AFCEA DC DHA Panel Discussion

​The DC Chapter of AFCEA held a moderated Defense Health Agency panel discussion on April 26, 2016 focusing on innovative solutions for the military health system. 
The panelists were:

  • James Craft, Chief Information Officer, Joint Improvised Explosive Device Defeat Organization, Department of Defense
  • Steven Hernandez, Chief Information Security Officer, Office of Inspector General, Department of Health and Human Services
  • Rose-Marie Nsahlai, Lead IT Security Specialist, Office of the National Coordinator for HIT, Department of Health and Human Services
  • Dr. Joseph Lucky Ronzio, Deputy Chief Health Technology Officer, Veterans Health Administration, Department of Veterans Affairs 

The main topics of discussion were in relation to Mobile Health Technology, Interoperability and Cybersecurity.   
The discussion surrounding Mobile Health Technology focused on empowering the consumer / patient to be more active and collaborative with their providers when making health and wellness choices, and on embracing sensors and telehealth / telemedicine as alternatives to physician office visits.  The Deputy CHTO of the VA, Dr. Ronzio, argued that both provide a better patient experience, while lowering costs for all parties.  Moving forward, more emphasis will be placed on devices and mobility for both the patient and the provider.  NSA, for example, is working on a “thin” encryption that is specifically for health and wellness devices, so the security layer is a lower overhead for the device.

​All three agencies placed an emphasis on interoperability with respect to standardization of software and hardware technologies, in order to improve data exchange and communication between the agencies and reduce costs.  Companies that provide 90 percent of Electronic Health Records (EHR) used by hospitals nationwide, as well as the top five largest health care systems in the country, have agreed to implement three core commitments: 

  1. Easy and secure consumer access to electronic health information;
  2. No blocking of electronic health information / to adopt transparency; and,
  3. To adhere to federally recognized standards and best practices. 

Given tightening budgets, all agencies voiced support for innovative solutions, assuming that a new solution replaces antiquated processes and systems, and, most importantly, saves money.
EHR security is one of the top priorities for DOD, HHS and the VA, particularly with the recent high visibility cybersecurity breaches that impacted numerous US hospitals, Anthem and OPM, just to name a few.  According to IBM X-Force Interactive Security Incidents data from Jan. 1, 2015 to Oct. 31, 2015, almost 100,000,000 health care records have been compromised due to malicious attacks.  A patient’s EHR can contain sensitive information such as SSN, addresses, financial and employment information in addition to medications, vaccination records, chronic conditions, etc.   By gaining access to a patient’s EHR, a cyberterrorist can pinpoint and act on vulnerabilities such as directed bioterrorism or withholding medication for an individual, including US military personnel.  DOD, HHS and the VA are continually looking to partner with organizations that can help mitigate these cybersecurity risks.


Changes in Defense-Related M&A?

​The Pentagon has been keeping a concerned eye on Defense-related M&A activity since at least 2008, monitoring the U.S. industrial base to ensure that it maintained some level of diversity of suppliers.  The Department of Defense (DoD) has long been concerned with the small number of large firms able to bid on major weapon systems acquisition: four major contractors bid for the F-15, five for the F-16.  But the F-22 and F-35 programs attracted only two bidders each.  Last week, Pentagon leaders began to voice warnings to the industry: Secretary Carter told the press that “it [is] important to avoid excessive consolidation” and that he “[does not] welcome further consolidation among the very large prime contractors.”

This warning was reinforced by Frank Kendall, the Undersecretary for Acquisition.  In the aftermath of the Department of Justice’s (DoJ’s) approval of Lockheed’s purchase of Sikorsky, he recommended Congress develop guidelines to constrain mergers amongst the major defense primes, and to preserve competition among bidders on large programs.  Mr. Kendall suggested that DoD and Congress “explore additional legal tools and policy to preserve the diversity and spirit of innovation that have been central to the health and strength of our unique, strategic defense industrial base, particularly at the prime contractor level.”
The current concern is primarily focused on the largest defense integrators, with less concern about the second tier and below.  This is not simply about appearances: the Defense Department prefers the optics of large numbers of Prime bidders as much as the potential cost savings. 

