IT Policy Update(IT Efficiencies, IT Acquisition Reform & Other)                   Don Johnson         Office of the Secre...
Where To Start – Senior Official for IT      Inspiring New DoD CIO Role• DoD CIO Vision   • Agile and secure information c...
New OSD Landscape, Jan 11, 2012• Refashioned DoD CIO                                                  • New DASD Within AT...
Innovating in DoD’s IT Landscape       Each System is Often Part of a Larger “System”                                     ...
Need to Govern Differently      CSIS Study on Acquisition of Net Centric System-of-SystemsProblem: Stove-piped, program-ce...
Visible and Hidden IT Costs                  Jan 2012 Defense Business BoardEnterprise Consolidation Savings: 25-50% in To...
Bigger Picture: Enhancing Enterprise         Efficiencies (Others Federal Agencies Having Impact)     2012 Excellence.gov ...
Need to Innovate & Think Differently           What Did Former DoD Leaders Say -   “It is time to think hard about how to ...
Thinking Differently in IT Acquisition    Inside the Pentagon, March 2012Deputy Chief Management Officer Beth McGrath said...
IT Legislative Landscape                                            -2010 Section 804: New IT acquisition process         ...
2010 National Defense Authorization ActIMPLEMENTATION OF NEW ACQUISITION     PROCESS FOR INFORMATION       TECHNOLOGY SYST...
Achieving the Vision of the    March 2009 Defense Science Board      DSB Report on Policies and Procedures for Acquisition...
Acquisition Model                    Chapter 6 of March 2009 DSB Report                                                   ...
DSB Recommended Scope of Change                                               IT Use by DOD     IT to Support a National  ...
The Call For ChangeMarch DSB Consistently Supported By Others                     Acquisition             • Long acquisiti...
National Academies Study             Achieving Effective Acquisition of IT in the DoD, Dec 2009         DoD Should Impleme...
What is an Agile Model                                                                     Robust Operational Value       ...
Comparison DSB Model to DoD 5000         Why continued modifications will not work      Agile (AAM*)                      ...
Analysis &             Modelling   Prototype   DevelopmentDesign
Test and Evaluation Paradigm Shift       From Sequential to Agile Test/Evaluation                        Combined DT/OT/In...
New Requirements Process             JCIDS “IT Box” and Increased Combatant Command/User Role                             ...
Early Adopters: Organization-Wide Changes          Within The Intelligence CommunityProblem: The Intelligence Community fa...
Integrated Strategic Planning and               Analysis Network (ISPAN) Increment 2March 29, 2010 Acquisition Decision Me...
Comparison of Projected Deliveries                        Generic MAIS Timeline*                               Initial    ...
This Road Seems Awfully FamiliarPrevious attempts to reform IT lacking  • Brooks Act…..1972        • Centralized IT acquis...
DCMO-led Task Force(s) …. (2+ yrs later)                                         Portfolio &                              ...
Where Are We Today ?       New DoD 5000 With Multiple IT Appendices/Templates                                     30 Pages...
FY11 NDAA Section 933Develop a strategy for the rapid acquisition of tools, apps, and othercapabilities for cyber warfare ...
Bottom Line Up Front (BLUF)• Proposed Streamlined Requirements Process and Oversight Level   • Leverage overarching ICDs f...
Rapid Cyber Acquisition Roadmap                                Implementation Plan   Development                          ...
“Change is the law of life. And, those who look only to the     past or present are certain to miss the future.”          ...
