Doing Business With the Defense Contract Management Agency

Defense Contract Management Agency6350 Walker Lane, Suite 300Alexandria, VA 22310-3241(703) 428-1700 March 27, 2000 Army Brig. Gen. Edward Harrington About 12,500 The Defense Contract Management Agency, an independent combat support agency, is the contract manager for the Defense Department and related federal and allied government organizations. It oversees deals for everything from munitions to spacecraft to electronics. It works with contractors to ensure supplies and services are delivered on time and within budget. In the contracting process, DCMA represents the buyer. Employees are scattered throughout the world, and even serve on front lines alongside the military, ensuring the services have the supplies and equipment they need for their missions. None. DCMA is part of the Defense Department. It comes under the Office of the Undersecretary of Defense for Acquisition, Technology and Logistics.Defense Department $401.7 billion $379.9 billionDCMA $1.1 billion $1.1 billionXXXSPLITXXX- Executive director of information technology and chief information officer April 1999 Topeka, Kan. Alexandria, Va. Single "The October Horse: A Novel of Caesar and Cleopatra" by Colleen McCullough Bachelor's degree in business administration from Washburn University, master's degree in business administration from Wichita State UniversityWilliams: A lot of them call us, and if it's interesting, we follow up on the phone. If it's not, sometimes we don't. We do get a lot of calls. The sales process is really first. People want to come around and display their wares and see if you're interested. Of course, once you decide you are interested in that particular class of product or service, you go through a competitive procedure. In this particular IT shop, we do best-value selections; we buy on if we really think [a product or service] has technical merit, and if the files are in line with what the product is and what we can afford. Williams: I don't so much look at the companies, I look at the product. With a lot of companies, one of the first sets of charts they want to show you is how big they are, and therefore that is the reason why we should work with them. I move those charts out of the way, because it really doesn't matter to me whether it's a large or small business; it's the merits of the product or services you're selling me. Williams: No. I have had really great experiences with both [large and small business] and I've had some experiences with both that weren't so great. Williams: I think we're in good shape in terms of protecting our networks. We're fairly well firewalled, we've got intrusion detection systems operating throughout our network. We have thought of buying intrusion prevention systems, but right now that technology is a little too immature for us to bite on it; it requires too much configuration. We've been down that path before with other sets of software, and we think we need to wait a couple years to see if that software matures and stabilizes, becomes easier to manage. But no matter how well you're protected, there is always somebody out there that can do damage to you. We are concerned with some of the software patching difficulties that Microsoft and a few other vendors have had. All the major viruses have hit us, and we have gone through those experiences relatively well. But they are irritating, so we're always looking for ways to improve our security. Williams: I will tell you quite frankly we gave up and surrendered to Redmond [Wash., home of Microsoft Corp.]. We have put all our Windows machines on automatic update. We had an aggressive patch management program and found we were continually a few days behind the power curve. We were pushing the patches with our electronic software delivery mechanisms, but it takes manual effort to assemble the push package that was installed. The manual effort associated with those push packages was pushing our routine 30 days behind. We now let the machines update themselves, then run some diagnostic tools on the network to make sure all the machines are, in fact, updating themselves, and if they're not, why not. That has made us very, very current on Microsoft patches, much more so than we were before. We have not hit any performance issues or difficulty in programs or applications so far. That has always been one of the major concerns about corporations just downloading a patch, fearing it might break something. Our experience so far is that the patches are working. Some day, I am sure we will run into something, but we'll deal with it when it happens. So far that hasn't been an issue. Williams: We are always looking at open source to a certain degree. One of the issues for us is the supportability of the products. We do run Linux in an embedded proprietary system. We don't really use Linux in primary production applications inside DCMA, mainly because of the supportability issue that we see. From the point of view of our personnel really being familiar with Linux and with the different flavors of Linux, a lot of our personnel is really very comfortable with mainline Unixes and Microsoft, so we've decided to stick to those for the moment. And with wireless, we are pretty heavy users of BlackBerrys. They're kind of de rigueur in the federal government anymore. We are developing Web-based applications