​But with the Pentagon, and potentially Congress, watching Defense M&A more strictly, what does this mean for the market? After all, Congress has yet to act, and the defense industrial base does not appear to be a high priority of either the Legislature or Executive.  Warnings like those last week are intended to head off ‘giant’ mergers before the Pentagon and Justice have to disallow them.  Yet the question remains: will the markets listen; will M&A activity continue on its current pace until it is forced to stop, or will self-discipline prevail?  For now, consolidation in the lower tiers can continue unabated.  At the end of the day, Boeing and Lockheed won’t be allowed to merge, but CSC, SRA, L-3, Engility, Exelis, Harris, ManTech, CACI, and all the others are free to roam.  

Federal Government Concludes “Cyber Sprint” Initiative

DHS’ United States Computer Emergency Readiness Team (US-CERT),
developer of EINSEIN 3A intrusion detection and prevention system

In the aftermath of the OPM hack, which compromised the personal information of over 22 million people, and the subsequent resignation of OPM Director Katherine Archuleta, the Federal Government undertook a 30 day long initiative to shore up its cybersecurity. Federal Chief Information Officer (CIO) Tony Scott explained that federal-civilian agencies would increase their use of multistep verification, decrease the number of privileged users that have access to sensitive information, and patch known vulnerabilities (Boyd, 2015). After 30 days, all federal agencies will report their progress with respect to implementation of the added security features to OMB and DHS. Since the start of the sprint, CIO Scott announced federal agencies have increased their use of two factor verification by 20% overall with select agencies implementing 100% two factor verification for privileged users. With the assistance of DHS, federal agencies have patched more than 60% of known cyber vulnerabilities since May this year according to DHS Director Jeh Johnson. 

In an Op-ed in Politico, Federal Cybersecurity Needs Improvement, Director Johnson revealed that many of the new cybersecurity procedures being enacted under the cyber sprint are part of a much larger government strategy to tackle cybersecurity. DHS’ National Cybersecurity and Communications Integration Center (NCCIC) will perform a critical information sharing and coordination role in future federal incident response. Johnson stated that NCCIC is also responsible for the management of EINSTIEN, an advanced intrusion detection and prevention system. The latest version, EINSTEIN 3A, is deployed by 15 federal agencies covering roughly 45% of all federal-civilian employees; DHS plans to assist in the deployment of EINSTEIN 3A across all federal agencies by the end of the fiscal year. The government has also permitted EINSTEIN’s providers, AT&T, CenturyLink, and Verizon, to market the software to private sector firms: 

“The EINSTEIN technology is marketed under the brand name of Enhanced Cybersecurity Services, or ECS…More businesses are willing to accept the U.S. government’s help, after learning parts of their own workforces have been caught up in cyber espionage campaigns. Recent data breaches at health insurers, including Anthem, have been tied to the Chinese military, as has the OPM attack….After the OPM discoveries, there has ‘been an exponential increase’ in companies inking agreements with CenturyLink to roll out the commercial rendition of EINSTEIN” –  Sternstein, 2015 

As the federal government seeks to revamp its cyber security procedures, federal contractors will be faced with greater scrutiny in terms of safeguarding sensitive information. Federal investigators determined that the credentials used to gain access to OPM’s network were from KeyPoint systems, a contractor providing background check services to OPM. Cybersecurity firms have previously voiced concern over the current lack of cybersecurity measures instituted by defense contractors. 


  1. Contractor breach gave hackers keys to OPM data, Aaron Boyd, 2015.
  2. Home Depot Has Better Cyber Security Than 25 US Defense Contractors, Aliya Sternstein, 2015.
  3. Suddenly, Everyone Wants the NSA’s Cyber Defense Tech, Aliya Sternstein, 2015.
  4. Feds on ’30-day sprint’ to better cybersecurity, Aaron Boyd, 2015.
  5. Cyber sprint increases use of two-factor authentication, Aaron Boyd, 2015.
  6. White House touts ‘cyber sprint’ successes, Cory Bennett, 2015. 
  7. White House sprints to patch security flaws, Cory Bennett, 2015. 
  8. Federal Cybersecurity Needs Improvement, Jeh Johnson, 2015.

