How to accelerate tech modernization (and still play by the rules)

Recently, Michael Kanaan an Air Force intelligence officer and currently director of operations at an USAF AI research accelerator, made a splash on Linked In with an impassioned plea for the Department of Defense to Fix Our Computers.

Kanaan cited interminable start up delays, outdated software and antiquated computers as just a few of the problems getting in the way of mission accomplishment. This story landed on the heels of the announcement that the DOD would be abandoning its Joint Regional Security Stacks (JRSS) initiative after years of implementation, and once again raised questions about making progress on technology modernization at DOD.

It's important to note that DOD has perhaps the most complex operating environment of any organization in the world -- millions of people, around the world, deployed in hostile terrain, at sea, under sea and in the air. Defense initiatives dwarf the size and complexity of other government agencies and private sector firms. But, even given all of that, the fact remains that you can't buy computers like you buy ships.

Acquisitions in DOD can be extremely large and costly, and rightfully undergo extensive scrutiny. Sometimes, though, the level of oversight becomes so extreme that it diverts labor, time and money away from program execution to focus instead on feeding the oversight process. The reality is that size plus complexity plus extreme oversight equals an inability to make rapid progress and deliver results.

This complex technology delivery path has sent program managers in search of alternative approaches to gain speed and flexibility. Other Transaction Authorities (OTAs), an alternative approach to Federal Acquisition Regulation (FAR) requirements, used to be relegated to the world of research and development, but in recent years there's been an explosion in OTA use to bring speed and encourage innovation. (To learn more about OTAs, read this outstanding report published last year by the IBM Center for the Business of Government.)

I will never forget, years ago, when a DOD organization decided to subject the Oracle eBusiness Suite to what's described as a Technology Readiness Assessment (TRA), a process designed to see if a new technology is ready for DOD use. While TRAs are a great tool to evaluate technical maturity, it was a waste of time for a commercial, off-the-shelf solution already widely in use around the world. And, of course, the punchline of the story is that it initially failed the TRA assessment.

Tales like these abound. While the right testing and informed oversight are very important, protracted oversight lengthens the time required to get new capabilities deployed and is a key reason why so many major system acquisitions take years to deploy, fail to stay abreast of technology maturation and don't engage the customer in time to incorporate their feedback and win their hearts and minds.

JRSS is a classic example. When the Army wanted to move to the JRSS architecture, there were compelling reasons to applaud the initiative. But one size doesn't fit all in a place like DOD, where some IT is outsourced, some is in government-controlled enclaves and most of it is on a journey to the cloud. Just like the original Trusted Internet Connections (TIC) program across government, times and technology changes required JRSS to be a quick and near-term solution that worked for some, rather than trying to force-fit it for everyone.

The stories aren't all bad. For example, DOD's implementation of the Common Access Card was ground-breaking 20 years ago, and a model for smart card and public key infrastructure implementations. Decades later, the solution still works. How did it get implemented across 3.5 million people in just a few years? It took alignment of objectives and a broad coalition of support. It moved fast, with initial goals of implementation within two years, which while not realistic for the entire Department, still made enough progress in that short time to gain critical mass. It flew under the radar of acquisition oversight, by declaring smart cards as more of a commodity than a major IT program. Finally, it reached a tipping point by quickly embracing some killer applications that benefitted users, e.g., cryptographic logon for network access, access to web-based apps like filing a travel claim and physical entry to bases.

These stories highlight a few important ideas to consider in bringing speed and customer satisfaction to technology modernization.

Moving from oversight to outcomes. There is a crucial difference between a focus on oversight and a focus on outcomes. From congressional oversight to acquisition system oversight, it is time to replace oversight processes that focus on finding fault and delaying progress by attempting to avoid all risks. Instead, we must demand outcome-based agency and program plans that are visible, tracked and supported by the agency. Congressional hearings could focus on discussions of progress against plans, using data to replace decisions made from fear and anecdote. And program reviews could focus on product delivery rather than updates of the extensive set of documentation that mires down some technology solution deployments.

Letting go of personal control. At the heart of so many of these challenges are the twin specters of personal control and competing equities. Cybersecurity is a national imperative and the Defense Information Systems Agency should be applauded for their embrace of Zero Trust Architecture. There's an important difference between cyber solutions that enable the adoption of new technology and those that impede mission accomplishment by either not being flexible enough to adapt to new technologies or preclude industry from bringing commercial solutions and best practices to government.

Using the acquisition process to gain speed and innovation. While in subsequent years, there was much debate about the ability of the Navy Marine Corps Intranet to adapt to rapidly changing cyber requirements and the imperatives of joint operations, there is no debate that a revolutionary seat management contract at the time was implemented very quickly across an extremely disparate set of Navy and Marine Corps commands. Once again, it took a strong coalition of top leaders; uniformed, political and career, driving what was an immense cultural change. It was also a testament to the power of FAR Part 12, managed services performance-based contracting. And while the managed services approach was mercilessly tortured at the time—despite being an approved FAR-based approach—decades later, managed services are the "go to" approach for everything from cloud computing to business process outsourcing approaches.

From OTAs to managed services, there are no shortage of opportunities to use a rapid, modular approach to acquisition that encourages industry to bring their best new ideas to bear rather than being bound by rigid statements of work. Experimentations and pilots help to break the stranglehold that legacy programs of record have on an agency's modernization plans, demonstrating the art of the possible, and helping us get over our risk aversion and fear of losing personal control. My dad used to remind me to use the right tools for the job, and there are great tools available to help bring speed to modernization efforts. We must however, stop using program size, complexity and excessive oversight to needlessly prolong the delivery of much needed tools. Collectively, with strong and committed leadership support, we can buy technology differently than we buy major systems and we can heed the call to "fix our computers."