that will operate with BlackBerrys. Also, we are looking at another set of wireless technologies for use by our quality assurance representatives in the field, which will allow them to electronically sign material acceptance reports. We have a pilot effort under way as well, but we've done the contracting, we have the vendors on board, we're looking at devices and are looking to move into the let's-see-how-it-works phase sometime this year. Williams: We do have a published enterprise architecture, and we update it about once every six months. It does document exactly what we have on hand, how we're organized and set up, and then it documents the directions in which we think we need to go. It is a living planning document, and we treat it as such. Williams: I have two primary goals: bandwidth and software development. There is never enough [bandwidth]. What we're going to do here fairly quickly is redesign our internal network and up the bandwidth through several segments of our wide area network. We're probably going to try to set up ourselves so that what we get are adjustable circuits. We want to increase the bandwidth essentially by turning a switch. Software development has always been a problem in terms of schedule and running over budget. We have been pretty good at getting the Web-based applications under control, though we had one or two that slipped out of our control. That came from two sources: the people who are the requirements generators, and the developers who liked to get into a dialogue about what neat things they could do. Next thing you'd know, the requirements were getting out of control. We've set up a requirements group, and I am personally reviewing all the requirements and noting we don't want the developers to do any coding until the departments are locked. It's been an interesting exercise so far. It's given us a chance to sit down and see how many of the requirements are actually bells and whistles that we probably ought not spend money on. Williams: We have pretty much wiped out paper inside DCMA. That was really a general goal from DoD, and it was something that was pushed really hard by [both the last and present administrations.] Handling paper is an enormous expense. We work with electronic contract files now. There are some things that really don't lend themselves to an electronic folder, and we maintain some skeleton contract files on paper. But the main working files for our contracts are electronic. It is part of our workplace system. We already generate electronically contract modifications and delivery orders for those contracts assigned to us. We've been trying very hard to move the entire environment to a data environment, and stay as far away from paper as we possibly can. Our electronic document workflow system has been operating since 1997. We have been there for quite awhile in terms of going paperless. Williams: We're deep in the process of it. I still have a few client-server applications up and running, but we're already replacing those. I really do want to get out of the client-server application environment. Every time we've tried to update those applications, we end up having to touch every client machine in the entire agency in some fashion or another. And we do use electronic software delivery, but there is a certain failure rate associated with those technologies. So we do pretty well with Web delivery. At the same time, there is this annoying residual map that the software doesn't make it there. Well, that issue goes away when you go to Web-based applications. That is [their] attraction and why we're moving in that direction. We also found Web-based applications are much cheaper to develop than client-server applications. We are spending really a fraction to develop each Web-based application of what we spent on each client-server predecessor. Williams: We have made available to the services several information services using some older technologies that we're now replacing with Web access. We're also starting up pilot Web services efforts. We're working with some larger contractors on pilot projects so we can [sift] through systems for information that is relevant to our customers, and they can do the same to us.We then will provide that to our customers either as something new on the Web in a secure fashion, or [something that] can actually pull Web services code from us and incorporate it into one's own action. Williams: They're operating. We're still sorting through the security issues and who should have access. One is actually exchanging information on a pilot basis right now. Williams: Pretty good. The technology is not that complicated, per se. What [we've] really run into are the trust issues. Williams: Partly, it's really people. It's not about the mechanisms?that we're unsure of the security. It's people that are uncertain about [exposing information] to this. How do I know whom it is I'm exposing this to? Williams: There is always what's called generalized fear on the part of industry that somehow or another, information they consider competitive will somehow find its way into the hands of their competitors. They don't want that information getting loose. We understand those concerns, so we want to make sure that we protect that information. Williams: Probably by the end of the year. We're already trying to add digital companies to this.