Contact Information        Mr Don Johnson   USD(AT&L) DASD (C3 & Cyber)         (703) 614-5839      Don.Johnson@osd.mil
Upcoming SlideShare
Loading in …5
×

OSD ATL class on Agile Acquisition

2,617 views

Published on

0 Comments
3 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
2,617
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
53
Comments
0
Likes
3
Embeds 0
No embeds

No notes for slide
  • FY 11 NDAA Section 933 directed DoD to develop “a strategy to provide for rapid acquisition of tools, applications, and other capabilities for [cyberspace operations]” Evolution Developed a DRAFT Framework and Strategy described in Congressional Report Proposed strategy based on feedback and collaboration with stakeholders in Acquisition, T&E, and Requirements Working Groups Core team worked with Stakeholder organizations to develop Use Cases to ‘walk’ thru proposed processes and assess feasibility Congressional Report (overview) staffed IMP updated as appropriate to incorporate comments/recommendations along the way Where are we now? Congressional Report Submitted (this week) Stakeholder Engagement across ‘lanes’ to refine IMP and discuss/address remaining concerns
  • THE QUESTION WE NEED TO ASK OURSELVES IS WHETHER OUR PROCESSES CAN SUSTAIN US IN THE FUTURE - DESPITE THESE PROCESSES HAVE SUPPORTED US TO DATE; THE QUESTION IS WHETHER THESE SAME PROCESSES CAN SUPPORT US EFFECTIVELY IN THE NEW “CYBER DOMAIN” -- I WOULD SUGGEST THAT OUR LEADERSHIP ALSO LOOKED AT THIS QUESTION AND HAVE DECIDED FOR THE AREA OF IT ACQUISITION; OUR EXISTING PROCESSES NEED TO CHANGE. -- THIS IS SUPPORTED BY DE
  • OSD ATL class on Agile Acquisition

    1. 1. IT Policy Update(IT Efficiencies, IT Acquisition Reform & Other) Don Johnson Office of the Secretary of Defense USD(AT&L) – DASD(C3 & Cyber) 1 1
    2. 2. Where To Start – Senior Official for IT Inspiring New DoD CIO Role• DoD CIO Vision • Agile and secure information capabilities to enhance combat power and decision-making• Main DoD CIO Thrust Areas • Lead the DoD Information Enterprise • Improve Enterprise Architecture Effectiveness via Consolidate Infrastructure & Networks; Standardize IT Platforms; and Deliver DoD Enterprise Cloud • Direct and Oversee DoD IT Investments • Streamline Processes - Includes Enable Agile IT; Strengthen IT Governance; Leverage Strategic Sourcing for IT Commodities; and Strengthen the IT Workforce • Strengthen Cyber Security across DoD Enterprise • Create & maintain strong boundary defenses and monitoring on DoD networks
    3. 3. New OSD Landscape, Jan 11, 2012• Refashioned DoD CIO • New DASD Within AT&L• DoD CIO will retain • Primary authority for policy and oversight of IT, network defense and network operations • Statutory responsibilities relating to acquisition matters (aka Clinger Cohen Act related duties) • Principal Staff Assistant (PSA) for nuclear, C3 and spectrum • Information Assurance and related Cyber oversight duties
    4. 4. Innovating in DoD’s IT Landscape Each System is Often Part of a Larger “System” DoD Adaptive STRATCOM Planning Environment TRANSCOM ISPAN JFAST Force Management JCRM Plan Assessment DRRS Joint Staff J3 TSCMIS JOPES DB OUSD(P&R) IGS Wargaming RTB JET/RQT Force Flow ICIS ALPS OUSD(P) Logistics DISA Requirements Validation/Execution DLAMost IT Systems Have Their Own Requirements (Islands Upon Themselves) Each System Brings Its Own Infrastructure & Technology Stack No Single Office to Provide Guidance, Direction & Funding 4
    5. 5. Need to Govern Differently CSIS Study on Acquisition of Net Centric System-of-SystemsProblem: Stove-piped, program-centric and Component-centric systems have led to ad hoc activity, lack of flexibility and resilience in face of “surprise”CSIS Study Team: Mr Ken Krieg, Mr Frank Kendall, Harvard, etc.,Points/Recommendations:• Need for enterprise-wide governance for delivering warfighting and business capabilities is not recognized across DoD (applies equally to MDAP and MAIS)• Governance is key to successful delivery › No organizational construct exists to assess and guide “enterprise” performance (like a Board of Directors with authority to make trades) › Successful delivery of capabilities require that interests at the system/ component level be re-balanced around the capability-centric view• Absence of enterprise risk assessment , risk management strategies and enterprise metrics/goals (First enterprise milestone in acquisition is “IOC”)• Iterative involvement of warfighter in all stages of to “Capability-Centric” Shift Governance From “Program-Centric” delivery is critical but rarely
