IT, acquisition face changes in 2018 defense bills

The House and Senate have completed their draft 2018 defense bills that could result in significant changes for acquisition and IT management in the Pentagon.

Shutterstock image (by alienant): An aerial view of the pentagon rendered as a vector.

The House and Senate Armed Services Committees have completed their markups of the 2018 National Defense Authorization Act, and the Senate version lays out major reforms to cyber, innovation, IT management and information operations.

The two versions differ somewhat on topline numbers, with the House calling for $631.5 billion in base defense funding with another $65 billion in war funding, and the Senate clocking in at $640 billion and $60 billion respectively.

Those differences are relatively trivial compared to Senate proposals such as splitting of some of the CIO's responsibilities -- handing business functions to the chief management officer and giving much of the cyber portfolio to a new chief information warfare officer position.

According to the SASC NDAA summary, that Senate-confirmed position "would assume responsibility for all matters relating to the information environment of the DOD, including cybersecurity and cyber warfare, space and space launch systems, electronic warfare, and the electromagnetic spectrum."

SASC is calling for a "cross-functional task force" to integrate information operations, electronic warfare, public affairs and cyber operations to produce strategy and planning to "counter, deter, and conduct strategic information operations and cyber-enabled information operations."

The Senate bill focuses on improving software-related acquisition through "a high-level study by the Defense Innovation Board, a pilot program to start effective new software activities, and other programs to realign troubled major software acquisitions."

To that end, the SASC NDAA reduces funding for a number of software and IT initiatives in an effort to push the DOD to more standardized services and commercial products. "The NDAA includes several pilots as well as associated training, tools, and infrastructure to accomplish this," states the summary.

SASC is also proposing cuts to Army networking programs. Funding for the Warfighter Information Network-Tactical would drop by $448 million, and the Distributed Combat Ground System would lose $150 million. The bill also cuts $200 million from the Integrated Battle Command System, which has been fraught with software glitches.

While the SASC is cutting funding for some IT programs, it is adding half a billion dollars to innovation programs designed to advance the Third Offset Strategy of U.S.  technological superiority.

Like the House version of the NDAA, SASC is emphasizing acquisition reform and using vehicles such as Other Transactions Authority and Experimental Procurement Authority to speed development and deployment of new technologies.

SASC Chairman John McCain (R-Ariz.) was highly critical of the Obama administration for not developing a comprehensive cyber deterrence strategy, and he has maintained that critique during the Trump presidency. The SASC markup requires the U.S. to set forth a policy to employ "all instruments of national power" to deter and respond to cyberattacks.

The SASC NDAA mandates the secretary of defense conduct a cyber posture review and "requires the Commanders of U.S. Cyber Command and U.S. Strategic Command to jointly assess the cyber resiliency of the nuclear command and control system."

One provision of the Senate bill that has raised eyebrows is a ban on the DOD using any Kaspersky Lab software "due to reports that the Moscow-based company might be vulnerable to Russian government influence."

Kaspersky, which was founded in Russia 20 years ago, is the subject of an FBI counterintelligence investigation, and senators from both parties have been highly critical of the organization in the wake of Russia's information operations campaign against the U.S. election.

Eugene Kaspersky, the firm's CEO has repeatedly denied claims the company has any ties to Russian intelligence. "We have never helped, nor will help, any government in the world with their cyber-espionage efforts," Kaspersky wrote in a recent blog post.