Wearable Technology & Law Enforcement

Motorola HC1 Headset Computer

Wearable technology, devices that are worn by users, is a rapidly expanding market which is set to exceed $32 billion by 2019 (IHS, 2014). Commercial wearable technology applications include biometric monitoring, camera and video functions, communication systems, and internet access. Many of these functions could be expanded upon to assist law enforcement by providing greater situational awareness to both officers and dispatchers. Furthermore, the use of body mounted cameras provides an additional means of ensuring accountability among law enforcement personnel, as per the Obama Administration initiative to field more than 50,000 police body cameras nationwide. 

The most relevant capability of wearable technologies to law enforcement relate to increased situational awareness functions. For example, biometric sensors would be able to alert dispatchers of a potential emergency situation. Datalinks would enable officers to rapidly exchange information between networked officers and dispatchers including video feeds from body cameras, maps, floor plans, and data from platforms such as unmanned aerial vehicles. Wolf Tombe, Chief Technology Officer of U.S. Customs and Border Protection, it is examining fielding a wrist mounted drone:

“[CBP] is considering are small unmanned aircraft, including a drone mounted on the wrist. Such technology would meet CBP new technology requirements: enhancing officer safety, increasing mission effectiveness — and reducing costs, he said. If it does any or all of those things, ‘bring it in and we’ll look at it’ – John M. Doyle, 2015

Interest in wearable technologies extends across multiple DHS agencies including the Science and Technology Directorate (S&T) directorate. S&T recently launched “Emerge Accelerating Wearable Tech for First Responders,” a $750,000 program to develop wearable technologies to improve the situational awareness of first responders.

The Obama Administration is seeking to acquire wearable body mounted cameras for nonfederal law enforcement officers as a means of improving accountability between the police force and citizens. In response to the Ferguson Missouri riot following the death of Michael Brown, the Obama Administration announced the planned acquisition of 50,000 body cameras for officers nationwide. A total of $20 million in grants has been allocated towards purchasing police body cameras with a total of $75 million expected over the next three years pending Congressional approval (Edwards, 2015). 

Despite the substantial capabilities and potential of wearable technologies for law enforcement, significant barriers remain towards the widespread proliferation of wearable technology in law enforcement. Alternative existing equipment, such as mobile devices, could provide some of the situational awareness and data sharing capabilities at greatly reduced cost over proposed wearable systems. Relatively simple body cameras and biometric sensors will likely see expanded use over the next few years. However, until the cost of wearable computers and wearable UAS drops substantially, wearable technologies will not meet their full potential given the limited deployment of more expensive high-end wearable systems. 


  1. Improving Our View of the World: Police and Augmented Reality Technology, Thomas J. Cowper & Michael E. Buerger, 2003. 
  2. A Guide to the $32b Wearables Market, HIS Janes, 2014. 
  3. RoboCop: Wearable Tech, Melanie Basich, 2015. 
  4. FACT SHEET: Strengthening Community Policing, Office of the Press Secretary, 2014. 
  5. 5 wearable tech trends for police, Mary Rose Roberts, 2014.
  6. The Future of Wearable Technologies in Law Enforcement, Sean Petty, 2014.
  7. HOMELAND SECURITY: Customs and Border Protection Exploring Small Drone Use, John M. Doyle, 2015. 

OPM Hack Demonstrates Need for Internal Defense of Government Networks

Office of Personnel Management

The Office of Personal Management (OPM) is the victim of a highly intrusive cyber espionage operation conducted by “Deep Panda”, a state backed Chinese hacker group. The personal information of over 4 million current and former government employees dating back to 1985 has been compromised. Chinese hackers managed to circumvent the much vaunted EINSTEIN 3 cyber intrusion monitoring and blocking system (Sternstein, 2015). Once OPM’s network was penetrated, the hackers were easily able to access government records, as OPM’s personnel data was unencrypted (Perera, 2015). The breach was initially discovered by CyTech Services, which ran diagnostic software of OPM’s network in a sales demonstration in April of 2015.