    6. 6. Visible and Hidden IT Costs Jan 2012 Defense Business BoardEnterprise Consolidation Savings: 25-50% in Total Annual Expenditures 6
    7. 7. Bigger Picture: Enhancing Enterprise Efficiencies (Others Federal Agencies Having Impact) 2012 Excellence.gov Awards Ceremony, March 13, 2012• Overcoming Cultural Barriers • FAA Federal Notice to Airman System • Enterprise capability replaces 50-year old system providing pilots safety of flight (in 15 minutes) to an IT system that takes less than 5 seconds• Overcoming Complexity of Worldwide Mission • Department of State’s Enterprise IT Innovation • Transformed a paper-based environment across 245 embassies • DHS consolidated 32 globally environments into one• Overcoming Silo-Mindset • U.S. Treasury developed IT solution to build its annual budget now used by 6 Cabinet agencies and 13 total agencies to build their budgets • Coast Guard Business Intelligence • Integrated 40 existing data sources to report readiness & capabilities • NASA created a single enterprise-level IT cloud across its 10 Centers • Minnesota became first U.S. state to enter into enterprise-wide cloud• Thinking Differently
    8. 8. Need to Innovate & Think Differently What Did Former DoD Leaders Say - “It is time to think hard about how to institutionalize the procurement of capabilities to get them fielded quickly – the issue becomes how we can build innovative thinking and flexibility into the rigid procurement system”• Adaptive Ecosystem • Processes responsive to dynamic operational and technology environment• Responsive Solutions • User-centered domain expertise • Leverage the latest solutions available commercially and products not hard-wired at predetermined needs unable to evolve• Speed • He who learns fastest ends up making progress and wins • Speed the process… … Gen Petraeus “The [defense] budget has basically doubled in the last decade. And myown experience here is that in doubling, we’ve lost our ability to prioritize,to make hard decisions, to do tough analysis, to make trades.” 8
    9. 9. Thinking Differently in IT Acquisition Inside the Pentagon, March 2012Deputy Chief Management Officer Beth McGrath said the revision tothe 5000.02 instruction that would overhaul the DoD procurementprocess awaits the signature of acting USD (AT&L) Frank Kendall tostart coordination.DoD calls for an agile application process that deploys capabilitiesevery 12 to 18 months to a number of business and non-businesssystems, said McGrath and DoD CIO Teri Takai in separateinterviews.Congressional sources said that DoD has deviated from severalsteps laid out in the section 804 reports implementation scheduleand Congress is still waiting to see the details of how DoD willachieve the plan. 9
    10. 10. IT Legislative Landscape -2010 Section 804: New IT acquisition process -2010 Section 933: New Cyber process & tools -2009 WARSA: ICE for certain MAIS when AT&L is MDA -2009 Section 841: Replace IOC with FDD -2009 Section 817: MAIS and MDAP mutually exclusive -2008 Section 812: Pre-MAIS reporting, funds first obligated -2008 10 USC 2222: Obligation of funds restrictions annual IRB -2007 Section 816: Codify MAIS, SAR-like and NM-like reporting -2007 Section 811: Time certain development for MAIS -2006 Section 806: Notify Congress of MAIS cancelation or significant change -1996 Clinger Cohen Act: DoD given acquisition authority to independently procure IT - 1988 Warner Amendment: DoD to procure IT provided it was an integral part of a weapon- 1965 Brooks Act: Provided GSA exclusive IT acquisition authority across the Government
    11. 11. 2010 National Defense Authorization ActIMPLEMENTATION OF NEW ACQUISITION PROCESS FOR INFORMATION TECHNOLOGY SYSTEMS• NEW ACQUISITION PROCESS REQUIRED —The Secretary of Defense shall develop and implement a new acquisition process for information technology systems • “… Be based on the recommendations in Chapter 6 of the March 2009 report of the DSB Task Force on DoD and Procedures for the Acquisition of Information Technology • New designed to include— (A) early and continual involvement of the user; (B) multiple, rapidly executed increments or releases of capability; (C) early, successive prototyping to support an evolutionary approach; (D) a modular, open-systems approach
