Observations for Industry in DISA’s New Strategic Plan
Published: November 11, 2020
DISA outlines its modernization path.
- DISA will continue leveraging Other Transaction Authority agreements in combination with the SETI IDIQ to implement cutting-edge commercial solutions.
- Procuring/developing situational awareness tools to secure DOD networks will be a priority.
- Network automation and software-defined networking solutions will be in demand.
Last week, amidst the chaos of the U.S. presidential election, the Defense Information Systems Agency (DISA) published a new strategic plan covering the years 2019-2022. This plan outlines the agency’s strategic priorities for the next two fiscal years and as such it contains information of interest to companies either currently working with DISA or seeking to work with the agency in the future. Below are a few observations from reading the new plan that may help contractors develop meaningful strategies for capturing business. Please note this is only a portion of the insight one can glean from the plan. It is not intended to be comprehensive.
According to the DISA plan, the agency will “Use the Other Transaction Authority to attract companies with leading-edge technologies. Once awarded, [we will] use the Systems Engineering, Technology, and Innovation contract to partner with small, innovative companies.”
DISA leaders have made no secret of their intent to use OTA contracts for acquiring commercial technologies. The statement above confirms that DISA will continue to use this contracting method, in combination with the SETI IDIQ. Without detailing exactly how they’ll do it, DISA intends to pair holders of SETI contracts with OTA prototype contract winners. Doing so appears to represent a big change in how OTA-related work has been carried out to this point.
As the frontline defender of Department of Defense networks, DISA’s cyber security requirements are extensive. According to the agency’s strategic plan, DISA want to “enhance operations by developing a comprehensive network operations tool set used to monitor the status of the enterprise infrastructure, command and control (C2) networks, and information-sharing capabilities to provide resolution of network anomalies or interruptions.”
That DISA does not already possess such a tool set is, frankly, shocking, but it may also reflect the transition toward a new enterprise network infrastructure that the agency is making. Achieving situational awareness in that network will be of paramount importance so expect DISA either to put out a solicitation for the development or procurement of such a tool, or to task an existing DISA contractor to build it. Should a solicitation appear it would not be surprising if DISA decides to try using the OTA/SETI approach mentioned above.
Although this also falls under the rubric of cyber security, I have chosen to approach the subject from a different angle. DISA outlines its network modernization objectives as follows: “Employ a global converged network infrastructure by converting to an IP-based architecture and implement Internet Protocol v6, where fault isolation and dynamic routing of network traffic enable enhanced service delivery and prevent service interruption to the end user. Implement an agile, intelligent, and virtualized next-generation architecture that is secure-by-design through implementing next-generation identity and management solutions, comply-to-connect technologies, and a software-defined enterprise to enable a data-centric model that optimizes DOD-wide effectiveness and interoperability.”
These paragraphs scream out requirements for network automation technologies. These capabilities should be hardware agnostic, enabling DISA to make the DOD Information Network (DODIN) software-defined. Machine Learning capabilities laid over the top will make the network “smart” so that threats can be identified in real-time. The question concerning procurement is will DISA ask the company that wins its Defense Enclave Services contract to implement these solutions or will DISA contract them separately. My guess would be a portion of both, with DISA exploring the use of OTA for the required solutions.