Blueprint for Sustainable IT Acquisition Reform

Blueprint for Sustainable IT Acquisition Reform

اسلاید 1: IT Acquisition Advisory Council (IT-AAC)A non-partisan think tank, 501.C3, representing;AFCEA Intl., UofMD, UofTN, INSA, ICH, SSCI, ISSA, AIA, Center for American Progress, PRTMBlueprint for Sustainable IT Acquisition ReformLeveraging non-traditional expertise and benchmarked standards of practices outside the reach of the Defense Industrial ComplexChairman Mike Wynne, 21st AF SEC, Mike.Wynne@IT-AAC.orgMarv Langston, IT-AAC Vice Chair marv@langston.orgKevin Carroll, Vice Chair, Kevin.Carroll@ICHnet.orgwww.IT-AAC.org 703 768 0400904 Clifton Drive * Alexandria * Virginia 22308www.IT-AAC.org * (703) 768-0400

اسلاید 2: Briefing SummaryPurposeTodays SituationOur Proposal to AssistWay Forward Recommendation“Together, these steps will help to catalyze a fundamental reform of Federal IT, which is essential to improving the effectiveness and efficiency of the Federal Government” White House, OMB Director

اسلاید 3: Think Tank PurposeThe IT-AAC partnership believes the DepSecDef IT Acquisition Task Force will need access to deep industry expertise and emerging standards of practice needed to overcome common failure patterns and cultural impediments that have prevented previous attempts to achieve following objectives:Speed -- achieve 12-36 month cycle times vice 7-8 years Incremental development, testing, and fielding -- vice one big bang Actionable Requirements -- Sacrifice or defer customization for speed - Use establish standards and open modular platforms Meet DoDs wide-range IT needs -- from modernizing Nuclear C2 to updating word processing softwareFocused on Outcomes and Operational Effectiveness - Health IT, InfoSharing, Cyber Security, Consolidated IT InfrastructureTo provide the DepSecDef with an alternative set of resources to guide the establishment of a “best in class” IT Acquisition Process and Governance Structure.

اسلاید 4: Today’s Situation -- as highlighted by the HASC Panel on Defense Acquisition ReformStudies of both commercial and government IT projects have found some disturbing statistics; Only 16% of IT projects are completed on time and on budget. 31% are cancelled before completion. The remaining 53% are late and over budget, with the typical cost growth exceeding the original budget more than 89%. Of the IT projects that are completed, the final product contains only 61% of the originally specified features. As was pointed out in testimony before the Panel, the traditional defense acquisition process is “ill-suited for information technology systems. Phase A is intended to mature technology; yet information technologies are now largely matured in the commercial sector”. Weapon system acquisition processes are often applied to IT systems acquisition, without addressing unique aspects of IT. “the weapon systems acquisition process is optimized to manage production risk and does not really fit information technology acquisition that does not lead to significant production quantities.” Defense Acquisition Panel, HASC

اسلاید 5: The IT Acquisition Lifecycle is more than just contractingBuilding blocks include:Governance: how an enterprise supports, oversees and manages IT programs and on-going portfolio. SOA as defined in the commercial market is governance tool not technology.Decision Analytics: enables effective Program Management and Value Stream Analysis execution. As most of these sub-processes are designed to improve decision making, a relative new discipline has evolved (since 86), that addresses the human and cultural challenges in decision making. Decision Analytics is the discipline of framing the essence and success criteria of each gate in the acquisition lifecycle. It brings focus to the high risk areas of a program, and reduces analysis/paralysis. Requirements Development: Actionable requirements must be constrained by the realm of the possible. With pressures to do more with less, we must embrace mechanisms that force a relative valuation/impact of the gap/capability, with clearly defined outcomesSolution Architecture: This is one of the most critical elements of the acquisition lifecycle, as it should represent all stake holder agreements. The market embrace of SOA is not about technology, but a refocusing of the EA on service level management and data. A good architecture is a lexicon that links requirements, technologies and acquisition strategy. Technology Assessment: Understanding the limitation of technology early in the process is key. Without a clear view of the “realm of the possible” validated by real world results, we often find ourselves in high risk areas and over specification. Market research must be done early to help users constrain requirements and embrace the inherent business practices that codify. Recognizing that 70% make up of every IT application is vested in IT infrastructure (netcentric, cloud, SOA), it is critical to establish a common infrastructure/infrastructure standard by which all applications can share. The most prolific is ITIL to date. Business Case Analysis: Demonstrating the business value of technology investments, based on evidenced based research and lifecycle cost. This is a core requirement of Clinger Cohen Act. Procurement and Contracting: Software as a Service and SOA portent a new dynamic for acquisition of IT (health IT, cyber, business systems), that brings focus to Service Level Agreements (SLAs), Software as a Service (SaaS) and SL Management. If the previous activities do not directly feed the acquisition strategy or provide mechanisms for contractor accountability, all is lost. “IT Reform is about Operational Efficiency”