    12. 12. Achieving the Vision of the March 2009 Defense Science Board DSB Report on Policies and Procedures for Acquisition of IT Today (Static/Time Unconstrained) Future (Dynamic/Time Boxed) 91 months 18-36 months“The primary conclusion of the task force is that the conventional DODacquisition process is too long and too cumbersometo fit the needs of the many IT systems that require continuous changes andupgrades. Thus the task force believes that there is a needfor a unique acquisition system for information technology.”March 2009 Defense Science Board Task Force Report
    13. 13. Acquisition Model Chapter 6 of March 2009 DSB Report Milestone Build Decision RELEASE 1 CDD Architectural Development Development & Demonstration ICD Business Case Analysis and Risk Reduction Fielding and Development Prototypes Iteration1 Iteration 2 Iteration “N” Coordinated DOD stakeholder involvement Integrated DT / OT Up to 2 years 6 to 18 months Development & Demonstration RELEASE 2 Prototypes Fielding Iteration 1 Iteration 2 Iteration 3 ICD Initial Capability Document CDD Capabilities Development Document Prototypes Development & Demonstration Fielding RELEASE “N” Iteration 1 Iteration 2 Iteration 3 Decision Pointodel: Continuous Technology/Requirements Development & Maturation • Impact to Core DoD Processes – Requirements: From: fix set of requirements; To: evolving requirements & user role throughout – Delivery: From: static waterfall model; To: Agile model with user feedback driving priorities – Governance: From: Driven by Milestones & breaches ; To: More frequent review- delivery focused – Functional Areas: From: rigor tied to documentation for single milestone; 1 Year Study – rigor tied to demonstrated risk and deliveryJohn Stenbit, To: Dr Kaminski, Noel Longuemare, of capabilities 13 Pricilla Guthrie, Industry, Academia, Former DARPA Director
    14. 14. DSB Recommended Scope of Change IT Use by DOD IT to Support a National IT to Support an IT to Provide a Security System Operational Process Shared Infrastructure “Classic” NSS War Business Data Common Comm Legacy Cyber Fighting Middle/ New NSS Process NSS NSS Process ware Process Networks Satellites Improve Improve Provide Shared, Trustworthy, Ubiquitous,Intent Weapon Operational Process High Performance, Low System Cost IT InfrastructureCustomer Force Process Infrastructure Provider Owner Provider DOD DODRealization Milestone Milestone New IT Acquisition ProcessProcess Process Process
    15. 15. The Call For ChangeMarch DSB Consistently Supported By Others Acquisition • Long acquisition cycle-times • Successive layers … built over years • Limited flexibility and agility Requirements • Understanding and prioritizing requirements • Ineffective role and comm in acquisitions Test/Evaluation • Testing is integrated too late and serially • Lack of automated testing Funding & Governance • Program-centric, not capability-centric • Overlapping decision layers (e.g., multiple review processes) • Lack of customer-driven metrics • Funding inflexibility & negative incentives
    16. 16. National Academies Study Achieving Effective Acquisition of IT in the DoD, Dec 2009 DoD Should Implement Agile -- Prioritization of Capabilities Throughout and Time-box Iterations Within Each Capability Increment Integrated T&E / Voice of the End UserRequirements Analysis, Requirements Analysis, Requirements Analysis,Re-prioritization & Re-prioritization & Re-prioritization &Planning Planning Planning Architecture Verification & Architecture Verification & Refinement Validation Refinement Validation Test Cases Testing Test Cases Testing Design Integration Design Integration Implementation Implementation 4 to 8 Week Iterations 2 Year Study – Lt Gen Campbell, Dawn Meyerriecks, Microsoft, Google, Carnegie Mellon, Cohen Group 16
    17. 17. What is an Agile Model Robust Operational Value Iteration n Operational ValueStep Development with Mission Infrastructure Initial Demonstrated As The Base Operational Value Iteration 2 Iteration 1 Iteration 0 Mission Apps Mission Apps Mission Apps Mission Infrastructure Mission Infrastructure Mission Infrastructure IT Infrastructure IT Infrastructure IT Infrastructure Demonstrated Operational Value Constantly Increases with each Iteration 17
