Cyber, IT personnel, and acquisition changes in the 2020 NDAA

The Defense Department is on the brink of major acquisition changes to help encourage faster tech adoption.

(U.S. Marine Corps photo by Cpl. Elize McKelvey) A contractor supporting the 15th Marine Expeditionary Unit uses a digital interoperability system aboard an MV-22B Osprey during Certification Exercise (CERTEX) off the coast of San Diego, April 19, 2015.
 

The 2020 National Defense Authorization Act was signed into law Dec. 20, and with it comes a range of cyber, IT personnel and acquisition policy changes. Here's some of what FCW will be tracking in the New Year:

Consumption-based solutions. A consumption-based acquisition provision was originally recommended by the Section 809 panel's suite of acquisition reforms. And while most of the panel's suggestions weren't expected to make it into the NDAA for 2020, this one did. Doing the study, which is due in March, allows DOD to evaluate how consumption-based solutions, which involve an agency getting billed for how much it uses, would affect its contracts.

Space Force acquisition challenges. Since the 2020 NDAA authorizes the standing up of Space Force, there could be new acquisition changes needed. The bill mandates a report due in March on whether there needs to be a new acquisition assistant secretary for space policy.

Report on edge computing technology. DOD's acquisition chief will have to report to Congress on commercial edge computing technologies and best practices for warfighting systems.

More cybersecurity oversight is coming to DOD, starting with a mandatory cyber review every four years. This requirement begins in 2022 and includes an assessment of costs, benefits, and whether, possibly like Space Force, a cyber force should be a separate uniformed service. There will also be quarterly reviews on cyber mission force readiness.

Zero-based review for IT and cyber personnel. The Defense Department has until Jan. 1, 2021, to complete a zero-based review of cyber and information technology contractors, military, and civilian personnel.

The review will assess staffing needs and effectiveness and also evaluate whether job descriptions, duties, and "whether cybersecurity service provider positions and personnel fit coherently into the enterprise-wide cybersecurity architecture and with the Department's cyber protection teams."

Information operations. The military services have increasingly emphasized the importance of information warfare and operations in the wake of the 2016 presidential election and the aftermath of public and Congressional scrutiny.

The 2020 NDAA affirms this by requesting DOD appoint a "principal information operations advisor" to the secretary on "all aspects of information operations conducted by the Department." In a separate but somewhat related provision, the bill authorizes research for "foreign malign influence."