To help it buy the right technology from IT companies, the Defense Information Systems Agency said it will publish a list of problem statements this fall alongside its annual tech priorities watchlist.

Steve Wallace, the agency’s chief technology officer, said at the 2024 TechNet Cyber conference presented by the Armed Forces Communications & Electronics Association International that this is a way of getting at a common problem in the Defense Department: a focus on emerging technology without a clear understanding of the problem its intended to solve.

“How does the department understand what you all can bring forward?” he said to a crowd of industry leaders and other cyber professionals in Baltimore June 26. “And then at the same time, how do you understand what the heck we actually need? There’s always that friction there.”

It’s not just an attempt to speed up the acquisitions process as the Pentagon is in a race for digital dominance against China and other nation-state hackers. So much of the conversation around cybersecurity in national defense is around pacing, but with industry constantly coming to market with new tools, there’s a need by government to be a wary purchaser.

These problem statements are a potential way for the Defense Department buy the tools, not just the shiniest ones.

“I think there is that risk that we get excited by new things — which are exciting — and we want to play with them and explore and see what’s possible,” said Scarlett Swerdlow, a senior technical strategist in the DISA’s Emerging Technology Directorate. “But at the end of the day, we have to make sure we’re solving a real problem that a real person has.”

The government often tries to emulate industry. But startups in Silicon Valley aren’t tied to a congressional budget cycle. And they have the room, and often the in-house expertise, to fail fast and pivot often. And though the Defense Department is at the mercy of a constantly changing threat landscape, DISA officials said at the conference that it can be enough for DoD to allow industry to do what it does best and be an evaluator when it comes time to settle on a solution.

“It is our ability to interface with industry, but knowing that the dollars that mature the technology are industry dollars, and not tax dollars, and then understanding where to apply some tactical patience as industry develops tech and [then we] insert ourselves,” said Army Maj. David Courter, chief of combatant command plan integration with the J-5. “I think that’s much different than us writing an initial capabilities document and saying, ‘I need you to build this cool tool.’”

Cautionary tale

One cautionary tale came to mind: the Joint Regional Security Stacks, an ambitious plan to massively consolidate the DoD’s sprawling IT infrastructure that set to be wound down in 2021 following reports of cost overruns and unresolved complexities.

At inception, it was supposed to be a gamechanger for the department, but a 2019 inspector general audit revealed it ultimately wasn’t meeting end users’ needs.

“The whole notion behind JRSS was best of breed for every component in the doggone stack,” Wallace said. “We are going to have the very best of everything. And then we are going to attempt to integrate or interoperate between all these components. Didn’t go well.”

The other issue is ensuring that DoD can verify for itself whether a tool actually does what it claims to do when its adapted for military or defense purposes. That comes into play when the department thinks about how buying one system must be able to operate with existing ones and those to come.

“[That’s] another reason to add that in-house talent that can ... test some of those claims that products make,” said Swerdlow.

Molly Weisner is a staff reporter for Federal Times where she covers labor, policy and contracting pertaining to the government workforce. She made previous stops at USA Today and McClatchy as a digital producer, and worked at The New York Times as a copy editor. Molly majored in journalism at the University of North Carolina at Chapel Hill.

More In Cyber