اسلاید 6: DoD IT Acquisition Challenges “We are buying yesterday’s technology tomorrow” DSB IATF: “DoD reliance on FFRDCs is isolating it from sources of new technologies, and will hinder the departments ability to get the best technical advise in the future”AF Science Advisory Board 2000: PMs need greater access to real world lesson learned and innovations of the market to mitigate risk and cost overruns. PMs frequently enter high risk areas due to limited access to lessons learned from those who have already forged ahead. CMU SEI Study 2004: The DoDAF alone is not effective for IT architectures, lacks business view, performance metrics or means of avoiding over specification. DoDAF (C4ISR) was developed by Mitre and IDA in 1986 to provide DoD with a systems engineering documentation tool for existing system implementations. 2009 NDAA Sec 803 : Government needs a high integrity knowledge exchange by which innovations of the market can be objectively assessed. DSB 2009: Weapons Systems Style Solution Architecture and Acquisition Processes take too long, cost too much, recommend establishing a separate IT Acquisition market that is tuned for the fast paced market. IT-AAC 2009: Major IT Programs lack senior leadership support, and have few vested in the success. All participants, including oversight, must be incentivized in meeting program goals and outcomes. BENS RPT on ACQUISITION 2009: DoD needs independent architecture development that is not compromised by those with a vested interest in the outcome. FAR OCI rules must be better enforced. NDAA Sec 804 2010: DoD will establish a modular IT Acquisition process that is responsive to the fast paced IT market. Weapons systems depend on stable requirements, but with IT, technology changes faster than the requirements process can keep up, he said. It changes faster than the budget process and it changes faster than the acquisition milestone process. For all these reasons, the normal acquisition process does not work for information technology.” DepSec Bill Lynn statement at the 2009 Defense IT Acquisition Summit hosted by IT-AAC

اسلاید 7: Federal IT Acquisition Root Causes compromising mission effectiveness and costing tax payer $40B/yearIT Acquisition Ecosystem Ineffective: Missing incentives & metrics, redundant oversight, vague accountability, ineffective governance (MOE, SLA) puts focus on compliance vs outcomes. Programs spending up to 25% on compliance without any reduction in risk. Good laws (CCA, OMB 119, FAR, Sec804) lack enforcement. Frequently compounded by Ad-hoc Implementations and MilSpec methods. DODAF, JCIDS, NESI, LISI were designed for Weapons Systems, compete with standards and orthogonal to Industry Best Practices.Conflict of Interest unenforced, optimal resources and expertise overlooked: FAR prohibits Contractors with vested interests in implementation should not use “Chinese firewalls” to bypass rules or gain unfair advantage. Optimal resources in IT Program planning, market research, and solution engineering overlooked, inhibiting access to real world best practices and innovations of the market. Standards bodies & non-profit research institutes under utilized. “You can’t solve today’s problems with the same thinking that got you there in the first place” Einstein

اسلاید 8: Root Cause (cont.)Innovation Stifled: Traditional SIs and FFRDCs are insulated from commercial IT innovations and best practices. DoD lack organic mechanisms for tapping innovations of the market, commercial expertise, or real world lessons learned. Public Service organizations (.edu, .org, SDOs) often left out of the equation. Current IT Processes in conflict with best practices and drive “design to spec” approach:MilSpec Requirements (JCIDS), Architecture (DoDAF), Tech Assessment (TRL/C&A), Business Case (BCA) and Procurement (DoD5000) and Enterprise Management (CMM) processes are disconnected and inconsistent with fast paced IT market (violating Paperwork Reduction Act, CCA, and OMB A119) Budgeting (POM) approaches drive stove pipe solutions:Frequently undermining ability to establish common & interoperable infrastructure services which accounts for 70% of every IT program buy. Concepts like SOA, Cloud Computing and Service Level Management cannot be embraced without a change in the above. It is not a great mystery what needs to change, what it takes is the political will and willingness, as Eisenhower possessed, to make hard choices -- choices that will displease powerful people both inside the Pentagon and out” Defense Secretary Robert Gates