Several US intelligence officials stated that the collection of OPM personnel records represents a goldmine for Chinese counterintelligence activities. In tandem with the Anthem Inc. and Premera Blue Cross breaches conducted by Deep Panda, the Chinese government has the medical records, security clearance statuses, social security numbers, performance ratings, addresses, and other compromising personal data of millions of US government employees (Barrett, 2015). The data is useful in both the recruitment of Americans by Chinese intelligence services and identification of American spies within the Chinese government.  

Cyber security experts have been widely critical of OPM’s failure to safeguard its networks given the sensitivity and volume of its personnel files. Adam Firestone, Senior Vice President and General Manager of Kaspersky’s Government Security Group, remarked that the government needs to reassess its approach to cyber security from “perimeter defense” to the internal defense of networks:

“The issue is how the network was prepared for the breach. And what were the internal security mechanisms inside the network to prevent the information inside the network from being used and useful for an adversary who got in. From our perspective we assume a breach, we assume that everything is porous, but we prepare. The idea is to prepare the network and your systems for the breach such that even though they do get in, what they retrieve is not useful.”

Navy Cyber Command has demonstrated the viability of this approach as it has managed to fend off every cyber intrusion since the Navy-Marine Corps Intranet breach in 2013. Cyber Fleet Commander Vice Admiral Jan Tighe attributed the success of Navy Cyber Command to the prompt internal defense of its networks, noting that initial breaches were inevitable. It is unclear how the United States will respond to China given the Department of Defense’s newly released cyber strategy which emphasizes the US will retaliate against cyber-attacks (Stewart, 2015). The distinction in the OPM case is the hacker group did not destroy OPM networks or hardware, but committed an act of espionage. 


  1. Chinese hackers may have breached the federal government’s personnel office, U.S. officials say, Fred Barbash and Ellen Nakashima, 2015.
  2. Navy, Marine Cyber Fought Off All Net Attackers Since 2013, Sydney J. Freedberg, Jr.,2015.
  3. Anthem Breach May Have Started in April 2014, Brian Krebs, 2015.
  4. The Chinese Have Your Numbers, 2015.
  5. U.S. Weighs Extent of Suspected Data Breach by Hackers in China, Devlin Barrett, 2015.
  6. U.S. Suspects Hackers in China Breached About 4 Million People’s Records, Officials Say, Devlin Barrett, Danny Yadron and Damian Paletta, 2015.
  7. Opm Hackers Skirted Cutting-Edge Intrusion Detection System, Official Says, Aliya Sternstein, 2015. 
  8. China’s Cyber Attack, Defense News, 2015. 
  9. U.S. Spy Agencies Join Probe of Personnel-Records Theft, Damian Paletta, 2015.
  10. Pentagon’s new cyber strategy cites U.S. ability to retaliate, Phil Stewart, 2015.

DOJ Announces New Guidelines for Domestic Law Enforcement Use of UAVs

Draganflyer X6 small unmanned aerial system (sUAS)

The Department of Justice (DOJ) recently announced a series of guidelines for the use of unmanned aerial system by domestic law enforcement and federal agencies. While the DOJ report is fully cognizant of the significant potential for UAS within law enforcement, the document states that all UAS use must conform to existing privacy and civil liberty protections: 

“UAS must be operated consistent with the U.S. Constitution. The Fourth Amendment protects individuals from unreasonable searches and seizures and generally requires law enforcement to seek a warrant in circumstances in which a person has a reasonable expectation of privacy. Moreover, Department personnel may never use UAS solely for the purpose of monitoring activities protected by the First Amendment or the lawful exercise of other rights secured by the Constitution and laws of the United States.” – DOJ, 2015 

The restrictions outlined by the DOJ largely apply to existing manned surveillance platforms. In an effort to improve accountability and transparency, the Deputy Attorney General will review DOJ UAS issues on an annual basis and will require federal agencies to keep logs of every flight (Moon, 2015). Furthermore, all data retrieved by UAS is subject to existing data storage and protection laws. 

