By EDWARD GRAHAMJANUARY 22, 2024

Legislation from Sens. Gary Peters, D-Mich., and Joni Ernst, R-Iowa, would “streamline procedures” for both solicitation and awards by slimming down the procurement process.

A new bipartisan proposal seeks to simplify the federal contracting process — and potentially allow for more small businesses to work with the government — by reducing burdensome requirements and creating “a more nimble and meaningful bidding process and evaluation of proposals.”

The Conforming Procedures for Federal Task and Delivery Order Contracts Act was introduced by Sens. Gary Peters, D-Mich., and Joni Ernst, R-Iowa, on Jan. 19. 

The bill seeks “to streamline procedures for solicitation and the awarding of task and delivery order contracts for agencies” by shrinking “the procurement process for contractors bidding on work as well as for the government, ensuring necessary due diligence is done while allowing awards to be made faster and to a wider array of contractors, including small businesses.”

This includes reducing “duplication of documentation requirements for agencies” and applying some of the contracting measures that the Department of Defense “currently has in place to all federal agencies.”

Ernst — the ranking member of the Senate Small Business and Entrepreneurship Committee — said in a statement that “too much bureaucratic red tape stands in the way” when it comes to smaller companies effectively competing for federal contracts.

“By making the award process faster and wider, Iowa’s small businesses and entrepreneurs can better compete and succeed,” she added, referencing the benefits the bill would have for her Hawkeye State constituents. 

In a statement, Peters also said the legislation “streamlines the contracting process for federal government agencies, and as a result will boost small businesses trying to stay competitive and will increase efficiency for all government agencies, benefitting people across the nation.”

This isn’t the first time that Peters and Ernst have teamed up on legislation to improve the government’s procurement process, which is receiving renewed attention as lawmakers discuss the role that emerging technologies can play in bolstering the capabilities of federal services. 

The senators previously authored legislation, known as the PRICE Act, to “promote innovative acquisition techniques and procurement strategies” to improve the contracting process for small businesses. Their bill was signed into law in February 2022. 

Peters and Ernst also introducedlegislation in July 2022 that would require the Office of Management and Budget and the General Services Administration “to streamline the ability of the federal government to purchase commercial technology and provide specific training for information and communications technology acquisition.” 

Following a Jan. 10 Senate Homeland Security and Governmental Affairs Committee hearing on how artificial intelligence can be used to improve government services, Peters — who chairs the panel — also told Nextgov/FCW “how the federal government procures AI… is going to have a big impact on AI throughout the economy.”

“And I think that’s a very effective way for us to think about AI regulation, through the procurement process,” he said.

Article link: https://www.nextgov.com/acquisition/2024/01/bipartisan-bill-strives-more-nimble-and-meaningful-federal-contracting/393508/?

By Al Lakhani

 published 2 days ago

Security weaknesses of multi-factor authentication

“Multi-Factor Authentication stops 99% of all attacks.” It’s a phrase we hear a lot.

However, while MFA has become the go-to cybersecurity solution deployed by businesses globally, we must recognize that not all MFA solutions are created equal. Many are as easy to hack with social engineering and phishing as traditional passwords. So, the claim that almost all attacks can be repelled by MFA is an oversimplification at best and insincere at worst.

This raises an important question: if so many MFA solutions are ineffective at fending off commonplace cyber threats (such as phishing attacks, which account for more than 80% of cyber-attacks), why do businesses still rely upon them?

One plausible answer is that business software packages – think Google Workspace or Microsoft 365 – come with in-built two-factor authentication. Businesses may, therefore, think that investing in another solution is an unnecessary additional expense.

Another factor is that many cyber insurers now demand that organizations adopt MFA in the underwriting stage of the insurance process. It could be the case, then, that IT decision-makers treat MFA as a check-the-box exercise in order to comply with insurers’ requirements. And they do so without carefully considering the difference between good MFA and bad MFA.

