The National Security Agency (NSA) believes it has found an approach to acquiring information technology (IT) that strikes an appropriate balance with industry, a senior official said.
NSA Deputy Director Chris Inglis touted NSA’s acquisition approach at a Washington conference last week. House Oversight and Government Reform Committee Chairman Darrell Issa (R-Calif.), meanwhile, is in the early stages of pushing for federal IT acquisition reform that is intended to make federal technology acquisition more agile.
Inglis acknowledged that NSA has had problems with its IT buying processes in the past, when it either relied too much or not enough on contractors.
Inglis, when asked, told the Intelligence and National Security Alliance (INSA) Cyber Innovation Symposium last week that he did not know about Issa’s legislation. Yet he said when NSA has hit the “sweet spot” with IT acquisitions, it wasn’t necessarily because it followed rigid rules for how to buy the systems.
“In general it wasn’t the doctrine or the law that we lived under,” Inglis said. “It was our own approach to it and the nature of collaboration in that space between ourselves and those (companies) who provide us our core capabilities, and (also) the nature of our intimacy with the domain of interest.”
NSA tried two approaches to IT acquisitions in the past that failed, he said. Under one of them, he said, “we essentially took the advice and counsel of folks outside of ourselves and said, ‘You know, we really don’t know enough about what the private sector generates and the kind of the possibilities of innovation in that sector.’”
Under this failed setup, NSA set broad descriptions of the requirements of the systems it wanted to buy and let industry sort out the details.
“The danger in that was that the industry wasn’t intimately familiar with what you do with that stuff or what the daily proposition of your opportunities and challenges was,” Inglis said. “So they would also kind of take on the burden of trying to determine new requirements. And those requirements cannot be fixed at the start of a multiyear program in a way that they will have some meaning or benefit at the back end.”
Another faulty approach the NSA took was bringing the acquisition much more in-house, when it determined its requirements and served and the “principal kind of provisioner of all the things that then meet those requirements,” he said. This setup was flawed in part because it didn’t give NSA access to all the innovation in the private sector. Inglis said that setup was too static, with NSA setting requirements based on its knowledge that then quickly became dated.
Now, he said, NSA has an approach to acquisitions under which he said the agency’s flagship programs are “performing very well, exceeding our expectations at every turn.”
And this setup’s success, he said, “has nothing to do with the law, the policy, the governance.”
“We have a relationship with the private sector, but we retain responsibility…for our requirements,” he said. “And we maintain an intimate relationship with domain of interest, which changes, and not just in the technology but in the operational practices of those that we either have to defend, or those that we would chase in this space as the National Security Agency.”
Under this acquisition approach, Inglis said, NSA has some “longstanding objectives” that he believes need to be carried out under a deliberate, multi-year acquisition process. But NSA also reviews its acquisition plans every 90 days through processes called “spins,” he said, where officials modify the course they are on, to reinforce things that are working and also eliminate those that are not.
Inglis said he now sees NSA having a “synergy” with industry that “has gotten us to where we think our acquisition process is working reasonably well.”