson has grown the company into a leader in public sector cloud sales, particularly in its work with the federal government. In 2013, she oversaw AWS’s deal with the CIA to provide classified cloud services to the intelligence community — a contract that would cement the firm as a leader in providing cloud services for highly sensitive government workloads.
Meanwhile, Carlson’s departure isn’t the only change AWS must endure. CEO Andy Jassy was recently promoted to lead the entire Amazon portfolio after founder Jeff Bezos stepped down in February.
At Splunk, Carlson will report to CEO Doug Merritt, who said “she’ll be an excellent addition to our team.”
“Teresa has an incredible record of leading category-defining, high-growth companies at global scale to even greater success,” Merritt said. “Beyond bringing deep industry, software and cloud knowledge – which will be invaluable to Splunk as we continue to build on our strong foundation and rapid expansion – it is clear that Teresa embodies the values that define our strong Splunk culture.”
Carlson is a recipient of several FedScoop honors, including FedScoop 50 and Best Bosses in Federal IT awards.
Cloud access management guidance is coming from the Office of Governmentwide Policy
Guidance for agencies on single sign-on, cloud identities and a digital identity risk management process is coming in the next year from the Office of Governmentwide Policy.
The Federal Identity, Credential and Access Management (FICAM) architecture hasn’t changed during the COVID-19 pandemic, mostly because the Office of Management and Budget already released a memo that should help agencies implement remote access.
But agencies still have questions about how to modernize their infrastructure and securely allow remote access as “a lot” of them migrate to the cloud, which the new guidance should address, said Ken Myers, chief federal ICAM architect within the General Services Administration.
“To this point all federal employees are required to have a [Personal Identity Verification] card, but sometimes for that to work that means you have to be on the agency network,” Myers said, during an ATARC event Thursday. “With remote work that may not always mean your access type changes, so within OMB Memo 19-17 it talks about setting up pilots to use alternative or different authenticators.”
That could mean implementing single sign-on and federating access using a one-time personal identification number (PIN) or a hardware token, Myers added.
OMB’s memo tells agencies to conduct a digital identity risk assessment to look at the impact of allowing access, determine the assurance level and then pick the right authenticator for the job — a process OGP, which sits within GSA, will flesh out in forthcoming guidance.
FICAM doesn’t always align with specific solutions agencies are using because it’s a governmentwide architecture, but OGP is open to collaborating with them on updates to its guidance, Myers said.
For instance, the Cybersecurity and Infrastructure Security Agency‘s Continuous Diagnostics and Mitigation (CDM) Program approves products and implementation architectures using FICAM as a reference. OGP, in turn, may refer to CDM as it updates privileged access management (PAM) guidance.
PAM refers to protecting accounts with elevated privileges like Windows domain administrators, Linux superusers and cloud-based global administrators, and it’s traditionally been handled separately from ICAM.
That could be changing.
“It is deprecated,” Myers said. “But we are looking at updating it because privileged access management is such an important topic today.”
JAIC looking for ‘data readiness’ services for military
The Department of Defenses’ Joint Artificial Intelligence Center is looking for companies to help curate and enhance the military’s ability to use its data.
JAIC released a solicitation for Data Readiness for AI Development (DRAID) services, carrying a $240 million ceiling. Under the five-year contract, JAIC wants to enable “decentralized ordering” on the contract for parts of the military looking to use their data for AI development.
“The Government intends to issue multiple BOAs resulting from this solicitation to the responsible Offeror(s) whose submission(s) conforms to the solicitation and will be the most advantageous to the Government,” the solicitation states.
The JAIC recently shifted its focus to be an enabling force for AI across the military, not just an AI development office. This solicitation appears to fit neatly into that new vision the JAIC has of itself, searching for services that can be used across the military.
Some of the specific types of data readiness services the JAIC is looking for include Extract Transform Load (ETL) and data engineering, database design and development, data analysis, and project and outreach management, according to the statement of work.
Data community asks OMB to remember data funding in fiscal 2022
Members of the data community urged the Office of Management and Budget to include data infrastructure funding in its fiscal 2022 budget proposal in a letter sent by the Data Coalition.
In the letter, the coalition called for the reissue of a national data strategy similar to the Federal Data Strategy (FDS) and routine coordination on information management between the different parts of OMB and other agencies.
An FDS Year 2 Action Plan is overdue, leaving the group wondering how committed the Biden administration is to data-driven decisions — irrespective of its recent memo on restoring evidence-based policymaking.
“The Data Coalition appreciates the efforts from the Biden-Harris administration to date in elevating and encouraging the central role of data and evidence in decision-making,” reads the letter sent to OMB Deputy Director Shalanda Young on Tuesday. “Following through on promises and bold statements will require sustained engagement and leadership from all levels of the administration.”
