The diminished state of Defense IT acquisition and how to fix it

The Department of Defense’s reliance on commercial information technology has never been greater, or more openly acknowledged as mission-critical. Yet despite decades of reform, most major DOD IT programs continue to fail to deliver meaningful capability on time or on budget. According to the Government Accountability Office, large federal IT investments — including those at DOD — historically fail to meet cost, schedule or performance objectives more than 80% of the time.

What makes this failure rate especially troubling is that the system enabling it remains largely unchanged. System engineering and technical advisory teams that presided over failed programs often continue to profit from those same efforts. These conflicts of interest have been widely documented and were a contributing factor behind recent actions by the General Services Administration to rein in advisory contracts that blurred the line between independent oversight and vendor advocacy.

With the issuance of Executive Order 14265 and renewed Defense IT modernization mandates, the department can no longer afford to repeat the enforcement failures that plagued earlier reform efforts. Past initiatives — including the Clinger-Cohen Act of 1996, CICA, OMB Circular A-130, Sections 804 and 809 of the FY2009 NDAA and the Federal IT Acquisition Reform Act (FITARA) — were well intentioned but ultimately produced limited results due to weak training, misaligned incentives and minimal accountability. Despite decades of documented failure, meaningful consequences remain rare. No senior leaders are removed for repeated IT program collapses. 

On a positive note, the Trump administration has doubled down on these challenges with EO 14265, Reforming Defense IT Acquisition and Innovation, which aligns with the decades of investments in change.

The root causes are well known

Three decades of GAO reviews, congressional hearings and internal DOD assessments point to the same structural problems.

First, DOD continues to generate over-engineered requirements that prematurely lock programs into legacy solutions. Limited exposure to emerging commercial technologies, particularly those outside the traditional defense industrial base, means requirements are often written around outdated architectures. GAO has repeatedly identified unstable and overly prescriptive requirements as a primary driver of IT cost overruns and schedule delays.

Second, the department remains constrained by industrial-age acquisition processes that are fundamentally incompatible with modern software development. JCIDS, DODAF, Technology Readiness Levels and the DOD 5000 series were designed for hardware-centric weapons programs — not continuously evolving, software-defined capabilities. Despite years of policy guidance endorsing agile development, waterfall approaches remain the default.

Third, the acquisition workforce is poorly defined. Those in designated positions receive formal training and gain experience in a progressive management model. But a large portion of those writing requirements, statements of work and driving acquisition decisions are not part of the designated acquisition workforce. These personnel are often under-skilled, poorly incentivized, risk-averse and frequently execute acquisitions in ways that diminish or eliminate competition. 

This is especially true for IT programs in “sustainment” operations (non-development). But like development programs, they have a need for continuous modernization. FITARA sought to elevate the role of agency CIOs and strengthen IT governance, yet GAO continues to report uneven implementation across DOD components and limited enforcement of CIO authority. Program success is still measured by obligation rates and compliance milestones, not operational outcomes.

Fourth, persistent technology talent gaps inside government drive poor investment decisions and excessive reliance on contractors for technical judgment. When the government lacks in-house expertise to challenge vendor recommendations, contractors effectively design, justify and evaluate their own work — a risk GAO has flagged repeatedly.

The Information Technology Acquisition Advisory Council (IT-AAC), a government chartered research institute, has reviewed many of DOD’s most visible IT failures and, in numerous cases, identified these structural flaws early in the program lifecycle — well before costs escalated or schedules collapsed. Though we have already developed a suite of agile alternatives to DOD’s “waterfail” acquisition methods, the lack of workforce incentives or accountability remains a major barrier to sustainable reforms. 

Oversight has receded as risk has grown

Congress and the White House continue to introduce new acquisition authorities, but follow-through remains inconsistent. Regulatory “fixes” are increasingly ignored due to weak oversight by defense acquisition leadership, the DOD CIO and the DOD inspector general — entities intended to serve as institutional guardrails.

A review of the past three decades suggests a clear negative inflection point after the DOD CIO effectively dismantled its Clinger-Cohen and FITARA enforcement functions.

At the same time, Congress expanded the use of noncompetitive contracting mechanisms, including Other Transaction Authority (OTA) and FAR 6.302 sole-source justifications. While OTAs were designed to attract nontraditional and innovative suppliers, GAO and the Congressional Research Service have documented their growing use by large, incumbent defense contractors — often with limited transparency or competition.

Organizations such as DISA, JAIC/CDAO and elements of the Air Force and Space Force have collectively awarded billions of dollars under OTA vehicles to firms that clearly do not meet the statutory definition of nontraditional defense contractors. This is not acquisition reform; it is regulatory arbitrage.

Reform requires accountability, not more policy

If the president and the secretary of defense want to break this cycle, they must confront a hard reality: Defense IT acquisition failures are driven by people, incentives and enforcement, not by a lack of rules.

Real reform requires:

• Enforceable CIO authority tied to mission outcomes;
• Workforce training, certifications and incentives aligned to establishment and maintenance of modern digital skills and accountable acquisition discipline tied to cost, schedule and performance outcomes;
• Mandating that all IT programs acquisitions be managed by trained and certified acquisition workforce personnel and not by personnel with only technical competency;
• Independent technical oversight free from contractor conflicts;
• Disciplined and transparent use of noncompetitive authorities.

The policy framework for success already exists. Until incentives change and accountability is real, DOD IT acquisition will continue to absorb billions of dollars while delivering far too little capability to the warfighter.

John Weiler is the cofounder and executive director of a government-chartered research institute called the IT Acquisition Advisory Council (IT-AAC).