اسلاید 9: Critical Success Factors for Sustainable IT Acquisition Reform15 years of studies suggest the following critical success factors for sustainable IT Acquisition Reform. Any new IT Acquisition process will need to meet the rule of law: Must replace each of the existing IT Acquisition lifecycle building blocks (per DSB report) and address the unique challenges of the fast paced IT market (JCIDS, DODAF, DOD5000, NESI) Must be derived from commercial best practices (CCA) Must avoid MilSpect by leverage existing investments and capabilities (CCA, NTTAA) Should favor standards of practices processes already proven in the market Should be based on Open, consensus based methods (OMB A119) Must be modular, services oriented (NDAA Section 804) Should be measurable, repeatable and sustainable, with supporting training, education and mentoring (HR 5013)

اسلاید 10: Leveraging Existing IT-AAC Investments can significantly reduce time, risk and costEstablished an alternative, conflict free think tank composed of the worlds top minds and most respected public service entities.Established Root Cause of Failure in DoD IT Acquisition and their devastating impact, derived from; over 40 major studies, 2 surveys, 121 interviews, 21 Leadership Workshops and 4 conferences.Benchmarked Industry IT Architecture & Acquisition Best Practices and Common Failures, 10 of Fortune 50.Researched and validated emerging standards of practice that would significantly reduce risk and cost of IT Acquisition Reform efforts. Successfully piloted alternative IT Acquisition processes covering; requirements, architecture, tech assessments, business case analysis, and source selection. Established Decision Analytic tool, documentation, and case studies for rapid adoptionPartnership with DAU, which established an alternative IT Acquisition Training Curriculum. Established an IT knowledge network of tens of thousands plus several hundred government IT Acquisition executives and practitioners who are aligned with IT-AAC vision.

اسلاید 11: Phase 3Phase 2Phase 1What IT-AAC Proposes to the DepSecDef to assure Sustainable DoD IT Acquisition ReformConduct Value Stream Analysis, Establish Measures of Effectiveness: tap alternative resources and expertise to provide critical resource support to the DepSec and IT Acquisition Task Force to establish performance metrics. Guide Task Force in establishing Governance Structure and Incentives for Sec804 and Operational Efficiencies in terms of process, culture, incentives and mentoring. Conduct Root Cause Analysis and Prioritization: of current acquisition ecosystem (processes, culture, acqu resources and incentives) with public/private partners. Repurpose existing studies developed by objective sources; GAO, DSB, AF SAB, BENS, CSIS, IAC/ACT, ICH, IT-AAC, RAND, Battelle, NDIA. Conduct impact assessment and cost of maintaining status quo. Establish Critical Success Factors Task IT-AAC Conduct Readiness Assessment while gaining buy-in among “Operators” of IT Acquisition process. Build out IT-AAC Leadership Forums to identify existing capabilities, expertise, and emerging standards of practice. “804 Solution” must address weakness of all acquisition lifecycle processes; requirements (JCIDS), architecture (DoDAF), tech assessment (TRL), acquisition strategy, source selection, decision analytics (oversight). Repurpose ICH/PRTM Benchmark of Industry IT Acquisition Best Practices: Document emerging IT Requirements, Architecture, Assessment & Acquisition standards of practices, approaches, processes, processes standards that have already been proven in the market. Reduce cost and risk of “build from scratch” or “reshaping broken processes”. Identify high risk programs where new processes can be piloted. Institutionalize New IT Acquisition “Ecosystem” with Defense Agency Partners that addresses Section 804, HR 5013 process implementation, training and piloting of the new IT Acquisition process. Mentor high profile IT programs ( who are already looking for change) through new 804 process; TMA’s EHR, DEEMs, Army FCS, DISA NECC, AF SOA, etc. Work with DAU to establish IT Acquisition training curriculum and mentoring program. Build out DAU’s IT Clearinghouse to capture benchmarked industry best practices and proven innovations of the market.

