NEWS FROM SOFIC: Pentagon Forging Ahead with 'Acquisition Enablers'
Photo: NDIA/Melanie Yu
TAMPA, Fla. — The Pentagon's “acquisition enablers” initiative is laying the groundwork for speeding up the process of adopting new technologies, according to the head of the effort.
“The purpose of my office is really to be thinking about how we enable the services and how do we enable the [combatant commands], how do we enable the warfighters to get the capability that they need in support of the national defense strategy,” Principal Deputy Assistant Secretary of Defense for Acquisition Enablers Stacy Cummings said May 22 at the Special Operations Forces Industry Conference.
The effort stemmed from an organizational split of what was formerly the office of the undersecretary of defense for acquisition, technology and logistics, she noted. That office has been separated into the office of the undersecretary for acquisition and sustainment and the office of the undersecretary for research and engineering. The acquisition enablers initiative is part of the A&S bureaucratic structure.
One of the goals of Cummings' organization is reducing regulations and tailoring acquisition processes to the “individual characteristic of programs,” she noted. For example, the office is examining ways to adopt new software faster and avoid putting the technology through the standard acquisition roadmap, she said.
“We have policies and training and capabilities in place that encourage us to deliver software the same way we deliver hardware,” Cummings said. “This is not how the commercial industry does it and this is not how you deliver capability ... to compete with our competitors.”
Additionally, her team is rewriting almost all policies included in the adaptive acquisition framework, she noted, which outlines multiple pathways for technology acquisition such as through middle-tier acquisition authority or urgent operational needs statements. The aim is to reduce the amount of paperwork and oversight needed to carry out a program, she explained.
Rather than mandate permission to bypass certain requirements, the policies would require the development of a solid acquisition strategy from the outset, she noted.
“We don't want to say: ‘Here are all the things you have to do [and] you can ask permission to take them out,’” Cummings said. “We want to shift the paradigm to say, ‘You must do these basic things. You must have a good acquisition strategy that is a contract between the program manager and the milestone decision authority.'”
Over the next year, Cummings' office intends to make these changes through Defense Department instructions and policy updates that “will enable the program manager to really take control of their program” and field technology quickly, she said.
The changes would also allow program managers to use different acquisition tools for different parts of a program, she said. For example, they could choose to have the enabling software of an aircraft bypass the traditional milestone process. This would help field equipment more quickly and allow the technology to be used in other devices as well, she noted.
“If we can create a more modular approach to the way that we buy capabilities, we can deliver them faster, we can get them in the hands of the user faster, we can test them faster and we can reuse them when it makes sense across the Department of Defense,” Cummings said.
Her office is also working to improve cybersecurity across the defense industrial base by creating minimum standards and certifications. The organization is looking to partner with the Johns Hopkins University Applied Physics Laboratory and Carnegie Mellon’s Software Engineering Institute on this effort, she said. The idea is to create a certification that a company would earn that would be applicable to all Pentagon programs it supports. As part of this initiative, Cummings' team is also looking to find ways to work with small businesses in a cyber-secure manner, she noted.
“All of our defense industrial base needs to have a level of cybersecurity, and that needs to be a requirement,” Cummings said. “That would be a minimum level of cybersecurity. And depending on what you're doing, that requirement goes up depending on the risk, depending on the type of data … that you are creating and storing. ”