Cyber takes center stage in Pentagon's new acquisition guidance

The Pentagon's new buying guide, Better Buying Power 3.0, adds cybersecurity to the list of potential trouble spots in weapons, IT and other acquisitions. The new document, released April 9, pays special attention to making sure cybersecurity is baked into the entire lifecycle of military networks and systems.

The release of BBP 3.0 is intended in part to make sure cyber is "constantly in mind" as the Pentagon and the defense contractor community designs, develops, tests, builds and maintains weapons and other equipment.

"So whereas Better Buying Power 1.0 and 2.0 focused on reforming our acquisition processes and making them more efficient, Better Buying Power 3.0 is primarily about providing dominant capabilities to the warfighter to try to maintain that technological overmatch that we've always enjoyed and, if anything, to try to extend it if at all possible," said Deputy Secretary of Defense Bob Work.

In particular, BBP 3.0 is seeking to help the U.S. retain its technological edge in an environment where rival nations are increasing their defense spending and foreign state actors are working to tap into U.S. government and commercial networks to pilfer valuable and potentially game-changing military technology.

"The technological superiority of the United States is now being challenged by potential adversaries in ways not seen since the Cold War," Frank Kendall, undersecretary of Defense for acquisitions, logistics, and technology, said in a memo announcing the new guide.

The BBP 3.0 initiative notes that unclassified, controlled technical information, potentially including restricted contracting documents, are "particularly vulnerable to traditional and nontraditional foreign intelligence collection." That information can tip a potential adversary to the Pentagon's plans, and can, "significantly degrade U.S. technological superiority by saving an adversary time and effort in developing similar capabilities or countermeasures." The new buying guide looks to protect controlled technical information by adding new safeguarding measures to all DoD contracts.

"We put out some guidance through the DFAR last year, tightening up our requirements on industry. In fact, there were no requirements on industry for protection of unclassified technical data, and we were losing a lot of it through cyber theft," Kendall said at a Pentagon press briefing.

At the policy level, leading Pentagon officials -- including the CIO -- will add a new section to the DoD's acquisitions manual detailing the cybersecurity responsibilities of program managers. Additional measures include plans for increasing security on critical technology and acquisition programs, and the development of a "joint analysis capability" that brings together law enforcement, counterintelligence and acquisition.

Like its predecessors, BBP 3.0 covers a lot of ground. Based on new performance analyses, the Pentagon is placing a greater emphasis on incentive-based contracting. While the document cautions against a "wholesale conversion to these types of contracts," it backs a preference for incentive structures where they make sense.

The Pentagon plans to put a renewed emphasis on the acquisition of off-the-shelf technology with the launch of a community of practice at Defense Acquisitions University covering commercial services.

The document also promises new guidance on how program managers can interact with commercial technology providers under current DoD acquisition regulations. BBP 3.0 also includes guidance on modular systems architecture and design, so that program managers can take advantage of advances in technology -- even in weapons systems, ships and aircraft that might have a product lifecycle measured in decades.

"On the F-35, for example, we are on our third ... iteration of technology refresh already, and we're still in development. It's because the processing world is moving much more quickly than our programs move," Kendall said.

The Pentagon is also looking to get more out of its spending on science and engineering labs, and direct funding to create programs that focus on science, technology, engineering and math education.