اسلاید 12: ProcessTechnologyPeopleContinuous Process Improvement for Sustainable Acquisition EffectivenessWorkforce Empowerment: Establish robust IT Acquisition Training and Mentoring program with the IT-AAC that builds on DAU/IT-AAC Partnership. Build out Best Practices Clearinghouse with reusable acquisition decision templates and solution architectures already proven in the marketFacilitated IPTs among stake holders: Establish Stake Holder agreements, Measure of Effectiveness, and Leadership Forums to align with mission objectives. (stake holder value)Industry Benchmarking and Market research: Closing the knowledge gap. Baseline real world metrics and service levels. Leveraging ICH’s deep network of experts and expertise not available from traditional sources. (the realm of the possible).Capability Gap Analysis: What IT infrastructure capabilities & services (netcentric) exist that can be readily leveraged (shared services), via SOA, IT Infrastructure, Cloud Computing best practicesLean Six Sigma: Identify and eliminate legacy processes and policies that are no longer relevant to IT Acquisition outcomes. Establish streamlined set of methods & tools based on proven evidence to deliver. Leverage proven standards of practices that deliver. Acquisition Transformation Roadmap: Streamline current (Sec804, CCA)) IT Acquisition Processes by focusing on outcome, metrics and proven approaches. A Grey Beard Council that exposes real world expertise and lessons learned. (close the gap). Leverage existing processes and laws.

اسلاید 13: Recommended Actions for Agency Heads operationalize Sec804 and Gates Efficiency InitiativesAcquisition Ecosystem Readiness Assessment: ID specific inefficiencies and gaps in current IT acquisition policy, governance/oversight, architecture, technology assessment, and procurement. Focus on alignment with agency mission objectives and outcomes. (not compliance)Transform Oversight: eliminate redundancies and increase decision transparency. Establish incentives and MOEs that encourage risk management vs risk avoidance. IT Value Chain Re-alignment: Establish Measure of Effectiveness with each of the stake holder’s to optimize contribution to mission outcomes; defense users, SIs, researchers, academia, innovators. (stake holder value)Enhance DAU Industry Best Practices Clearinghouse: Closing the knowledge gap. Capture and reuse real world metrics and service levels. Leveraging IT-AAC’s deep network of experts and expertise not available from traditional sources. (the realm of the possible).Common IT Infrastructure Services: Reduce duplication and increase interoperability by establishing a set of common infrastructure services. First document existing infrastructure capabilities & services that can be readily leveraged (the known). Capture lessons learned from both failures and successes; CANES, NECC, AFNETOPS, DII COE. Transform Acquisition Lifecycle: Institutionalize “open processes” that have proven to work; Service Oriented Enterprise, Agile Development, Technology Assessment, Component-based Architectures, Decision AnalyticsAcquisition Management Workforce Training & Mentoring: establish a conflict free pool of expertise and expertise that can mentor less experiences PMs. (drive cultural change)

اسلاید 14: IT-AAC Baseline Assessment of Alternative IT Acquisition Processes

اسلاید 15: IT-AAC Coalition of the Willing Industry Participants (partial)Admiral Lenn Vincent (ret), Defense Acquisition UniversityWill Thomas, Director IT, Center for American ProgressJohn Weiler, ICH Founder & Chief Strategist, IT-AAC Vice ChairLarry Allen, Executive Director, Coalition for Government ProcurementEd Black, President, Computers & Communications Industry ConsortiaStephen Buckley, Kerberos Consortia, MIT SloanDr Joe Besselman, former AF GCSS PM Edward Hammersla, EVP Trusted Computing SolutionsWilliam Lucyshyn, Director of Research, School of Public Policy, U of MDDan Johnson, Sr. Council, Computers & Communications Industry AssociationKirk Phillips, ICH Fellow, Founder Kirk GroupFrank Weber, former AF ESC 554 Wing Commander Marty Evans, former AF AQI DirectorSkip Snow, former Citigroup SVP of ArchitecturesChairman Michael Wynne, former Secretary of USAFGen (ret) Arnold Punaro, Sr Fellow Defense Science BoardADM (ret) Edmund Giambastiani, Vice Chair, Joint Chiefs of StaffADM (ret) Mike Bachmann, former Navy SPAWAR CMDRHonorable Jack Gansler, PHD, UofMD School of Public PolicyHonorable Dave Oliver, former OSD ATL, EADSHonorable Sue Payton, former AF AQ DirectorDr Susan Gragg, former NRO CIORandall Yim, former Deputy Director, GAO, former DepSec for Installations, first DHS FFRDC Managing Director, ICH FellowLt General (ret) Jack Woodward USAF, former AF Deputy CIO and Joint Staff J6Susan Maybaum-Wisniewski, BENS.orgDr. Marv Langston, former OSD C3I DCIOAF General (ret) Paul Nielson, CEO, SEI CMUDave Patterson, former OSD Comptroller, University Of TennesseeKevin Carroll, former Army PEO EIS, ICH Corp RelationsRahul Gupta, IT-AAC Vice Chair, PRTM Director