    18. 18. Comparison DSB Model to DoD 5000 Why continued modifications will not work Agile (AAM*) Waterfall (5000.2) 1 3 2Incremental Integration & & Iterative “Big Bang” Delivery Delivery Presentation / User Interface Presentation / User Interface User Business Logic / Services Business Logic / Services Integration Integration Integration Database / Integration Development Database / Integration Team Development Team2-Oct 30-Oct 30 Nov 30-Dec 2-Oct 91 Months Iteration Iteration Iteration Later Data generated and used to calibrate the plan Significantly Changes Workforce Dynamics * AAM = Acquisition Assurance Method, an ICH process standard
    19. 19. Analysis & Modelling Prototype DevelopmentDesign
    20. 20. Test and Evaluation Paradigm Shift From Sequential to Agile Test/Evaluation Combined DT/OT/Interop/Security CT&E RELEASE 1 Development and Demonstration Iteration 1 CT&E Iteration 2 CT&E Iteration 3 CT&E• Establish a single entity accountable for rapid Test/Evaluation• Focus Capability T&E on the prioritized requirements of each iteration (vs. release)• Significant amount (100% is the goal) of test automation• Treat Capability T&E as a shared resource – Accomplish DT/OT/Iop/Security objectives – One team, one time, one set of conditions, one report• Field deployable capability…start small; scale rapidly
    21. 21. New Requirements Process JCIDS “IT Box” and Increased Combatant Command/User Role • Delegation of JROC responsibilities • Increased Combatant/User role throughout • Creation of “Functional Manager” • Charged with requirements accountability • Secretariat to delegated-JROC board • Responsible for maturing & prioritizing Req’ts • Serves as the regular, high-frequency, interaction with acquisition• Scenario Based Requirements • User Story (include Req’ts and Features) and Story Stack An active, living scope of work that stakeholders use to drive the project • Annual Capability Roadmaps • Annual Expectation Management Agreements • Domain understanding via enhanced use of prototyping & modeling (activity diagrams, process models, spike solutions, etc)
    22. 22. Early Adopters: Organization-Wide Changes Within The Intelligence CommunityProblem: The Intelligence Community faces nimble adversaries who can take full advantage of the speed of IT innovation from commercial industry where the “end state” is not known and thus requires continual modernization consistent with the pace of technologySolution: Based upon these guiding principles, an IC Agency implemented the following acquisition process: • Major modernizations projects are broken into increments • Increments typically have 18-30 month duration • Increments are subdivided into “spins” lasting typically 90-120 days or shorter • Initial Operational Capability (IOC) achieved within each increment • Customers prioritizes capabilities within each increment • Use of gates, metrics and processes to create, test and deliver valued capability • Robust risk management and governance process based upon quarterly reviews Program Initiation to MS B: 18 months (DoD: 41 months) MS B to initial delivery: 9 months (DoD: 47 months)
    23. 23. Integrated Strategic Planning and Analysis Network (ISPAN) Increment 2March 29, 2010 Acquisition Decision Memorandum Signed by Dr Carter Purpose: Authorizes tailoring of the Increment 2 program to achieve principles of Section 804 (of the 2010 NDAA) while adhering to DoDD 5000.01 Guidance: • No Milestone A • Replaces a "Build Decision" with traditional Milestone B decision • Approves program to forgo a Milestone C • Tailors the Configuration Steering Board • Replaces OIPT with a co-chaired PEO/OIPT quarterly review forum • Implements annual Expectation Management Agreement to include the spend plan, schedule, and capabilities to be delivered in the next l2-month period • Implements annual Capability Roadmap to define time-phased set of capabilities • Requires milestone doc to be signed within 45 days; if not, report to MDA required • Designates ISPAN Increment 2 a “Capital Program” 23
    24. 24. Comparison of Projected Deliveries Generic MAIS Timeline* Initial Milestone B Operating Planning Phase Build Phase Capability 43 48 Development MS C Analysis of Economic Alternatives Analysis 40 Test 5 91 Months * DSB Report,2009, Average of 32 MAIS ISPAN Timeline Initial Material Build Initial Operating Development Decision Delivery Capability Decision 12 13 9 33 Numbers represent time in months