OMB should further have the federal chief statistician chair the Advisory Committee on Data for Evidence Building like Congress intended and task the body with determining how data sharing can improve economic mobility, social inequalities, climate change, and COVID-19 pandemic response.
OMB did not respond to a request for comment by the time of publication.
The Foundations for Evidence-Based Policymaking Act requires agencies to develop evaluation plans, but only a few agencies, like the National Science Foundation, have made theirs public. A web portal should be developed as soon as possible for that purpose, according to the letter.
OMB can quickly comply with recent data laws by publishing the presumption of accessibility authority as an interim final rule, issuing open data guidance with the Chief Data Officers Council, developing data standards for grantees with the Department of Health and Human Services, and accelerating use of artificial intelligence.
The Evidence Commission recommended the creation of a national secure data service within NSF, which needs funding in the fiscal 2022 budget to launch and begin improving analysis of things like racial, ethnic and gender disparities across government programs, according to the letter.
OMB should use its budget proposal to expand access to the National Directory of New Hires and certain tax data useful for analyzing benefit program eligibility and the impacts of employment and training programs, the letter adds.
Privacy-preserving technology pilots should be funded over the next year, especially for high-value data assets agencies are reluctant to share, according to the Data Coalition.
OMB also has the opportunity to streamline Paperwork Reduction Act implementation; update data standards for public health and financial reporting during the pandemic, as well as race and ethnicity; and promote government spending data transparency in its budget work.
Lastly the letter recommends OMB use Office of Personnel Management data to identify data workforce gaps, provide CDOs with $50 million for their accountability and transparency efforts, and set aside Evidence Incentive Funds for agencies that require additional money.
“Our country needs good data to support useful evidence for decision makers,” reads the letter. “OMB has a central role in fostering a cohesive data and evidence ecosystem.”
Anduril buys small drone company, expanding its innovative tech portfolio
Startup defense tech company Anduril Industries announced Thursday its purchase of a small tube-launched drone manufacturer to expand its suite of emerging tech offerings into the unmanned systems market.
Anduril acquired Area-I to marry its automation and data-sensing technology from Anduril with the hardware capabilities of the Atlanta-based drone developer, the companies’ CEOs said in an interview with FedScoop.
Area-I sells a range of unmanned aircraft systems but specializes in tube-launched drones, which are fired mid-air from other larger aircraft and then fly on their own, maneuvering independently. The company will operate as a wholly-owned subsidiary of Anduril, allowing it to continue its operations with a new influx of cash. Neither company would disclose the transaction amount.
“We believe that to really enable these technologies to go, you have to solve the autonomy side,” Anduril CEO Brian Schimpf said.
Anduril has positioned itself as a “next-generation” defense tech company, aiming to corner the military’s burgeoning artificial intelligence, automation and sensing market. Small drones have become increasingly popular in the government, with military agencies strategizing around their use for everything from surveillance to creating on-the-fly mesh radio networks.
Area-I had already found success riding the wave of small drone interest within the DOD. The company’s Agile-Launched, Tactically-Integrated, Unmanned System (ALTIUS) drone was one of the technologies included in the Army’s Project Convergence test events that experimented with linking sensor data to increase targeting and shooting speed.
Similarly, selling technologies to power Project Convergence and the encompassing Joint All Domain Command and Control (JADC2) concept is a core part of Anduril’s business, company leaders have said.
Area-I has been on the hunt to partner with another company to increase its ability to sell to the military. But many of the traditional options emerging technology companies take, like being acquired by a traditional, old-guard defense contractor, would come at the cost to its innovative culture, Area-I CEO Nick Alley said.
“For years I have looked [at] joining forces and being acquired by a large aerospace prime; historically that just ruins the type of company that we are and the technology development gets slowed,” Alley said.
The spark for joining forces came after hours of “nerding out” on phone calls between the two CEOs. Both said they appreciated the priority each places on innovation, and Alley said that Schimpf’s “strategic vision” was what helped seal the deal.
Anduril was mainly looking to acquire a company that could provide a capability it knew the government wanted, Schimpf said. “Let’s just pick the thing that you obviously have to have to win.”
Microsoft wins $21B contract to produce 120,000 AR headsets for the Army
The Army has moved a prototype deal with Microsoft to develop an augmented reality headset into full production — calling for 120,000 headsets over the next decade under a $21.9 billion contract.
The contract comes 28 months after prototyping of the Microsoft HoloLens 2-based Integrated Visual Augmentation System (IVAS) began. IVAS is designed to help soldiers train with augmented reality headsets displaying combat situations.
The Army says the pace of the program’s development is far faster than most of its other major technology purchases, which usually take several years or even decades to field.
