Erica R. McCann photo
NDAA & the Lame Duck: Here’s What Contractors Should Be Watching and How Congress Can Get IT Right

When the House and Senate return for an expected ‘lame duck session’ after the election, one of the proposals they plan to focus on will be the FY15 National Defense Authorization Act (NDAA). To speed up the proverbial legislative sausage making, the House and Senate Armed Services Committees are pre-conferencing their separate proposals now because it is unlikely the Senate could complete passage of their bill and have time remaining for the reconciliation process needed with the House.  Instead the committees are working off the House-passed version of the bill (H.R. 4435) and the Senate Committee marked version (S. 2410).  It’s a process that has been used for the last two NDAAs and lets the committees produce an authorization bill by melding the two versions beforehand.

Today the IT Alliance for Public Sector (ITAPS) is submitting a set of specific recommendations  calling attention to information technology (IT) specific provisions that we are concerned about or support. Lawmakers should consider them closely given the NDAA’s frequent use as the primary vehicle for legislative changes to how the government acquires goods and services, including IT, and to the rules and regulations governing contractors in the federal market space. 

ITAPS has very strong concerns about the following problematic provision lawmakers should carefully consider and address:

  • Section 1083 Report on Certain Information Technology Systems and Technology and Critical National Security Infrastructure – Sec. 1083, in the House passed version of the NDAA, would require the Secretary of Defense and the Director of National Intelligence (DNI) to “submit to the appropriate congressional committees a notification of each instance in which the Secretary or the Director determine through analysis or reporting that an information technology or telecommunications component from a company suspected of being influenced by a foreign country, or a suspected affiliate of such a company, is competing for or has been awarded a contract to include the technology of such company or such affiliate into a covered network.”  A covered network is defined to include IT or telecommunications networks of the Department of Defense (DoD) or the intelligence community (IC) as well as networks of network operators supporting systems in proximity to DoD or IC facilities. 

ITAPS and ITI have concerns about this provision for numerous reasons, as highlighted below:

  • The language is ambiguous and many terms are not defined;
  • A company’s relationship with a foreign country is not necessarily relevant to security of the products or services in question;
  • There is strong potential for global backlash on U.S. ICT companies; 
  • It is unclear what DoD, DNI or Congress will do with these findings; and
  • There is no adjudication or transparency in how this process will work and if companies will have an opportunity to resolve findings 

Section 1083 raises questions and causes confusion while offering no meaningful solutions to improve the integrity of information technology and telecommunication products and services. ITAPS strongly opposes this section as written and would submit that DoD and DNI currently have appropriate authorities to identify threats to their networks and provide notice to Congress when those threats are identified. 

As House and Senate staffs continue to pre-conference the bill, ITAPS would like to voice support for the following provisions:

  • Section 901 - Reorganization of the Office of the Secretary of Defense and Related Matters – this provision elevates the authorities and responsibilities of the Chief Information Officer (CIO) at DoD by combining them with the Department’s performance and management authorities and responsibilities to create a new Undersecretary of Defense-level position that combines these roles. The tech sector has long supported elevating the role and authority of the CIO with direct access to senior leadership in each agency to secure by-in and engagement on IT investment and management decisions. This reorganization of the role of the CIO accomplishes that objective and, statistics have shown, should lead to improved performance and return on investment for information technology at the DoD.
  • House Division E Federal Information Technology Acquisition Reform Act (FITARA) - ITAPS believes FITARA is a step in the right direction to improve how the government acquires IT. In fact, there are many provisions in FITARA that are in line with the ITAPS IT Acquisition Reform Principles[1] and we encourage the adoption of those provisions, as they will serve to incubate the broader acquisition reform effort. Specifically, we believe that certain provisions must be included in the final version in order to address numerous facets of IT acquisition reform. They include the provisions that enhance authorities to the civilian CIOs, fund IT investments in multi-year revolving funds, transition the U.S. government to the cloud, optimize data centers, strengthen the IT acquisition workforce, and encourage better communication with industry. While other provisions still need more attention before the bill advances, such as an IT inventory that categorizes all IT investments instead of just software and the codification of strategic sourcing, we believe that alternative solutions can help achieve the same goals. In that vein, we continue to support a wholesale review of the acquisition system that includes various stakeholder groups in order to achieve true reform. 

Additionally, we believe that both House Division E and Senate Section 901 can be reconciled and thus support both provisions. The CIO authorities in FITARA are complementary to the enhanced authorities granted in Senate Section 901 because both elevate the authorities and responsibilities given to IT management positions that must have a bigger role in IT investments. Whether at the DoD or the civilian agencies, CIOs should play key roles in the acquisition of major IT systems, which will inevitably help to improve the success of the program. 

  • House and Senate Directive Language on Cloud Computing Capabilities, Services and Acquisition - ITAPS supports the House and Senate report language calling for an assessment of DoD’s progress in evaluating and adopting commercial cloud capabilities. We also support assessing and comparing features, security, performance cost, and functionality of the “milCloud” operated by the Defense Information Systems Agency with the services offered by commercial cloud providers as necessary for an equitable competitive market and to ensure that commercial cloud providers are not being held to a different or higher standard than government cloud providers. With continued shrinking budgets and the threat of more sequestration cuts, commercial cloud solutions can deliver greater efficiencies for IT systems and ITAPS strongly supports efforts to facilitate adoption by DoD. 

The ITAPS team has been closely monitoring these and a host of other contractor-related provisions as these proposals have moved through the legislative process. We work with other similarly interested trade associations through the Acquisition Reform Working Group (ARWG) to develop a comment package regarding these contracting issues and concerns that industry has regarding provisions in both proposals.  We will continue to track NDAA and advocate for smart IT policy evolutions in the way government contracts for goods and services.

Pam Walker contributed to this blog. 

Should you have any questions, please contact Pamela Walker for cybersecurity-related issues or Erica McCann for procurement-related issues.

About ITAPS.  ITAPS, a division of the Information Technology Industry Council (ITI), is an alliance of leading technology companies building and integrating the latest innovative technologies for the public sector market. With a focus on the federal, state, and local levels of government, as well as on educational institutions, ITAPS advocates for improved procurement policies and practices, while identifying business development opportunities and sharing market intelligence with our industry participants. Visit itaps.itic.org to learn more. Follow us on Twitter @ITAlliancePS.

Public Policy Tags: Public Sector