As the frequency and sophistication of existential threats to national security over the past decade have drastically increased, the United States’ reliance on software to identify threats, rapidly share information, and manage its military resources has increased. Accordingly, the federal government’s ability to timely develop, procure, and deploy software to the field has been—and continues to be—a critical component of national security. Notwithstanding the growing importance of software to national security, the Department of Defense (DoD) software-acquisition process mirrors the lengthy, inflexible process typically reserved for the acquisition of major weapon systems. As a result, the DoD’s software development and acquisition cycles are significantly longer for their commercial counterparts, thus affecting the DoD’s ability to deliver timely solutions to users and rapidly respond to urgent threats.
Recent legislation introduced in the U.S. House of Representatives is aiming to radically change the DoD’s software acquisition and development process. The bipartisan Creating Opportunities through Defense Engineering Requirements (CODER) Act of 2019, H.R. 3093 (June 4, 2019) aims to, among other things, expedite DoD software development and acquisition by creating rapid software development pathways and establishing software training and management programs. Recently incorporated into the proposed National Defense Authorization Act (NDAA) for FY 2020, the CODER Act’s nontraditional rapid acquisition processes, if adopted, could significantly affect how DoD agencies acquire and develop software.
Contractors should be prepared to embrace this streamlined method of rapid acquisition—focusing on speed and deliverability without the typical regulatory restraints—that mirrors other nontypical DoD acquisition vehicles such as Other Transaction Authority (OTA) contracts.
Prior Calls for Reform of DoD’s Software Acquisition Process
Although the CODER Act represents the first significant legislative push to reform the DoD’s software acquisition process, it is preceded by recent reports highlighting the shortcomings of DoD’s current development and acquisition procedures. For example, in February 2018, the Defense Science Board (DSB) Task Force on the Design and Acquisition of Software for Defense Systems recommended that DoD and the defense industrial base modernize software development through “software factories” by, among other things, instituting continuous iterative development as a best practice and drafting contracts with an eye toward software sustainment. More recently, a March 2019 DoD Defense Innovation Board (DIB) report summarized its two-year Software Acquisition and Practices (SWAP) study intended to explore ways for DoD to increase its cooperation with commercial software developers. The results featured three overarching themes: (1) speed and cycle time are the important metrics for software development, (2) more must be done to retain and support software developers, and (3) software and hardware development should be managed differently.
The CODER Act
The CODER Act appears to incorporate a number of the recommendations included in the DIB and DSB Task Force reports. Specifically, the Act:
- Directs DoD to issue guidance, no later than March 1, 2020, authorizing rapid acquisition pathways for (1) rapid development of applications to be used with commercial hardware, and (2) rapid development and insertion of software upgrades in DoD weapon systems. To allow for a more rapid acquisition process, these software acquisitions will, ideally, include products or hardware already in use by the DoD.
- Requires that contracts issued under this authority will neither exceed $50 million nor last more than one year in duration. The Act also provides for a one-time option to extend the contract for an additional year (or less), but for an amount not to exceed $100 million.
- Provides that the requirements for acquisition of software applications and software upgrades will (1) be developed, refined, and prioritized on an iterative basis through continuous participation and collaboration between users, testers, and requirements authorities, and (2) identify the need for the software to be acquired and a rationale for how the software will support increased efficiency of the DoD.
- Generally exempts the proposed rapid software pathways from the requirements of both the Joint Capabilities Integration and Development System manual, which dictates how to integrate acquisitions into the larger DoD framework, or DoD Directive 5000.01, which sets the standards for the Defense Acquisition System. Exempting the proposed pathways from such administrative and regulatory requirements will streamline the acquisition process with the goal of allowing for rapid development and fielding of software.
- Requires the establishment of an independent cost estimate for consideration of (1) the process of developing the software to be acquired, and (2) the long-term value of the software to the DoD. Additionally, the Act calls for the generation of software performance metrics—such as metrics relating to when the software can be fielded, delivery capabilities, and speed of recovery from outages and cybersecurity vulnerabilities—to be updated on a continuous basis and made available to the DoD and Congress.
- Directs the use of streamlined acquisition procedures for the procurement of software through the use of “project managers.” For a particular software acquisition, a project manager oversees the acquisition and directly reports to the service acquisition executive of the cognizant military department. This proposed supervision structure also grants the project manager broad powers to conduct rapid software acquisitions, such as the authority to make trade-offs among life cycle costs to meet acquisition targets. But the most significant aspect of the program manager’s proposed powers is the ability to expeditiously seek a waiver from Congress from any statutory or regulatory requirement that the project manager determines adds little or no value to the management of the acquisition.
- Orders the Secretary of Defense to “establish software development and software acquisition training and management programs for all software acquisition professionals, software developers, and other appropriate individuals,” to include continuing education and experiential training.
Although the details of this legislation are bound to change, the initial draft of the CODER Act signals a potential sea change in the way that the DoD approaches software development and acquisition. At bottom, the Act significantly streamlines and shortens the DoD software acquisition process, with the goal of enticing more nontraditional software developers to work with the DoD.
DoD contractors seeking to take advantage of the movement toward a streamlined procurement process should consider the following:
- Reevaluate internal approach to software development. Focus on potential avenues for introducing the speed and deliverability of the commercial software development process to DoD. Additionally, reevaluate other development factors emphasized by the CODER Act, such as pricing, meeting DoD cost estimates, and the long-term value of particular software to DoD.
- Review supply chains. With speed and deliverability as the cornerstones of both the CODER Act and DoD’s movement to modernize its software development process, contractors should consider identifying bottlenecks and areas for improvement within internal supply chains. Moreover, with DoD’s increased focus on supply-chain security, contractors should also consider measuring the vulnerability and security of its supply chain in tandem. Software “construction” can be challenging under typical, 20th-century regulatory regimes; make sure your descriptions of builds are appropriate and tracking with the most recent decisions on how software builds are identified.
- Protect your IP. The benefits of a new, streamlined acquisition process will inevitably bring with it questions about the extent of each party’s rights and obligations. Contractors must be vigilant and ensure that a streamlined procurement process with less regulatory red tape doesn’t also mean less regulatory protection for its proprietary development tools and rights in data. Contact and work with counsel to ensure you have the appropriate protections in place.
Undoubtedly, many private entities involved in software development will welcome this legislation, but, as with any significant change to the federal acquisition process, caution is warranted until clear guidance on the revised process is available. As the NDAA for FY 2020 is still being finalized, we will be following up in the coming months on any new developments regarding this legislation.