Beyond FITARA: 8 ways the defense bill seeks to modernize Pentagon IT

The inclusion of a major piece of IT acquisition reform legislation in the fiscal 2015 defense authorization bill made headlines in the federal technology world. But the $585 billion measure, which the House passed Dec. 4 by a 300-119 vote, would also support new and continuing IT initiatives across the military.

The bill contains guidance and requirements for openness and modularity in the design of IT systems with the goal of streamlining IT procurement at DOD. The compromise version of the legislation, which includes the Federal IT Acquisition Reform Act, is expected to be cleared by the Senate and signed into law by President Barack Obama, although some senators unhappy about the inclusion of federal land-use riders have said they'll try to remove them, which could slow final passage.

Here are eight significant IT provisions:

1. On the management side, the Pentagon would get a new top IT official in 2017. The deputy chief management officer and CIO roles would be combined into the post of undersecretary of Defense for business management and information. The new job would rank above the undersecretary for acquisition, technology and logistics -- an important fact for anyone who has to seat both leaders at the same formal dinner.
2. The bill would require the Pentagon to develop open architecture standards for IT systems, review and report to Congress on IT systems that are not being developed and maintained on an open and modular basis, and suggest ways to put legacy systems on a more open footing. The "joint explanatory statement" released by the House and Senate Armed Services committees in lieu of a formal report goes after old-school IT acquisition practices, signaling impatience with the way the military is adapting -- or not adapting -- to new realities in the technology world.

According to the report, the Pentagon is misconstruing its power to drive the IT market as it did in the past and isn't doing enough to take advantage of commercial technology and methods. "Ideas such as agile development, the use of clear requirements tied to software development timelines, rethinking the processes for capital planning and investment...are prevalent within the commercial sector, but often face resistance and hostility from government program managers and contracting officers," the report states.

3. The secretary of Defense would be required to come up with a plan that includes basic cybersecurity instruction for all members of the armed forces. The bill seeks to improve the quality of specialized cybersecurity training by requiring that the development of test ranges be integrated across the military services.
4. The bill would mandate that the DOD CIO pick a standard, open-source, machine-readable language for reporting cyber threat data across the Joint Information Environment and at military cyber test ranges.
5. A section on the JIE transformation and modernization effort would require the DOD CIO to report to Congress on a baseline architecture for the JIE and metrics for measuring how the JIE is affecting operational effectiveness.
6. The bill would require the secretary of Defense to report to Congress, on a classified basis, about cyber threats to national security systems that pose risks to military IT or telecommunications.
7. A section on monitoring and detecting insider threats would require the secretary of Defense to submit plans for an interim system that automates the continuous monitoring of employees and contractors with access to classified information while a governmentwide solution is being built.
8. The bill would order the Army's troubled Distributed Common Ground System, an intelligence-sharing network, to be migrated to an open architecture system to allow for "competitive acquisition of components, services and applications."