    25. 25. This Road Seems Awfully FamiliarPrevious attempts to reform IT lacking • Brooks Act…..1972 • Centralized IT acquisition & management • CCA - Clinger Cohen Act….1996 • Computer Chaos “Billions Wasted Buying Federal IT” • “Process of acquiring IT takes significantly longer than tech..” • Decentralized IT acquisition & management • DoD Rapid Improvement Team…..2005 • Capability Portfolio Management ……2008 DoD Directive 7045Previous attempts at program level• Agile emphasized on NCTC Railhead Proposal • Top IT program to fight terrorism • Significant Gov & FFRDC team • RFP Required Agile experience/Scrum expertise• 2010 “Railhead’s $500M Colossal Failure” - “Collapse of the Railhead result of poor technical planning and design, potential contractor mismanagement and inadequate government oversight” 25
    26. 26. DCMO-led Task Force(s) …. (2+ yrs later) Portfolio & Portfolio & Funding & Resourcing Funding & Resourcing Governance Governance Acquisition Process Acquisition ProcessArchitecture ArchitectureRequirements Requirements Contracting Contracting Test, Evaluation, and Test, Evaluation, and Certification Certification UNCLEAR THERE IS ANY REPORT, RESULTS OR CONCLUSION Effort Appears to Quietly Disappear! 26
    27. 27. Where Are We Today ? New DoD 5000 With Multiple IT Appendices/Templates 30 Pages of Detailed Process No significant change to architecture, requirements, funding, portfolio mgt, governance, contracting and test/evaluation (DCMO-Task Force areas)No Apparent Use of ExperienceFrom Early Adopters FDD 27
    28. 28. FY11 NDAA Section 933Develop a strategy for the rapid acquisition of tools, apps, and othercapabilities for cyber warfare for USCYBERCOM and other cyber operationscomponents of military Orderly process for determining, approving operational requirements Orderly process for determining, approving operational requirements Well-defined, repeatable, transparent, and disciplined process for developing Well-defined, repeatable, transparent, and disciplined process for developing capabilities IAW IT Acquisition process capabilities IAW IT Acquisition process Allocation of facilities and other resources to thoroughly test capabilities in Allocation of facilities and other resources to thoroughly test capabilities in development, before deployment and use to validate performance and take into development, before deployment and use to validate performance and take into account collateral damage account collateral damage Our plan is to first determine the best rapid Our plan is to first determine the best rapid acquisition solution for the Department, then vet acquisition solution for the Department, then vet through the Department leading to the final report for through the Department leading to the final report for congress congress Submit report on Cyber Acquisition Strategy to Congress 28
    29. 29. Bottom Line Up Front (BLUF)• Proposed Streamlined Requirements Process and Oversight Level • Leverage overarching ICDs for GIG Net Ops, Cyber Defense and Cyber Offense • Implement a “IT Box Concept” to support streamlined cyber requirements process• Acquisition Process Tailored to Product (“What”) and Timelines (“When”) • Process A: <30 days – Standard Catalog – COTS/GOTS, IT Services • Process B: 1-9 Months – Simple Catalog Mods – Modified COTS/GOTS, SW Dev• Testing • Perform testing as an integrated activity across development – DT/ OT, Interoperability, IA • Scale T&E – C&A scope & rigor based on acceptable risk to support acquisition timelines • Establish enterprise-level architectures for cyber test infrastructure and resources• Cyber Governance • Establish a Senior Mgt Board to align technical, acquisition, and investment strategies • Oversee Development and Implementation of policies to acquire cyber via quarterly reviews • Collaborate with cyber governance bodies of requirements, acquisition, and test• Funding • Dedicated funding for cyber required; exploring options 29
    30. 30. Rapid Cyber Acquisition Roadmap Implementation Plan Development Refinement Inform / /Update Inform Update Pilots Report to DoDi on Congress -Define Metrics Cyber Submitted -Lessons DAG Acquisition (Provided Learned DTM AcquisitionSME/ Overview) -RefinementStakeholder T&E PolicyInput (As needed) Charter & Policy JCIDS Updates Develop & Validate Use Cases Stakeholder Engagement Working Group Activities
    31. 31. “Change is the law of life. And, those who look only to the past or present are certain to miss the future.” In IT Domain Doing Nothing is Not an Option
    32. 32. Contact Information Mr Don Johnson USD(AT&L) DASD (C3 & Cyber) (703) 614-5839 Don.Johnson@osd.mil

    ×