The Defense Information Systems Agency, like other federal agencies and the Defense Department as a whole, is bullish on tapping into the ideas of innovative startups popping up in private sector, particularly Silicon Valley. But finding a way to integrate those fast-moving startups into DISA’s rules-encumbered procurement process remains a major hurdle.
“I definitely think there’s potential there, but the challenge then is how do you not bog them down,” DISA’s risk management executive and current CIO, John Hickey, said Friday during a media roundtable at AFCEA’s Defensive Cyber Operations Symposium. That’s “because they have a very short cycle where they have to show revenue or they’ll lose a lot of that capital money they’ve acquired to deliver something and make a profit.”
Hickey, who visited Silicon Valley in the past year and plans to visit again in the next few months, isn’t alone at DISA with that assessment.
Lt. Gen. Alan Lynn, DISA director and commander of the Joint Force Headquarters’ DOD Information Network, told those at the roundtable that typically venture capital-backed startups have a period of about nine months in which they have to show returns on those investments.
“If we really want to take on these new startups, we‘ve got to figure out a process that allows them to get some kind of a contract within about a nine month period,” Lynn said.
Hickey said this has DISA looking for creative ways to work with innovative startups outside of those short nine-month cycles.
For instance, DISA can and does use the Defense Advanced Research Projects Agency as a vehicle to pilot early innovative ideas, and after initial successes, DISA partners with those companies in later phases.
Then there are other outside-the-box ways of involving private innovators without getting into the formalities of contracting. The “Hack the Pentagon” bug bounty currently underway serves as an example. The Pentagon has invited hundreds of cyber experts to try to hack its system vulnerabilities, offering $150,000 to any who are successful.
Lynn called it “a pretty agile idea.”
“We’re going to pay someone to come find a vulnerability on our network — that’s kind of unheard of before,” he said. “So if we can contract for that, even if it comes from the [secretary of the Defense Department], I think that is an avenue where we could also do more of what I’ll call creative ways to get innovation to the department.”
Larger industry partners — those who have decades of IT contracting experience with DISA and the DOD — could be the key, the senior officials said.
“In some respect, we need industry partnership to team with these venture capitalists, because the barrier is going to be getting in the door,” said Dave Bennett, director of implementation and sustainment.
“And if getting in the door involves a very narrow window of funding availability, it’s like, who can sponsor them to help bridge that timeframe or that dollar constraint to allow them the time and also provide the avenue for them to get into the door through existing contract vehicles,” he said.
Bennett, who will soon take over the DISA CIO title under a massive agency reorganization that goes live May 1, said the larger contractors can be strategic partners and launchpads to bridge that gap.
“It’s really how can you team and understand the DOD space, because much of [the startups’] time will be spent trying to figure out how to work with DOD, how to play in the game, and big companies have already broken that code and generally have lots of vehicles to get into DOD,” he said.