Whatever the reason, it is clear that many organizations are adopting MFA without scrutinizing the effectiveness of their chosen solution and which attacks it actually prevents.

So, it is important we take a step back and understand some of the inherent weaknesses of your typical MFA solution.

1. Second factor authenticators are still vulnerable to attack

The basis of most MFA solutions is that, even if someone manages to get hold of a user’s password, they still need to bypass the second piece of the puzzle – such as an SMS code, One Time Password (OTP) or approving a push notification – in order to access the account.

At face value, this seems quite secure. However, the very nature of these second layers of authentication can do more harm than good, paradoxically providing hackers with further opportunities for attack. It’s a double-edged sword that many businesses fail to fully grasp when choosing their security solutions.

Indeed, OTPs can be exploited by ‘on the fly’ phishing attacks that put a business’ sensitive information at risk; SMS authenticators are prone to ‘smishing’; and many criminals can now hijack authenticating notifications directly from the source. Meanwhile, the ‘human element’ is employed by hackers to defeat push notifications via prompt bombing.

The apparent protection of additional layers of security, therefore, could be blinding decision-makers to the inherent dangerous vulnerabilities, prompting the need for tech and cyber decision-makers to re-evaluate the true efficacy of these widely adopted security measures.

2. All MFAs including passkeys can be bypassed

The main issue here – and it’s pretty mind-boggling – is that all MFA solutions can be circumvented by hackers to gain access without needing to provide any authentication factors. There are two main causes: session cookies and centralization.

A session cookie is a piece of information stored in the user’s device browser after authentication. This allows the user to access the required resource without needing to re-authenticate on every interaction with the service provider. Therefore, anyone with access to the session cookies can infiltrate the user account without being required to authenticate.

Hackers use this tactic in what is known as an Adversary-in-the-Middle (AiTM) attack, capturing authenticated session cookies from users at the point of authentication. With the session cookies, hackers can access a user’s account without the need for password authentication, rendering the MFA solution useless. A recent example is the Okta breach, where session cookies were stolen from Okta’s customer support management system to compromise many of their customers, including 1Password and Cloudflare.

These attacks can be prevented with the use of phish-resistant MFA such as a passkey. But the plot thickens…

Passkeys are designed to synchronize to all user devices so that the user can use it to login from any of their devices. However, they are still vulnerable due to their reliance on centralization.

Although passkeys rely on public key cryptography, their dependence on the platform’s security (the security provided by Google, Apple, Microsoft and so forth) means that a business’s security is equivalent to that of a user’s Google or Apple account credentials. This is because almost all user accounts depend on a password and a vulnerable second factor authenticator, so they can be phished or circumvented using AiTM. As a result, passkeys can also be bypassed, and cannot provide meaningful security to businesses.

To adapt the old cliché, a cybersecurity solution is only as strong as its weakest link. User credentials are often that weak link.

3. Some MFA solutions are phish-resistant, but not phish-proof

To date, the highest level of security has typically come from “phish-resistant” MFA. Some MFA solutions can accurately claim to be ‘phish-resistant’, but they are not ‘phish-proof’ because they still rely on phishable factors at some point in their implementation or recovery lifecycle.

This is a critical shortcoming of many MFA solutions and a particularly pertinent issue in the UK. Research has found that 83% of British organizations experienced a phishing attack last year, which reportedly cost an average loss of £245,000 per business per attack.

This weakness basically means that a user’s account might be secure once the solution has been implemented. But the process of adding a new user, adding a new device to an account or recovering an account if the registered device is lost or damaged can be exploited using phishing techniques.

For instance, let’s say that ‘Barry from accounts’ doesn’t have the device he registered his passkey on or lost his FIDO2 security key. Phish-resistant MFAs fall back to phishable factors such as SMS, OTP or push notifications to enable Barry to recover his account.

Or Barry does not realize that the same phishable factors such as SMS, OTP, push or passwords were used by someone else to add another FIDO2 security key to his account without his knowledge.