The release of DOJ guidelines on the use of UAS by law enforcement indicates the growing momentum of the civilian UAS market. The release of UAS guidelines by the DOJ follows the FAA’s notice of proposed rulemaking (NPRM) with respect to non-recreational sUAS operations, which was released in March of this year. The NPRM details daytime flight, altitude, operator certification, and line of sight restrictions under consideration by the FAA. Pending the implementation of domestic UAS regulations, the domestic UAS market will comprise an increasing share of the global civilian UAS market growth of nearly $100 billion over the next decade. The market for law enforcement UAS will provide significant opportunities for firms with experience providing sUAS systems to the US Military, such as AeroVironment, which produces the the “Wasp,” “Raven,” and “Puma” (Finnegan, 2013). 


  1. Department of Justice Policy Guidance 1 Domestic Use of Unmanned Aircraft Systems (UAS), 2015 
  2. DOJ lays down some privacy rules for feds flying drones, Mariella Moon, 2015. 
  3. Game of drones: As U.S. dithers, rivals get a head start, Jeremy Wagstaff, 2015. 
  4. Justice Department releases guidelines on domestic drone use, Dante D’Orazio, 2015. 
  5. Public safety market offers growth for UAVs, Philip Finnegan, 2013.

Trade Promotion Authority & the Trans-Pacific Partnership

US trade with TPP negotiating partners. Image Credit: The Wall Street Journal

The United States Senate passed a bill over Memorial Day weekend which would grant the President Trade Promotion Authority (TPA) with respect to the Trans-Pacific Partnership (TPP) free trade agreement. The TPA, or “fast track” authority, is critical to securing a final TPP free trade agreement with eleven other countries, as it effectively grants the President authority to negotiate on behalf of the United States. Furthermore, the TPA would limit Congress to a simple up or down vote on the final TPP terms, without the ability to subsequently add amendments pending the conclusion negotiations. The 62-37 vote in favor of the TPA overcame the objections of labor groups and progressives who have railed against the perceived lack of labor protections, secrecy of negotiations, and stringent intellectual property regulations. The House will take up the TPA after returning on June 1st, where it will face numerous hurdles from pro-labor democrats, “poison pill” amendments such as the proposed currency manipulation measure – which the President indicated he would veto, and conservatives, who are hesitant to grant the President negotiating authority on behalf of the United States.

The TPP will eliminate tariffs across 11,000 categories among the twelve nations in the agreement, and will affect $882 billion in US import and $727 billion in US export flows (Ferguson, McMinimy, and Williams, 2015). While estimates on US growth as a result of the TPP vary, a consensus exists that the induced US growth would be a minimal net positive within the range of 0.13-0.19% GDP, or less than a $40 billion net increase in social welfare. The calculations of net benefits accrued as a result of the TPP factor the relative increases in US economic sectors as a result of losses in other areas of the economy, e.g. US agricultural exports are expected to rise as a result of the TPP, in contrast to a decline in manufacturing. Overall, the changes will be minimal, as the United States economy is comparatively open relative to other TPP partners such as Japan and Vietnam, and US firms already compete with low wage manufacturing centric economies: 

“For those who worry that, after the TPP, the United States would have to compete against low-wage countries — it’s too late. As Zachary Karabell notes, we are already living in a free-trade world. The average tariff in the developed world is about 3 percent. And in the past three decades, developing countries have cut their tariffs substantially as well. The World Trade Organization notes that China’s average is less than 10 percent today, down from about 40 percent in 1985.” – Fareed Zakaria, 2015

The primary US motivation for passing the TPP given the minimal gains to domestic economic growth is geopolitics. The TPP is cornerstone of the Obama Administration’s economic aspect of the Asian rebalance, which seeks to assert and preserve US influence in the Pacific as a hedge to China’s increasing military and economic influence. The greatest beneficiaries of the TPP are countries whom both the United States and China are vying for influence rather than traditional stalwart US allies such as Japan and Australia. Vietnam and Malaysia are expected to benefit disproportionately from the TPP with 28% and 6% additional GDP growth, respectively, by 2025 (Petri, Plummer and Zhai, 2013). Proponents of the TPP, such as former Undersecretary of Defense for Policy Michèle Flournoy, argue the TPP is a means to demonstrate long-term US commitment to Asia and prevent China from creating trade policies in the region contrary to US interests. Secretary of Defense Aston Carter made similar remarks and stressed, “Passing TPP is as important to me as another aircraft carrier”. 

