DOD Leaders Talk Tips for Tech Partnerships

The Defense Department is increasingly leveraging partnerships to better prepare and stay ahead of pressing cyber challenges, technology leaders said at GovCIO Media & Research’s CyberScape Summit Thursday.

Cultural and bureaucratic differences between tech startups and DOD must be smoothed to meet those goals, according to National Security Innovation Network (NSIN) National Capital Region Director Kedar Pavgi, Department of the Air Force Deputy Principal Cyber Advisor Lt. Col. Andrew Wonpat and Dcode Co-Founder and CEO Meagan Metzger.

Metzger said that both industry and government can learn from one another to propel cybersecurity innovations and solutions, benefiting everyone involved. By focusing on outcomes, DOD can develop solutions that help make faster decisions that keep defense personnel safer in dangerous environments, she noted.

“We need to understand the rate of technology has changed so fast in the commercial market — new capabilities come out faster than we can get a meeting inside a government building,” she said. Part of Dcode’s mission is to help accelerate emerging tech companies connect with government.

The Defense Innovation Unit (DIU), NSIN’s parent agency, is working to provide on-ramps and funding to the private sector through its components, Pavgi said.

“The reality is that the bulk of innovation, the bulk of the research and development that’s actually taking place, especially in the cybersecurity area is taking place in the private sector,” he said. “[We need to] give them the opportunity and the means to actually come into the department and show how to protect critical systems or infrastructure from threats or cyber-attacks.”

NSIN is also working to provide opportunities to work with the department in untraditional ways. These ways could bring solutions to fruition more quickly by, for example, cutting through the red tape of preparing a proposal with 50 pages of technical direction, Pavgi said.

“Our organization is trying to build that on-ramp and trying to make it as easy as possible for founders of commercial tech companies, or anyone in between, to work with DOD for the first time,” he added.

DIU is actively researching and porting existing tech that’s seen success in the commercial sphere producing revenue and scaling it for mission impact. One of DIU’s core functions is getting technologies the contractual ability to come into the department and get that solution to the organizations that need it, Pavgi said.

The funding is provided by the National Security Innovation Tackle Capital arm of the DIU and takes its cues from Silicon Valley.

“It works as a kind of venture capital fund that is focused on hard deep tech technologies and giving those founders and those companies the resources to scale their technologies, with a focus on production,” Pavgi said.

Overuse of buzzwords, incorrectly identifying cyber challenges and not showing ways to mitigate risk are three common problems that Wonpat said he repeatedly has seen in industry meetings with Air Force cyber leaders. He outlined the ways tech companies can provide clearer communication with the government that can lead to winning a contract and furthering the Air Force mission.

Industry briefs need to be clear and specific, Wonpat said. Buzzwords and phrases like as “we have the best people” or “our technology provides instant response AI capability” don’t show how a company provides quality solutions or is able to do the job within timeframes and budgets.

“Help us to understand and qualify the people that you have on the team that are contributing to your solution that meets our challenges,” he said. “Help us understand [why your solution] is not an incremental improvement [to what we are already doing] and you’re actually moving in addressing our challenges in a more meaningful way.”

The third issue is addressing risk. Firms need to identity their own risk, the agency’s risk and how any solution would alleviate the riskiest aspects of a project, Wonpat said.

“Identify the risk of our current solution,” he said. “Identify your risk and help us understand how your organization would mitigate that risk.”

He has never received a good brief that hit all three of those points, Wonpat said.

Metzger also said that addressing risk should be a greater part of the ways that firms approach acquisition meetings, but the ways that bid protests and red tape can go either way.

“I think we could do a lot around reframing the risk that we are going after,” She said. “Is it the risk of protest? Or is it really you’ve just shifted the risk to the people with the most to lose?”

Outcome-based requirements are crucial to future-proofing technology in government, Metzger added, but DOD bureaucracy is hindering its ability to work with commercial tech companies.

When the government solicited blockchain solutions “all [the appropriate] AI companies were thrown out because they didn’t have a ledger,” she said. “What we really needed to talk about was, what is it that we need the system to do, which was move documents with fidelity from one stakeholder to another. And it turns out, they really just needed some [robotic process automation]. You can’t future-proof your systems if you don’t change your outcome, your requirements to be more outcomes based.”

Users and stakeholders must be considered as well, she said. User-centered design requirements must be balanced with outcome-based solutions and “user needs and involving all stakeholders in the tech implementation process are imperative.”

“[What it] really comes down to [when] future-proofing our government is the willingness to listen and the bravery to act,” she said. “We have to be willing to try these new things and come together if we really want to future-proof the way that the government runs.”