More must be done to raise awareness of the difference between phish-resistant and phish-proof. Precious few MFA solutions can truly claim to be phish proof. Truly phish proof, MFA solutions are able to eliminate breaches like AiTM, because they secure the entire user identity life cycle – with these solutions, registration, identity proofing, authenticators establishment, authentication, recovery-identification, and account termination are immune to even sophisticated phishing attacks.

This means that attackers are prevented from bypassing authentication, intercepting and/or tricking users into revealing access credentials by the fact that they simply don’t exist in that solution’s authentication lifecycle. What’s more, phish-proof solutions ensure the chain of trust established at the stage of user identity proofing is transitive, so it cannot be broken and is provable at every stage of the identity lifecycle.

The next generation of MFA

This may seem like a scathing attack on MFA. Fortunately, though, as noted at the start, not all MFA is created equal. Better solutions are out there.

The next generation of MFA solutions addresses the weaknesses outlined above. They do this by eliminating the vulnerabilities and phishable factors that leave businesses’ IT systems open to attack.

The key innovation of this new wave of technology is that they move beyond the reliance on passwords. Instead, these solutions embrace cutting-edge, Zero Trust Architecture (ZTA) technology rooted in principles like transitive trust, identity proofing and the adoption of W3C Web Authentication Standard, which tackle the core issues behind data breaches and remove the threat of human error.

By implementing technology from this new wave of MFA, businesses can make their cyber security systems immune to both external and internal threats and guarantee robust authentication through the entire identity lifecycle.

It’s time to recognize that basic MFA solutions that rely on OTPs, push, and QR-code are relics of the past. They suffer from the same inherent flaws that have plagued password-based cybersecurity technology for decades – namely, they cannot prevent all credential phishing and password-based attacks. Slowly but surely, the industry is recognizing that zero trust paves the way to a more secure and efficient future.

We’ve featured the best encryption software.

This article was produced as part of TechRadarPro’s Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

Al Lakhani is the founder and CEO of IDEE. Al is a recognized cyber security expert, digital identity crusader, inventor, entrepreneur, and university lecturer with more than 25 years’ experience in cyber forensics.

Article link: https://www.techradar.com/pro/multi-factor-authentication-suffers-from-three-major-weaknesses

DefenseScoop was briefed on the new DIU-led pursuit.

BYBRANDI VINCENT

JANUARY 25, 2024

The Pentagon is in the midst of launching five new Defense Innovation OnRamp Hubs where startups, academia, industry and others in specific regions around the U.S. can more strategically engage and directly connect with department officials to commercialize in-demand, dual-use technologies that are also being prioritized in their local areas. 

A program office within the Defense Innovation Unit, the National Security Innovation Network (NSIN), officially unveiled the latest of those hubs in Seattle Jan. 21. Two other sites in Kansas and Ohio hosted launch events in mid-December, and locations in Arizona and Hawaii are each set to celebrate their openings within the next few months.

“The OnRamp Hub program was developed to streamline collaboration between industry, academia and defense operations to get the needed technologies, information and products in the hands of those who need it most. We are extremely excited to work with these locations to bring this opportunity to their innovation ecosystem,” NSIN’s Acting Defense Innovation OnRamp Hub Program Director Cassie Muffley told DefenseScoop this week.

Each of these new centers “will execute three primary functions to lower the barrier to entry” for working with the Defense Department, Muffley explained. They include:

• Offering a physical location that serves as an off-base, easily accessible “front door” for new people, ideas, and technologies from academia and industry to connect to multiple facets of the DOD.
• Providing DOD entities from multiple services with a means to better coordinate activities and outreach into specific geographic regions.
• Providing access to a physical and digital space for DOD “intrapreneurs” to meet, collaborate and innovate.

The overarching idea is that these sort of one-stop shops will help the Pentagon better leverage startups and academic communities for new concept development, and facilitate the creation of new, dual-use ventures by commercializing DOD lab technology and through customer discovery activities.