The Obama Administration has been hard-pressed to continue with the economic and diplomatic aspects of the re-balance given the series of crises in the Middle East and Ukraine, but the Military aspect of the re-balance is well underway. The Navy will base 60% of all its ships in the Pacific by 2020 including additional forward deployed ships and both the Navy and the Air Force will prioritize their most modern equipment to PACOM including all DDG-1000 destroyers and the first F-35s to be deployed overseas.


  1. Senate advances fast-track trade bill sought by Obama, Richard Cowan, 2015. 
  2. The Trans-Pacific Partnership (TPP) Negotiations and Issues for Congress, Ian F. Fergusson, Mark A. McMinimy, and Brock R. Williams, 2015. 
  3. Trans-Pacific Partnership: Geopolitics, Not Growth, Samuel Rines, 2014. 
  4. A Trade Deal With a Bonus For National Security, Michèle Flournoy and Ely Ratner, 2015. 
  5. Protecting the Future of Trade in Asia, Cathy Holcombe, 2015.
  6. White House Threatens to Veto Trade Bill Over Currency Measure, William Mauldin, 2015.
  7. You can’t stop the trade machine, Fareed Zakaria, 2015.
  8. On TPP, it looks like 1993 all over again, Raoul Lowery Contreras, 2015.
  9. Reid: Obama ‘loves’ the Export-Import bank, Jordain Carney, 2015.

USCYBERCOM Struggles to Expand – Outsources $475 Million to Private Sector

Fort Meade MD, place of performance for the contract

In late April, the Defense Information Technology Contracting Organization released a request for proposals (RFP) concerning US Cyber Command’s (USCYBERCOM) $475 million indefinite delivery, indefinite quantity omnibus contract.* The RFP outlines 20 services selected contractors will provide:

  • Knowledge Management
  • Records Management
  • Cyber Operations
  • Planning; Science and Technology/Research and Development
  • Cyber Focused Training
  • Cyber Exercise
  • Engagements
  • Logistics
  • Integrated Technology Support
  • CybersecurityProject Analysis
  • Program Management
  • All-source Intelligence
  • Business Process ReengineeringSecurity
  • Strategy and Policy and Doctrine Development
  • Administrative Support

USCYBERCOM is outsourcing work to the private sector, including sensitive cyber operations and offensive roles, in an effort to meet high operational demand (Sternstein, 2015). Under the new cybersecurity strategy, the Department of Defense will field 133 cyber mission force teams by 2018, including: 13 national mission teams, 68 cyber protection teams, 27 combat mission teams, and 25 support teams. However, USCYBERCOM has only met half of its staffing requirements for its original goal of maintaining 6,000 personnel by 2016. USCYBERCOM’s difficultly in acquiring skilled cybersecurity employees is largely a result of intense competition with the private sector. 

Similarly, the NSA has been under significant pressure to sustain its workforce despite Congressional exemptions in hiring authority regulations combined with comparatively high wages relative to other federal agencies. NSA human resources director John Yelnosky noted:

“We’re throwing the kitchen sink at them from our standpoint…And they’re writing in to us, as they leave NSA, in their exit interviews, ‘I’m leaving to double my salary…The competition out there is really fierce and particularly for these folks that we make a big investment in, and we feel those losses very keenly”

As the economy continues to improve, competition between the private sector and federal agencies is likely to both accelerate and favor the private sector; the private sector’s greater degree of flexibility in managing its workforce in terms of wages, perks, providing greater opportunity for career advancement, etc. in conjunction with its ability to more quickly assimilate of new technologies grants it a decisive advantage over the public sector. Substantial cybersecurity contracts similar to the USCYCBERCOM omnibus will continue as federal agencies will be unable to meet demand for cybersecurity capabilities. For example, $100 million cyber expertise contract designed to attract subject matter experts in intelligence, national security, counterterrorism, and technology (Konkel, 2015).  *CYBERCOM recently cancelled this contract, and is expected to relaunch the opportunity by October 1st.  Competition for cyber security personnel will most likely continue, regardless of when the opportunity is released.


