Recent security breaches via software have made supply chain security a priority across government. No longer is it enough to build security into a solution; now every product that is part of that solution is being examined for its security and risk. In response, the Biden Administration issued a Cybersecurity Executive Order that aims to provide more control over the content of code that comes in contact with government systems and infrastructure.
The pandemic has created a newfound societal appreciation for the small businesses of Main Street. This support of small businesses is exciting to see as is the innovation that businesses are employing to ensure customers and employees can safely support them. In government, this appreciation for small business is not something that started in 2020. It has been a focus since 1988 when Congress enacted the first procurement goal. Part of that focus was because government knew that innovation happens within these smaller, more nimble companies and they wanted to capitalize on the forward thinking.
Small business goals have increased year over year and government is doing their part to keep up. In fact, in 2019 government exceeded its overall small business contracting goals for the seventh consecutive year. Federal agencies awarded 26.5% of total prime contract dollars to small businesses (above the goal of 23%) which equates to nearly $133B.
With many people in a rush to put 2020 behind us, those of us in the government market can safely say we're operating like it's 2021 (not as fun as partying like it's 1999, but anything beats 2020, right?). While the rush to meet the deadline for federal government fiscal year (GFY) spending on September 30 may have felt oddly comforting in its familiarity, there are many changes happening in government acquisition and procurement to make processes more responsive to today's workforce and technology needs.
The use of automation is expanding beyond using Robotic Process Automation (RPA) to handle rote, repetitive tasks. RPA has been incredibly beneficial for freeing up the time of acquisition professionals to focus on innately human activities, rather than administrative tasks. Now, acquisition groups are going a step further and introducing Artificial Intelligence (AI) to improve processes by tapping into all of the data available in acquisition systems. For example, GSA uses an AI-enabled bot to "track, find and change Section 508 disability clauses in contracts." This helps ensure compliance, feeding updated clauses to humans for final review.
In September, the Department of Defense (DOD) issued Directive 5000.01, an update to the 5000 series instructions that focuses on the roles and responsibilities for its acquisition process in an effort to simplify the buying process. The end goal of this simplification is to get technology in the hands of the warfighter faster. Continue reading →
DevOps, a combination of the words development and operations, is designed to smooth the frequently problematic handoff between an organization's developers and its operations staff. It is an operational philosophy that has technology developers and the operational team who will use the technology working together closely through the entire development of a technology solution. The goal of this approach is quick releases of solutions that have an immediate impact on how people do their jobs.
On the surface this sounds like a perfect fit for government, an "industry" in need of fast digital transformation to meet citizen needs. The DevOps promise of making application development quicker and cheaper is incredibly attractive to the government. However, the third part of the promise, collaboration, proves to be the most problematic as culture and process stand in the way.
From a culture perspective, organizations need to break down silos and create brand new teams focused on an application's output, rather than on tactical roles. To achieve this goal, individuals need to be empowered with autonomy and be enabled with strong communication skills to ensure everyone understands their roles and buys into the overall project objective. As U.S. Special Operations Command CIO Lisa Costa described it, "creating a DevOps culture is akin to practicing tactical shooting. You remove all extraneous movement, and that's how you get efficiency." She said her team focused on stripping away processes that had accumulated over the years but were not serving the objective of getting solutions out to the field quickly. Continue reading →
This spring, the concept of supply chains became a household discussion as families searched high and low for household staples like toilet paper, flour, and hand soap. However, supply chain for government is more complex than the supply and demand driven model for consumer goods. Government supply chains involve monitoring for security and foreign involvement. This means knowing where all parts of a solution were manufactured, programmed, and assembled.
Gregory C. Wilshusen, director of information security issues at the U.S. Government Accountability Office, noted that "supply chains can be long, complex, and globally distributed and can consist of multiple outsourcing tiers. As a result, agencies may have little visibility into, understanding of, or control over how the technology that they acquire is developed, integrated, and deployed."
This lack of visibility is due in part to incomplete vendor reporting. Not only do vendors have to manage all the pieces of their solution, but they themselves may be managed by multiple organizations in an agency. Reporting happens through numerous tools and is siloed, making it difficult to get a full picture of the chain that led to the delivery of a solution to a government agency.