They’re also meant to make it easier for interested entrepreneurs to learn how to break into the defense industrial base, and get Pentagon insiders more acclimated in various domestic tech hotspots. 

“By changing the way that small and medium-sized technology companies work with the DOD, we can grow our technological edge that our service branches need to stay competitive and deter conflict,” Muffley said.

To ultimately select these five locations, DIU and NSIN officials assessed a number of factors about different areas, including the robustness of the defense innovation ecosystem; relevance of the innovation ecosystem to DOD needs; health of the innovation ecosystem; expressed demand signal from the innovation ecosystem; existence of similar facilities within key geographic areas; and expressed demand from the Pentagon.

“Each OnRamp Hub will deliver tailored opportunities, programming, and activities, based on their local needs and opportunities to leverage and partner with other activities,” Muffley told DefenseScoop.

As an example, NSIN — in partnership with the Washington Air National Guard (WA ANG), 194 Communications Flight — is preparing to lead an upcoming pitch event and demonstration to identify emerging technologies that could be used to establish two-way communication during an eruption of Mt. Rainier or other natural disasters.

“Participating in NSIN programming through OnRamp Hub: Washington assists innovators in navigating the process of gaining government contracts,” Muffley also noted.

All of the hubs will also provide education related to doing business with the DOD — on topics such as specialized funding options, determining and filing for the correct business classifications, and complex policy compliance. 

“We support the warfighter in gaining a competitive advantage when dealing with 21st century conflicts. This is an amazing opportunity for local entities to engage in national and international efforts that truly make a difference,” Muffley said.

Written by Brandi Vincent

Brandi Vincent is DefenseScoop’s Pentagon correspondent. She reports on emerging and disruptive technologies, and associated policies, impacting the Defense Department and its personnel. Prior to joining Scoop News Group, Brandi produced a long-form documentary and worked as a journalist at Nextgov, Snapchat and NBC Network. She was named a 2021 Paul Miller Washington Fellow by the National Press Foundation and was awarded SIIA’s 2020 Jesse H. Neal Award for Best News Coverage. Brandi grew up in Louisiana and received a master’s degree in journalism from the University of Maryland.

Article link: https://defensescoop.com/2024/01/25/nsin-defense-innovation-onramp-hubs-diu-5-states/?

The special notice about the meeting comes as the Pentagon is pursuing a warfighting construct known as Combined Joint All-Domain Command and Control (CJADC2). 

BYJON HARPER

JANUARY 22, 2024

The Office of the Secretary of Defense plans to gather a select group of innovators this spring to pitch technical solutions for moving, processing and transforming data into actionable information.

The special notice about the meeting, posted Jan. 19 on Sam.gov, comes as the Pentagon is pursuing a warfighting construct known as Combined Joint All-Domain Command and Control (CJADC2), which is aimed at connecting the U.S. military’s various sensors, data streams and weapon systems — and those of its international allies and partners — under a more unified network for faster and better decision-making.

The so-called Innovation Outreach Solutions Meeting, slated for April 15-16 in McLean, Virginia, will be hosted by OSD’s innovation and modernization office — which falls under the research and engineering directorate — in partnership with the Joint Staff’s intelligence directorate (J2) and the Army’s intelligence, surveillance and reconnaissance task force. Tech developers tapped to attend will conduct technical presentations and have a confab with Defense Department officials about their potential solutions for “unleashing data.”

“Information is central to all military functions. Rapid and reliable access to data is key to maintaining an enduring U.S. advantage in times of peace and crisis. As the network of data sources and decision-makers grows, as does the urgency to respond to emerging situations, so does the demand for the Department of Defense (DoD) to discover innovative solutions that enable the secure collection, storing, processing, monitoring, analyzing, and communicating of data at speed and scale,” the notice states.

The Pentagon is looking for tools that will ensure data is visible, accessible, understandable, linked, trustworthy, interoperable and secure, according to the needs statement.

