The obstacles to this new technology are hardly unique to it.
A shared digital ledger whose every transaction is preserved in mathematical amber, blockchain can offer transparency, trustworthiness, and immutability—qualities of obvious value to the world of defense acquisition. But to the U.S. defense industry, blockchain is just another small-company innovation that the Pentagon has failed to grasp, and it is instructive to look at why.
In the last five years or so, the technology has developed rapidly and is now being increasingly relied upon in supply chain management. Aerotrax is using blockchain to track aviation maintenance and repair; Italy’s entire banking industry will soon begin using it for reconciliations. But while there are some startups working on applying blockchain in the U.S. defense sector, such as SIMBA Chain, most have gone no further than pilots working with dummy data. Many have been built on blockchains that are fundamentally incompatible with the NIST standards with which all technologies for federal government are required to comply.
Several barriers have kept blockchain—and other new technologies—from finding a foothold in the Pentagon. The contracting process uses stringent criteria intended to verify that the vendor has a track record of success. But the requirement to provide, for example, five years of detailed financial data means that many great young companies—including blockchain developers—are out of the running before the starting pistol fires.
Compliance requirements are another barrier. Firms whose products would interface with federal systems must undergo the Federal Information Processing Standards (FIPS) process, which can take 18 months and requires renewal every two years. This can be a burden for large, well-funded defense firms, and an insurmountable barrier for a small company on a tight budget. Moreover, firms must renew their certification whenever they make a substantial change to their software, which creating a strong incentive for companies not to improve their technology as frequently as they might otherwise.
The U.S. government has taken some steps to open itself up to smaller businesses. The Small Business Innovation Research program, for example, offers funding for smaller companies with products at various stages of development. But these companies must be “primarily U.S. owned,” which locks out potentially useful innovations developed elsewhere. Moreover, the SBIR program has a poor track record of picking projects that eventually contribute to national security; just half of funded firms move on from early-stage projects. This means a significant portion of the budget is spent on largely theoretical technologies that never get close to the realities of use in the DoD.
So, what’s the solution? For one, the DoD could run “accelerator” programs — like CIA’s In-Q-Tel — that identify young companies with promising technology and help them apply it to defense problems. This would allow DoD to get a deep understanding of the technology and its possible applications early on, and shape its development to meet its needs. This close working relationship should also smooth the company’s path through the compliance process. And unlike SBIR, these programs should allow companies with promising technologies to skip the early phases and fast-track towards procurement.
More crucially, the Pentagon must create a better way to achieve FIPS compliance without locking out young firms or unduly slowing software upgrades. For example, the DoD might allow for nuance in its requirement that software upgrades mandate renewed certification. Significant software upgrades should be differentiated from more minor iterations, with only the former prompting renewal.
Technologies like blockchain have a lot to offer defense as well, but they can only do so if the DoD is willing to embrace innovation of its own and find new, more flexible ways of opening up to younger companies.