Related Reading


  1. CYBERCOM To Outsource $475 Million of Work To Stand Up Command, Aliya Sternstein, 2015.
  2. DOD’s new Internet strategy boosts role in defending “US interests”, 2015.
  3. United States Cyber Command (USCYBERCOM) Omnibus Contract, FBO, 2015.
  4. The Department of Defense Cyber Strategy, DoD, 2015.
  5. The NSA’s Fight To Keep Its Best Hackers, Jack Moore, 2015. 
  6. US Cyber Command Has Just Half the Staff It Needs, Aliya Sternstein, 2015.

$20 Billion for the NIH’s CIO-CS IT Contract

The National Institutes of Health Information Technology Acquisition and Assessment Center (NITAAC) recently awarded its Chief Information Officer–Commodity Solutions (CIO-CS) Government-wide Acquisition Contract (GWAC), valued at $20 billion, to 65 companies. CIO-CS is an indefinite-delivery/indefinite-quantity information technology (IT) contract with a duration of ten years (Boyd, 2015). While the contract is primarily a health IT vehicle, it will also include a host of other services such as deployment and installation, engineering studies, web and video-conferencing, big data, virtualization and health and biomedical IT, maintenance and training, enterprise licenses and extended warranties, and cyber security (NIH, 2015). The NIH incorporated numerous changes into the CIO-CS as a result of the previous Electronic Commodities Store (ECS) III GWAC. 

In contrast to the ECS III, the CIO-CS and will place a premium on the adaptability of companies providing IT services:   

“With CIO-CS we saw an evolving, enormous change in the IT marketplace when it comes to commoditized services and managed services and cloud services…We wanted to build a contract that had contract holders that were going to be able to meet those needs as they change. They are changing very, very quickly to be able to not only provide the straight laptops, desktops and hardware equipment; but to be able to buy those more sophisticated software licenses, being able to get the cloud services that they need. They will continue to evolve with mobility and infrastructure services that agencies are looking at…Contract holders really had to prove that they are going to be able to be relevant and meet those ever-changing needs that the government has over the next 10 years.” – NITAAC Program Director Robert Coen 

The CIO-CS contract awardees include a wide range of firms including multibillion dollar companies such as AT&T and Hewlett Packard, as well as 44 small businesses of varying types:  

  • 6 service-disabled veteran-owned small business
  • 8 HUBZone
  • 14 women-owned
  • 6 8(a), seven economically disadvantaged women-owned small business

A full listing of CIO-CS contract holders available at the NITAAC website. The number of small business participating in CIO-CS is consistent with prior NIHAAC commitments to award fifty percent of the total $8 billion awarded in previous GWACS over the past two and a half years (Coen, 2015).

In summary, NITAAC requirements reflect the growing interest within the NIH to modernize its IT services, transition towards a more cloud-based infrastructure, and address cyber security issues. Growing concerns over inadequate cyber security measures are likely to profoundly affect federal health IT contractors in the coming years. For example, the National Institute of Standards and Technology (NIST) released draft requirements relating to the management of controlled unclassified sensitive information; the new NIST requirements will supplement existing Federal Information Security Management Act (Ravindranath, 2015).

Suggested Reading     


  1. NIH awards new government-wide IT contract, NIH, 2015. 
  2. Chief Information Officer – Commodities and Solutions (CIO-CS), FBO, 2015.
  3. Coen dissects the CIO-CS GWAC, Aaron Boyd, 2015. 
  4. NIH launches competition for $20B CIO-CS program, Steve Watkins, 2014.
  5. Robert Coen: NIH Seeks To Adapt It Needs In ‘Evolving’ Marketplace Through New GWAC, Anna Forrester, 2015.
  6. NIH awards $20B CIO-CS acquisition contract for IT, Michael O’Connell, 2015.
  7. Contractors Could Get New Rules For Handling Sensitive Government Data, Mohana Ravindranath, 2015
  8. NIH Awards New Government-Wide IT Contract, Covers Cybersecurity, Big Data Solutions, Homeland Security Today Staff, 2015


Pentagon Acquisition Reform Gains Traction

The inability of the Pentagon to rapidly assimilate new technologies and cut bureaucratic red tape is increasingly being perceived as not merely a poor use of tax dollars, but as a strategic liability by both senior DoD officials and members of Congress (Freedburg, 2015). In a March address to the Center for Strategic and International Studies, Senate Armed Services Committee (SASC) Chairman John McCain compared the 18 month standard innovation cycle in the private sector to the Pentagon acquisition cycle, which can last for up to 18 years. McCain argued that the glacial pace of Pentagon acquisitions threatens to undermine the nation’s technological superiority, and the inefficient allocation of taxpayer dollars during sequestration further exacerbates the acquisition processes negative impact on national defense. 