Technologies of interest include solutions for transmitting and receiving data and signals over distances greater than current capabilities allow; connecting systems with data sources located “anywhere from the stratosphere to the seafloor”; multi-path networks for operating in environments with connectivity interference or degradation; boosting bandwidth at reduced power; edge computing; and “novel approaches” for transferring data, such as quantum or laser tech.

However, better methods for moving data aren’t enough. The department also needs tools for processing the vast amount of information it collects. That includes capabilities to “triage” inflows and prioritize the most critical and time-sensitive info; automate the tagging, cataloging and storing of data so it can be quickly found and accessed when needed; integrate “thousands of inputs” from disparate sources; and detect “anomalies” in cyber networks in real-time with machine learning technologies.

To help decision-makers understand and trust the data they’re being fed, the Pentagon wants information visualization tools, algorithms that can identify and provide automated alerts about items of interest, and enablers for “confidently ingesting data and information into existing AI/ML capabilities and training next-generation algorithms,” per the needs statement.

Applications to participate in the meeting are due Feb. 22.

Written by Jon Harper

Jon Harper is Managing Editor of DefenseScoop, the Scoop News Group’s newest online publication focused on the Pentagon and its pursuit of new capabilities. He leads an award-winning team of journalists in providing breaking news and in-depth analysis on military technology and the ways in which it is shaping how the Defense Department operates and modernizes. You can also follow him on Twitter @Jon_Harper_

Article link: https://defensescoop.com/2024/01/22/osd-innovation-outreach-solutions-meeting-unleashing-data/?

Through Seamless Exchange, the Federal Electronic Health Record Modernization (FEHRM) office, Department of Defense (DOD) and Department of Veterans Affairs (VA) dramatically increase the depth and longitudinal nature of the electronic health record (EHR).

To streamline the federal EHR end-user experience, the FEHRM, DOD and VA focused on Seamless Exchange—an enhancement piloted by VA for data retrieval, deduplication and synchronization that will normalize data from numerous sources with varied formats, standards and duplications into a simplified, contextual and usable platform supporting health care. Seamless Exchange joint design decisions and reviews were completed last summer. Commercial sites using and testing Seamless Exchange shared positive feedback on its data deduplication and automated capabilities, ensuring ease of use and easy access to up-to-date, comprehensive information. The VA Seamless Exchange pilot went live at the La Grande Clinic within the Walla Walla VA system on November 7. Clinical Adoption was well received by stakeholders. The plan for expansion of the Seamless Exchange functionality at Walla Walla VA will include adding more functionality, expanding to all clinics at Walla Walla VA and will follow up with an enterprise-wide deployment in 2024. Plans for the FEHRM to expand Seamless Exchange across DOD is underway.

Article link: https://www.linkedin.com/pulse/seamless-exchange-strives-consolidate-federal-electronic-health-9yasf

By Jayna Legg, Public Affairs Specialist 

January 18, 2024

The Captain James A. Lovell Federal Health Care Center (Lovell FHCC) will launch a new Federal Electronic Health Record (FEHR) in March 2024. 

This new FEHR will simplify the patient experience for beneficiaries and staff and enhance the ability of the Department of Veterans Affairs (VA) and Department of Defense (DOD) to meaningfully share data with each other and the rest of the U.S. health care system. 

An EHR is a system that’s used to securely document, store, retrieve, share and analyze information about a patient’s health care—it’s a digital version of a health record. 

A federal EHR will provide a continuous and complete medical record for all beneficiaries from the time they join the military, through their transition to Veteran status and beyond. The federal EHR puts patients at the center because it: 

• Reduces time spent repeating health histories, undergoing duplicative tests and managing printed health records. 
• Supports beneficiaries with securely communicating with their care teams.
• Tracks medications, vaccines, allergies and lab results in a single health care record. 
• Increases access to health care professionals through modern telehealth patient portals. 
• Provides easier access to military treatment information to support service-connected disability claims when transitioning from active-duty to Veteran status. 

