Lawmakers in the Senate are running out of patience with the nebulous status of the Joint Regional Security Stacks effort and want to give new contracting authority to Cyber Command.
The Senate Armed Services Committee is looking to repeal a pilot program that required defense contractors to pay the Defense Department’s legal fees after a failed bid protest with the Government Accountability Office, according to a provision in the Senate of the 2021 National Defense Authorization.
The pilot program, which was intended to run from Oct. 1, 2019, to Sept. 30, 2022, was first authorized in the 2018 NDAA, requiring the defense secretary examine the "effectiveness of requiring contractors to reimburse the Department of Defense for costs incurred in processing covered protests."
The Senate is also is looking to get the Pentagon to make the Joint Regional Security Stacks effort a program of record or face a loss of support. The Senate version of the 2021 NDAA would ban the Defense Department from a JRSS deployment to classified networks for fiscal year 2021.
Lawmakers are seeking a review to address whether JRSS should continue as a program of record or be phased out "with each of the Joint Regional Security Stacks replaced through the institution of cost-effective and capable networking and cybersecurity technologies, architectures, and operational concepts within five years" of enactment.
Should the defense secretary choose to proceed with JRSS implementation, the bill mandates an assessment outlining operational requirements documentation and acquisition strategy and baseline, testing, personnel requirements along with identifying a program office and manager overseen by the DOD’s acquisition chief and CIO.
The move comes a little more than a year after a Pentagon watchdog suggested DOD pause its implementation of the program due to cybersecurity risks. Military service branches have been phasing in the technology in recent years amid reports of latency among other issues that the Defense Information Systems Agency set out to fix.
U.S. Cyber Command could get more buying power in the Senate NDAA.
The bill eliminates a $75 million ceiling on Cyber Command's acquisition authority contained in the 2016 defense policy bill. That ceiling was scheduled to sunset at the end of fiscal year 2021. Since that limitation was put in place, CyberCom has been elevated to an independent combatant command.
Cyber Command's limited acquisition authority has been a point of contention, which has had to rely on other organization's contracting vehicles for large procurements.
Other combatant commands, including the recently established Space Command, have full acquisition authorities.
In a May post in Lawfare, Erica Borghard, senior director and lead of Task Force One for the Cyberspace Solarium Commission, argued that new acquisition authorities could give CyberCom the ability to resolve funding disputes with the services” and keep with its preemptive “defend forward” strategy.
"If the strategy of 'defend forward' demands an agile force that can maneuver and adapt in a fast-paced environment (in terms of both evolving adversary approaches as well as changing technology), then that force needs to be able to acquire goods and services to fulfill those requirements," Borghard wrote.