“The Army’s partnership with Microsoft redefined the timeline for rapid development and production of a major defense program by taking advantage of the Middle Tier of Acquisition and Other Transaction authorities, and partnering with a non-traditional defense contractor that is an industry leader in developing innovative technology,” the Army’s Program Executive Office Soldier, the office overseeing the procurement, said in a statement.
Microsoft president Brad Smith had previously said the company expected that it would likely win the production contract to build the system, telling Congress in February that the company had started constructing manufacturing capabilities for the system before the award.
The Army’s version of the HoloLens 2 headset adds more punch using Microsoft Azure cloud to pipe in training scenarios and other visuals to help soldiers better prepare for conflict. The Department of Veterans Affairs also uses Microsoft’s HoloLens.
“The same technology enables warfighters to execute the operation with real-time visual data that integrates everything from the building’s digital layout to local thermal images to facial recognition of the hostages and the identification of friendly forces,” Smith said about the technology in testimony to Congress.
Microsoft says that “soldiers have been deeply involved in the design process” over the past two years. The company praised the openness from DOD and its willingness to allow changes to the system during the prototyping phase as a key enabler of the program’s relative acquisition speed.
GSA expects Multiple Award Schedule consolidation finished this year
The General Services Administration expects to complete the third and final phase of its project consolidating 24 schedules for products, services and solutions into one Multiple Award Schedule (MAS) by the end of 2021.
Contractors had until end of day Wednesday to update their price lists so the special item numbers (SINs) and schedule numbers match what’s in the GSA eBuy! and eLibrary systems, which will help customer agencies find contracts more easily.
Now GSA wants MAS holders with multiple contracts to submit their plans by year’s end for consolidating them down to one per unique entity identifier (UEI).
“The rest of this year we’ll be focused on moving companies that have multiple contracts to one [contracting officer], so that you guys can establish your plans for any of these small businesses that do have multiple contracts,” Stephanie Shutt, director of the MAS Program Management Office, said during an ACT-IAC event Wednesday.
Contractors will have potentially the next five years to wrap up existing task orders without moving them over, in a “more natural” shift to one contract that lets the rest simply die off, Shutt said.
MAS consolidation is a “foundational” project for GSA — one of the four pillars of its Federal Marketplace Strategy for streamlining acquisition — that will pave the way for additional projects coming soon thanks to simplified terms and conditions, she added.
Contractors will be able to do e-modifications to their contracts any time to add additional SINs, and small businesses will be able to more easily partner in prime-subcontractor relationships that expand their offerings.
The MAS PMO recognizes it needs to update its systems and simplify contract language moving forward.
“A lot of our systems are old,” Shutt said. “So we are looking to see where we can update those across the board and get everything on a happier level for everyone.”
Army cloud agency expanding its team
The Army’s newly dubbed Enterprise Cloud Management Agency (EMCA) is growing its cloud operations team and extending new partnerships as the service tries to implement cloud-based tech.
The growth of the cloud team comes a year into ECMA’s operation and as it just recently gained new authorities as a field agency. It’s unclear exactly how many more cloud operators the agency hopes to add, but doing so will play a key role in supporting the deployment of a new tactical cloud network and other modernization initiatives, Director Paul Puckett said during an AFCEA webinar Wednesday.
“We are leaning in to expand our cloud operations team and really try to turn that into the new normal,” Puckett said, adding that the team will expand work on things like security and tactical deployments.
The ECMA has also expanded its partnerships across the Army, working closely with regional cyber centers, program executive offices and support commands, like the Army Network Enterprise Technology Command. Puckett said he meets weekly with other tech leaders across the service to work cohesively under the Army’s cloud modernization strategy.
“There is nothing that one does that the other is not involved in,” he said of the partnerships ECMA has formed.
Having a larger team for cloud operations means that the Army can take a more central approach to its cloud modernization. Before ECMA was stood up as the Enterprise Cloud Management Office in 2019, Army offices faced the daunting process of migrating their data to the cloud on their own, Puckett said. The shift is from the “thousand flowers blooming” approach to a more centralized push that can orchestrate a more common cloud architecture for the Army to work within.
Other impacts of ECMA’s growth will be seen in expanded environments for tech-related initiatives. The Army’s new software factory has soldiers code within a cloud-based environment supported by the ECMA, for example.
Other projects that straddle the worlds between technology and tactical use are also moving to the cloud. Along with partners like the Program Executive Office for Command, Control and Communications-Tactical (PEO C3T), the ECMA helped launch the recent “Tactical Cloud Infrastructure.” It’s the cloud version of the former “Tactical Server Infrastructure” that used on-premise and physical stacks to get compute at the edge.
But not everything has moved to the cloud as bandwidth in austere environments is limited. Puckett said the Army is working to “figure out what data needs to be local” and what can be stored in the cloud.