Accessing the new patient portals 

Once Lovell FHCC goes live with the FEHR system in March 2024:

• VA Beneficiaries with a My HealtheVet account will move to a new patient portal, called My VA Health, to manage their VA health care online. For additional information, visit https://www.va.gov/lovell-federal-health-care-va/programs/electronic-health-record-modernization-ehrm/. 
• For DOD Beneficiaries, the MHS GENESIS Patient Portal will replace TRICARE Online at Lovell FHCC. For additional information, visit https://www.va.gov/lovell-federal-health-care-tricare/programs/electronic-health-record-modernization-ehrm/. 

Keep checking these websites for more information and events focused on Lovell FHCC’s launch of the FEHR. These sites include an overview of the new portals, a checklist to prepare for the change and answers to frequently asked questions. 

Joining a federal partnership to transform care

Lovell FHCC is the latest facility to join the federal EHR, which is already in use at 98 percent of DOD parent military treatment facilities around the world, five VA medical centers, 109 Department of Homeland Security U.S. Coast Guard sites and seven Department of Commerce National Oceanic and Atmospheric Administration sites. There are 9.5 million unique patients currently in the federal EHR.

Article link: https://www.va.gov/lovell-federal-health-care-va/stories/coming-in-march-2024-new-patient-portal-as-part-of-the-federal-electronic-health-record/

17 Jan. 2024 – Last updated: 17 Jan. 2024 13:21

Quantum technologies are getting closer to revolutionizing the world of innovation and can be game-changers for security, including modern warfare. Ensuring that the Alliance is ”quantum-ready” is the aim of NATO’s first-ever quantum strategy that was approved by NATO Foreign Ministers on 28 November. On Wednesday (17 January 2024), NATO releases a summary of the strategy.

The strategy outlines how quantum can be applied to defence and security in areas such as sensing, imaging, precise positioning, navigation and timing, improve the detection of submarines, and upgrade and secure data communications using quantum resistant cryptography.

Many of these technologies are already used in the private sector and have become the subject of strategic competition. NATO’s quantum strategy helps foster and guide NATO’s cooperation with industry to develop a transatlantic quantum technologies ecosystem, while preparing NATO to defend itself against the malicious use of quantum technologies.

Quantum is one of the technological areas that NATO Allies have prioritized due to their implications for defence and security. These include artificial intelligence, data and computing, autonomy, biotechnology and human enhancements, hypersonic technologies, energy and propulsion, novel materials, next-generation communications networks and space.

Quantum technologies are already part of NATO’s innovation efforts. Six of the 44 companies selected to join NATO’s Defence Innovation Accelerator for the North Atlantic (DIANA)’s programme are specialised in quantum. Their innovations are expected to help progress in the areas of next-generation cryptography, develop high-speed lasers to improve satellite connectivity, and deploy quantum-enhanced 3-D imaging sensors in challenging undersea environments. DIANA also anticipates quantum technologies forming a key part of solutions to its future challenge programme. 

Building on its new strategy, NATO will now start work to establish a Transatlantic Quantum Community to engage with government, industry and academia from across the innovation ecosystems.

 OFFICIAL TEXTS

• Summary of NATO’s Quantum Technologies Strategy16 Jan. 2024

Article link: https://www.nato.int/cps/en/natohq/news_221601.htm

Jan. 16, 2024 | By Joseph Clark , DOD News

The Defense Department will continue to work closely across agencies and with industry partners as it implements its strategy for strengthening the defense industrial base to meet the future needs of the warfighter, the Pentagon’s top industrial base policy official said.

Laura D. Taylor-Kale, assistant secretary of defense for industrial base policy, said DOD’s National Defense Industrial Strategy represents a bold vision that will require close and sustained collaboration across the full defense industrial ecosystem. 

“While we say that it will guide use for the next three to five years, we’re also very much talking about having a generational change,” Taylor-Kale said of the newly released strategy during a discussion hosted by the Center for Strategic and International Studies in Washington, D.C., July 11, 2024. 

