An industry group is recommending the Department of Defense institute continuous and repetitive development, test and certification processes that drive commercial information technology (IT) to deliver more trusted and standard blocks.

The 33-page industry task force report, Industry Perspectives on the Future of DoD IT Acquisition, from the Association of Enterprise Information (AFEI), said the “DoD should begin implementation of the improved IT acquisition process immediately by chartering a number of independent, three-year pilot projects whose sponsors are incentivized for their own reasons to develop enterprise capability.”

These pilots, the report noted, “will lead to a self-sustained persistent development, test and certification environment associated with a flourishing marketplace of ‘net- ready’ re-usable components.”

“New policy and training should follow observed successes in this pilot initiative. New legislation should learn from the unintended consequences of previous legislation such as Goldwater-Nichols, Clinger-Cohen, and FY ’07 National Defense Authorization Act regarding Major Automated Information System (MAIS) reporting,” the document added.

These laws have led to de-incentives for innovative behavior, and incentives for increasing bureaucracy, according to the study.

“New legislation should repeal MAIS reporting requirements and incentivize the desired innovative, risk-accepting, behaviors associated with successful commercial IT practitioners,” the report said. “In particular, it should automate oversight processes, define and mandate an enforceable enterprise-enabling innovative role for government acquisition professionals, eliminate bureaucratic overhead, and mandate and reward specifically defined better-speed-to-better-capability.”

The findings contained in the June 6 report are based on a close examination of past successes and failures in government and industry.

“Clearly, the defense community’s progress toward delivering on its Global Information Grid (GIG) ‘netcentric’ vision is woefully unsatisfactory,” the report said. “Watchdog reports have documented how defense program after program fail to implement open, modular, enterprise IT capability as a result of the slow, serial, monolithic, bureaucratic, defense acquisition process. The same reports inevitably suggest that success requires more agile, innovative, evolutionary behavior.”

The report noted two technology gaps on the critical path to defense enterprise success:

Information Assurance (IA). “The commercial state of the art is medium assurance at best, it does not scale to the tactical edge, and does not support dynamic, risk/reward- based need-to-protect vs. need-to-share information exchange policy.”

Semantic Interoperability (SI). “There are no generic commercial tools that manage the ‘information overload’ issue, that is, deliver critical information to critical nodes at critical times. Google is the metaphorical state-of-the-COTS-art. We can’t expect warfighters at the pointy-end to ‘Google’ under fire.”

Given limited resources and the staggering rate of change in the IT landscape, the only possible path to success is for the defense community to join and invest in the COTS ecosystem as a peer, according to the report. “COTS-based development, or even buying COTS, is not the same thing as joining and investing in the COTS ecosystem.”

New legislation should learn from the unintended consequences of previous legislation such as the Goldwater-Nichols, and the Clinger-Cohen Act, the report noted.

“For instance, Goldwater-Nichols legally separated responsibility for defining system requirements from responsibility for acquiring systems. Acquisition activities report to civilian defense leadership, that is, the service secretaries; requirement development activities report to uniformed defense leadership, that is the service chiefs,” the report added. “In retrospect, that separation is a counter-productive artificiality that adds layers of bureaucracy. By contrast, the Clinger-Cohen Act is quite enlightened. Its language requires government IT activities to behave exactly like the best run industrial IT shops. However, the defense enterprise has chosen to implement Clinger-Cohen Act by requiring burdensome compliance documentation that clearly has nothing to do with commercial best practice. Hence, these laws have led to de-incentives for innovative behavior, and incentives for increasing bureaucracy.”

Specific recommendations include:

Approach IT acquisition strategy as continuous “Tech Refresh” throughout system development and lifecycle. Buy-down risk with as much pure commercial-off-the-shelf (COTS) as possible;

Contractually require providers to nurture “Beta Development Communities” among operational customers;

Invest in basic research to close COTS gaps regarding Defense Enterprise requirements and “open source” the results. In particular, fund COTS IT vendors to develop improved Information Assurance (IA) and Semantic Interoperability (SI) solutions and provide developed GOTS (Goverment-Off-The-Shelf) IA and SI components as Government Furnished Equipment (GFE) to industry at large.

Develop automated test, certification, and accreditation (C&A) for IA and interoperability processes based on modular risk vs. reward trust model (evaluate relative need- to-protect vs. need-to-share), provide reusable end-to-end security tools, templates, and policy that allow quick introduction and use;

Include continual post-deployment testing as an aspect of life cycle support;

Create a persistent, virtual, online, service-based, enterprise development, test, and certification environment including enforced cross-program workflow, level requirements and associated objective value-based metrics for desired operational outcomes, need-to-know vs. need-to-share, information processing efficiency, and acquisition process efficiency across an enterprise system; and

Empower engineering-level government officials as Enterprise Chief Information Officers and Enterprise Chief Architects, with mandate, training and scope-of-authority necessary to deliver enterprise capability raipdly, innovatively, and incrementally.

The recommendations are to apply equally to all defense activity that involves IT, according to the report.

“Even programs that aim to develop platforms, weapons, or sensors over long time frames must continuously evolve their IT components to avoid becoming obsolete before Initial Operating Capability (IOC),” the study said.