In an effort to address these concerns, Under Secretary of Defense for Acquisition, Technology and Logistics Frank Kendall ordered the implementation of the DoD’s new acquisition reform effort, “Better Buying Power (BBP) 3.0.” The BBP 3.0 memo, released Thursday, offers a series of initiatives to improve the efficiency of future acquisition programs, with the intent of cultivating the long-term technological superiority of the US military in the face of increasingly advanced systems fielded by both Russia and China. The BBP memo concentrates on 34 areas of focus, such as increasing the use of prototyping and experimentation, emphasizing technology insertion, modular system design and open system architectures, the ability to strengthen cybersecurity throughout a product’s lifecycle, increased access to small business research and development, etc. Many of the new measures are aimed at incentivizing nontraditional defense contractors, such as Silicon Valley technology companies, to engage with the Pentagon, and at increased collaboration with allied nations (Mehta, 2015). 

Undersecretary Frank Kendall described the design of the long range strike bomber (LSRB) as an example of BBP 3.0 recommendations including planned technology insertion that would enable competitions for bomber upgrade and sustainment contracts

Overall, the document underscores the DoD’s renewed vigor to rapidly assimilate new technologies and manage excessive bureaucracy. BBP 3.0 will likely be accompanied by new legislation being drafted by House Armed Services Committee Chairman Mac Thornberry in consultation with SASC Chairman John McCain. Thornberry’s legislation will take an incremental realist approach to acquisition reform, which starts by mitigating the unintended consequences of past reform efforts such as the Weapons Systems Acquisition Reform Act of 2009 (Freedburg, 2015). Thornberry’s bill would also consolidate program requirements and reduce redundant reporting standards:

“Many reports and requirements that are currently handled as separate, time-consuming processes would be consolidated into a single strategy document. Other reports and requirements would simply go away. ‘Probably one of the biggest things,’ the staffer said, is downgrading many ‘certifications’ to mere ‘determinations’: That’s not just a change in terminology. It marks a major reduction in the amount of time and lawyers involved. Milestone A decisions to start developing technologies no longer require any certifications at all, only determinations. Milestone B decisions to start actual engineering and manufacturing development (EMD) would still require certifications, but not as many.” – Sydney J. Freedberg, Jr., 2015

DoD officials have been largely receptive of Thornberry’s proposals, including Undersecretary Kendall. In summary, the combination of BBP 3.0 and new acquisition reform legislation has the potential to mitigate the damage of prior acquisition reform efforts and improve the efficacy of new programs. BBP 3.0 will enable the DoD to make the required investments in its third offset strategy such as robotics, big data, miniaturization, autonomous systems, etc. 


  1. Work: Better Buying Power 3.0 Strives to Enhance U.S. Tech Edge, Jim Garamone, 2015
  2. Pentagon Begins Better Buying Power 3.0, Aaron Mehta, 2015
  3. Pentagon spotlights cyber in Better Buying Power 3.0, Amber Corrin, 2015
  4. Frank Kendall: Better Buying Power 3.0 Implementation Guide in The Works, Ross Wilkers, 2015
  5. Cut Red Tape: HASC Chair Thornberry Rolls Out 1st Major Acquisition Changes , Sydney J. Freedberg, Jr., 2015
  6. The Imperative of Defense Reform: Serious Challenges for a Serious SecDef. , John G. McGinn, Stephen Rodriguez and Peter Lichtenbaum, 2015 
  7. Kill Old Procurement Laws, Congress! Stackley, Punaro, Sydney J. Freedberg, Jr., 2015
Hi there!
How can we help you succeed?