“We understand that there’s a lot that is part of the current state of the industrial base,” she said. “You can’t make those changes over one or two years. It’s going to take concerted effort over time, not just within the Department of Defense.” 

Taylor-Kale offered her vision just hours after releasing the NDIS, the first comprehensive strategy document produced by DOD to plot the course for creating a modern, resilient defense industrial ecosystem to deter U.S. adversaries and meet the production demands posed by evolving threats.

In unveiling the strategy, she underscored the urgent need to shore up the defense industrial base as U.S. adversaries build up their military power to levels not seen since World War II. She noted China’s increasing threat to upend the existing international order. She also highlighted the United States’ continued support for Ukraine as it defends itself from Russian aggression and for Israel in its fight against Hamas.

Despite the task at hand, Taylor-Kale said there is broad enthusiasm across government and industry partners and among key global allies. 

The defense industrial base must continue to meet present demands, while remaining capable of adapting to future conflicts.

The strategy focuses on four key areas critical to building a modernized defense industrial ecosystem over the next three to five years. Those areas include resilient supply chains, workforce readiness, flexible acquisition and economic deterrence.   

The NDIS is the product of months of engagement from stakeholders from across industry and government, which began at the direction of Deputy Defense Secretary Kathleen Hicks in March 2023. 

The document also reflects President Joe Biden’s broader efforts to shore up domestic manufacturing and critical supply chains in the U.S. 

Officials said the final strategy incorporates more than a thousand  comments received from stakeholders.  

Taylor-Kale said the strategy was far more than an “aspirational document,” noting that the department is finalizing an implementation plan that will detail measurable actions and metrics to gauge progress on the goals.

“I want to emphasize that the DOD can’t do it alone,” she said. “It will need the interagency. It will need our industry partners. It will need our global allies and partners, as well as our people on [Capitol Hill].”  

She added that the strategy was worked extensively with elected leaders, and there is a broad, bipartisan consensus around improving the industrial base and meeting the needs of the warfighter.

“In my view, we can’t afford to wait,” Taylor-Kale said. “We have seen over the past few years the importance of why we need resilient supply chains – the importance [is] not just to us domestically, but also for our close allies and partners.  

“We think that the time for action is now,” she said. “We’re starting with this strategy and setting this vision. We’re wanting everyone to join with us so we can move forward, implement and meet the needs of warfighters today as well as for the future.”

Article link: https://www.defense.gov/News/News-Stories/Article/Article/3646541/collaboration-is-key-to-implementing-dod-industrial-base-strategy/

By Noah Robertson

Thursday, Jan 11

Editor’s note: This story has been updated to include information from Pentagon officials.

WASHINGTON — America’s defense industry needs “generational” change to keep pace with competitors like Russia and China.

This is the Pentagon’s assessment in its first-ever National Defense Industrial Strategy, arriving at a moment of extreme demand. The U.S. is supporting partners threatened abroad — including Ukraine, Israel and Taiwan — forcing careful management of American aid and readiness.

“This strategy is about balancing the tension points,” said Halimah Najieb-Locke, the Pentagon’s acting deputy for industrial base policy, in a briefing with reporters.

The document is a self-described “call to action,” with almost 50 pages of recommendations to build a “fully capable 21st century” defense sector. It features the Pentagon’s most up to date thinking on the health of its suppliers, stretched thin after Russia’s invasion of Ukraine and the disruptive COVID-19 pandemic. America still builds the best weapons in the world, the strategy says, but that alone isn’t enough in a more competitive world.

The U.S. “must have the capacity to produce those capabilities at speed and scale to maximize our advantage,” it says.

That advantage may be narrowing in part because of America’s main competitor. In the last 30 years, the document says, China “became the global industrial powerhouse in many key areas — from shipbuilding to critical minerals to microelectronics.” China’s capacity, the document says, in some cases surpasses that of America and its allies in Asia and Europe.