اسلاید 16: IT-AAC Coalition of the Willing Government Participants (partial)Mike Kennedy, Director Operations, INTELINK, DNISteve Cooper, Former DHS CIO, CIO FAA OTARobert Osborn, J6 CIO, US TRANSCOMFrank Garcia, Professional Staff, House Permanent Select Committee on Intelligence Dave Weddell, Deputy N6/CIO, Navy Jake Haynes, Program Manager, Defense Contracting Management AgencyGreg Gardner, Deputy CIO, Director for National IntelligenceKathy Laymon, Supply Chain Risk Mgt, US ArmyMaureen Coyle, Deputy CIO, VAMaryAnne Rochy, Deputy CIO and PEO Acquisition, OSD Health AffairsDavid Schroeder, Director External Relations, OSD HA CIOGino Magnifico, CIO, Army Contracting CommandStewart Whitehead, SES J8, Joint Forces CommandDr Paul Tibbits, Deputy CIO and Director Enterprise Development, VADave Green, CTO, US Marine CorpsBrad Brown, Director of Acquisition Policy, Defense Acquisition UniversityBarry Robella, Professor of Systems Engineering, Defense Acquisition UniversityJanice Haith, Deputy CIO, Information Sharing, OSD Dr. Tim Rudoph, CTO, AF ESCBill McKinsey, Chief IT Management, FBITerry Balven, CIO, AQ, Secretary of the AFMichele Hopkins, Deputy AQI, Secretary of the AFHonorable Bill Lynn, DepSecDefHonorable Beth McGrath, Deputy Chief Mgt OfficerLtGen Jeff Sorenson, Army G6/CIOMGen Susan Lawrence, Army NetCom CommanderLtGen Mark Shackelford, Deputy SAF, AcquisitionBlaise Durante, SES, AF AQDr. James McMichael, President, DAU (acting)Honorable Claude Bolton, Executive in Residence, DAUJan Frye, Chief Acquisition Officer, Veterans AdministrationTim Harp, SES Deputy Asst Secretary Acquisition, OSD NIIMark Bogart, SES, CAO, DIA Gary Winkler, SES Director Army PEO EISJames Washington, VP and Chief Acquisition Officer, FAA John Higbee, SES Director Acquisition Management, Department of Homeland SecurityRalph Roman, SES Director IT Acquisition Council, Department of Homeland SecurityKeith Seaman, DBSAE, BTAJames (Raleigh) Durham, DDR&E, OSD ATLChris Miller, Executive Director, PEO C4I, NavyStephan Warren, Deputy CIO, VA

اسلاید 17: Leveraging Patterns of Success Alternative IT Acquisition Processes already exist!Navy: Assessment of AFLOAT Program – CANES SOA & Security StrategyEliminated hi-risk Requirements by 23%, $100Ms in potential savingsUSAF: Streamlined COTS Acquisition Process. Applied to Server Virtualization.Established optimal arch with ROI of 450% & $458 million savings USAF: Procurement of E-FOIA System using AAMCompleted AoA, BCA, AQ Selection in just 4 months. USMC: AoA and BusCase for Cross Domain, Thin Client SolutionsGreatly Exceeded Forecasted Saving in both analysis and acquisitionGSA: Financial Mgt System consolidation using AAM. Moved FMS from OMB “red” to “green”. Eliminated duplicative investments that saved $200MBTA: Assessment of External DoD Hosting Options using AAM$300 million in potential savings with minimal investmentBTA: Apply AAM to complete AoA and BCA for DoD SOA ProjectReduced pre-acquisition cycle time and cost of Analysis by 80%(4 months vs 18)GPO: Developed Acquisition Strategy for Future Digital SystemLed to successful acquisition and implementation on time, on budget and 80% cheaper than NARA RMSJFCOM: MNIS Evaluation of Alternatives for Cross Domain SolutionsEvaluated 100’s of Options in 90 days, enabling stake holder buy in and source selection. “. the concept of the Interoperability Clearinghouse is sound and vital. Its developing role as an honest broker of all interoperability technologies, no matter what the source, is especially needed. Such efforts should be supported by any organization that wants to stop putting all of its money into maintaining archaic software and obtuse data formats, and instead start focusing on bottom-line issues of productivity and cost-effective use of information technology.” OSD Commissioned Assessment of Interop. Clearinghouse (Mitre 2000)

