Navy lifts sights on NMCI

The Navy has upped the ante in one of the most ambitious federal technology outsourcing projects afoot, with the potential to set the course of—if not derail—similar deals in the future.

With the Navy Marine Corps Intranet contract locked up, Electronic Data Systems Corp. is faced with the daunting task of managing the Navy Department's PCs, networks, servers and related infrastructure. At the Navy's request, that now includes remote network access.

Every aspect of the $6.9 billion NMCI outsourcing contract that covers voice, video and data services is outlined in a service-level agreement. These SLAs—NMCI currently has 37—define expec-tations ranging from user satisfaction and help-desk response to network downtime.

Through the pending remote access option, users could access NMCI systems from their home PCs, said Rick Rosenburg, EDS' NMCI program executive.

If successful, the company stands to earn several million more dollars. But failure, especially a security breach, brings with it the potential for hefty financial penalties—possibly in the millions. How well EDS and its largest security subcontractor, Raytheon Co., perform may change the future of seat management and how SLAs are written.

"This is absolutely consistent with procurement reform," including the Clinger-Cohen Act and the Government Performance and Results Act, said Chip Mather, senior vice president of Acquisition Solutions Inc. in Chantilly, Va. Navy officials are "focusing on the outcome. They're loose on the "how' and tight on the "what'" by measuring EDS' ability to meet their needs.

EDS is rolling out NMCI to 45,000 users by March, the Navy's testing and evaluation begins in July and then the service will report its progress to Cap-itol Hill. To get approval for rol-ling out NMCI to more users in fiscal 2002, EDS must show Congress that the systems under its control work better than before.

To safeguard classified information, remote users won't have access to the Secret Internet Protocol Router Network, nor will they be able to connect via commercial Internet service providers. Instead, sailors and Marines will have access to the Non-Classified IP Router Network, which handles travel requests and contracts, for example. EDS will install a Pentagon-issued common access card for remote users, Rosenburg said.

With remote access, reservists would be able to make travel requests from home, said Capt. Martin Menez, the Naval Reserve Force's chief information officer. That may help reservists cut approval time for such requests from 60 days to three.

At a cost of $500 per user, if the Reserve requests remote access for each of its 75,000 personnel, EDS would earn an extra $37.5 million per year.

But network security will be a tough hurdle for EDS; hackers have penetrated corporate networks by exploiting remote users' accounts. A "red team" of Marine and Navy hackers will periodically attempt root-level intrusions, as well as retrieval and denial-of-service attacks. The Navy is looking for a nearly perfect record on network security—EDS needs to score at least a .995 for data integrity attacks and a .999 for intrusion detections.

EDS, working with the Navy, will also have to determine how to regulate public-key infrastructure tokens, used to verify the identities of remote users, Menez said.

One low-tech issue is customer support. Because they face system connectivity issues and can't just ask a buddy for help, remote users are more likely to call the help desk. Under its first SLA, EDS must resolve help-desk problems within four hours for mission-critical users—such as commanders-in-chief—and two business days for other users.