Still, Cynthia Cook, a defense industry expert at the Center for Strategic and International Studies think tank, says China’s advances are only part of what’s motivating this work.

“I would not say that that’s the entire purpose … behind the strategy,” she said.

Instead, Cook said, the document is meant to be the summit of more than six years of Pentagon work. Former President Donald Trump ordered the Defense Department to review its industrial base early in his term, leading to a report issued in 2018. Since then, more reviews have followed, including one on supplier competitiveness.

“All of these factors together make it fairly clear that it’s time for a rethink of how the department manages industry,” said Cook. “Without a strategy, it’s going to be one-offs here and there.”

The document is split into four sections, focusing on supply chains, workforce, Pentagon acquisition and the American economy overall. There are more than two dozen recommendations, which include diversifying the Defense Department’s suppliers, training more workers for industry-related careers, increasing commercial acquisitions and sharing more technology with U.S. partners.

Neither the problems nor the remedies listed are new. They aren’t meant to be, said Cook. The value of the strategy, she said, is its ability to coordinate industrial base work across the Pentagon, including in the services.

“Part of this strategy is really marshaling a lot of what we’ve already been doing within the department,” said Assistant Secretary of Defense for Industrial Base Policy Laura D. Taylor-Kale, also speaking at the briefing.

Specifically, she referenced a map of the supply chains for 110 different weapons systems the Pentagon has been developing since November. This map, added Najieb-Locke, will help find links further down the supply chain that are particularly brittle — whether due to approaching obsolescence or being a single point of failure.

Speaking at the Reagan National Defense Forum in December, Undersecretary of Defense for Acquisition and Sustainment Bill LaPlante said the document is also meant to be a broader signal to industry.

Najieb-Locke elaborated on that point Thursday. On one end, the strategy is meant to signal longer-term commitment to its current suppliers by putting the department’s goals in writing. On the other, it affirms that the Pentagon needs to work more with non-traditional companies, particularly those in the innovation space.

“We’re answering the industry’s call for consistent demand signal by organizing ourselves and targeting our efforts,” she said.

Despite that, some former defense officials and analysts who spoke with Defense News were skeptical of the strategy’s value. Heidi Peters, a defense industry expert at the RAND Corporation think tank, questioned why there needed to be a new strategy when the Pentagon already publishes so much literature on industry.

David Berteau, president of the Professional Services Council, which represents government contractors, said the strategy was a good “first step,” but he wants to see more attention paid to sustaining systems rather than just buying them.

Even more, Berteau said he was focused on how the strategy would be implemented, something he said is “more important than the strategy itself.”

While reshaping the defense industry may take a generation, the document said, it has shorter-term goals for the next three to five years. The Pentagon expects to publish an unclassified implementation plan in February — and a classified one later in March, said the officials briefing Thursday.

The classified plan will focus on many of the existing authorities the Pentagon has, such as the Defense Production Act, which Taylor-Kale said are “underutilized.”

The implementation plan will feature a list of priorities and metrics to gauge the strategy’s success, said Najieb-Locke. One of those priorities in the next five years is to create a faster and more stable supply of “long lead items,” which slow production, she said. To do so, she added, the department will have to better track its lower-tier suppliers, who sometimes don’t even know their work is supporting the Pentagon.

That need makes it more important for the Defense Department to continue speaking with partners across the government and in industry, Taylor-Kale said.

“We’re not going to come out of our our offices, so to speak, talk to people in and then go back in and shut the door,” she said. “We’re continuing the conversation.”

About Noah Robertson

Noah Robertson is the Pentagon reporter at Defense News. He previously covered national security for the Christian Science Monitor. He holds a bachelor’s degree in English and government from the College of William & Mary in his hometown of Williamsburg, Virginia.

Article link: https://www.defensenews.com/pentagon/2024/01/11/pentagons-first-industrial-strategy-calls-for-generational-change/