اسلاید 18: Backup Slides in case you want to do something about IT

اسلاید 19: Information Technology EvolutionInformation Driven CapabilityCentral computer center, slow turn aroundOne size fits allLimited reuse of application modules19501960197019801990200020102020Centralized - MainframeClient/Server - DecentralizedInternet - CloudPC enabled and networkSoftware distributed in both server and client computersHeavy focus on software development and point to point integrationVirtualized compute; global network enabled, plug & playIT Infrastructure decoupled from ApplicationsCOTS & OSS Integration, Software as a ServiceAdding functional capability has become easier with each new waveWe are in early stages of Wave 3 information technology Mainframe and Client-Server waves remain in placeWaves represent many co-dependent technologies, matured over timeBut enterprise infrastructure gaps & vulnerabilities have become more criticalDoD is using Wave 2 acquisition & budget processes; to acquire Wave 3 capability IT-AAC understands IT Acquisition Dilemma Wave 3 Solutions can’t be acquired using MilSpec processes…

اسلاید 20: Resource Optimization ConsiderationsFFRDCs: Best suited for govt unique R&D and Source Selection. Standards Development Orgs (SDO), Trade Associations: Source of standardizations among suppliers, ISVs. Effective source for market communications and outreach. Research Institutes, Labs & Academia: Excellent source of low cost research, piloting of emerging technologies not yet proven in the market. Effective in IT & acquisition training. Consultancies, A&AS Firms: Excellent for IV&V and source selection if free of vendor relationships or implementation interests. Can mitigate OCI issues in acquisition. Innovators, ISVs, Open Source: The engine of innovation. Most effective and efficient way of filling common industry IT gaps. Great source of customer case studies and best practices. System Integrators: Optimized for large scale implementation and outsourcing. Have significant economies of scale and technology usability insights.

اسلاید 21: Value Chain Optimization Trade Offs

اسلاید 22: IT-AAC = Efficiency Transforming & Informing the IT Acquisition LifecycleICH MethodsStructure: Public/Private service think tank composed of multiple universities/UARCs, non-profits, research institutes and renown experts working collaboratively for the common good. Dedication: Ushering in benchmarked industry implementation & governance best practices and lessons learned. Align and Streamlining IT Acquisition Lifecycle for greater mission effectiveness. Capabilities: Root Cause Analysis, Service Oriented Enterprise, Architectures, Grey Beard Program Reviews, Decision Analytics, Performance Metrics and Technology Assessments. Focus: Business Systems, Cyber Security, Info Sharing, IT Infrastructure, Health IT, Net Centricity, SOA Infrastructure (core government mission threads)Results: Assured Mission Outcomes through organizational alignment and continuous process improvement. Measurable, sustainable, and repeatable processes & outcomes.

اسلاید 23: IT-AAC Contract Vehicles Contract Options for Essential Engineering Services:Direct:GSA Schedule 70, 5 Firm Fixed Price offerings under $500KGSA MOBIS, Small BusinessSOSSEC Other Transaction Authority (OTA) Scientific Service Program, FAR 6-302 Sole Source (Battelle)FAR 6-302 Sole Source; Innovative Solution not available from any other source (AAM Framework) and Essential Engineering Services from a non-profit research institute (same as FFRDC)Indirect:SAF/XC BETA (TAG) SAF/FM A&AS (A.T. Kerney)Navy SPAWAR EC2 ATS (SAIC)VETS GWAC Seaport IDIQ ENCORE II IDIQ