DISA plans for more OTAs after early successes
After seeing what’s possible with small, rapid prototype contracts, the Defense Information Systems Agency will look to build on that momentum and issue more Other Transaction Authority (OTA) contracts for innovative tech pilots, its director said Tuesday.
Vice Adm. Nancy Norton said the agency has three new OTAs it’s working to negotiate. The contracts will focus on assured identity on iOS devices; machine learning and artificial intelligence to bolster cybersecurity; and an evolution of the military’s joint situational awareness system, dubbed the Global Command and Control System-Joint Enterprise.
The GCCS-JE “will modernize and improve the aging architecture to provide near-real-time situational awareness for a global common operational picture leveraging the latest cloud computing infrastructure and software development methodologies to met present and future C2 requirements,” Norton said at the 2019 AFCEA TechNet Cyber conference in Baltimore. “This new solution will improve performance, reliability and availability of the service.”
In 2018, DISA began using OTAs to award contracts. The OTA authority, which has existed for decades but was expanded in the 2016 National Defense Authorization Act, allows defense agencies and others to grant relatively small contracts for the development of prototypes and then follow on with an additional contract for production if and when the pilot is successful. Typically, the contract can be awarded in less than 60 days, rather than months and years.
DISA’s first OTA allowed it to rapidly acquire an assured identity prototype to replace the current common access cards and passwords used by military personnel to access systems and facilities.
Such an OTA is just the beginning of the acquisition of a commercial technology and will inform next steps of production. It “developed a minimally viable product that will help us operationalize this concept and open the door to other innovative solutions,” Norton explained.
“We all know that passwords and pins do not provide adequate security. We’ve seen them fail repeatedly with commercial data breaches and the OPM data breach,” Norton said. “Our vision is to eliminate passwords. Continuous multifactor authentication will run seamlessly in the background allowing access through biometric data distinct to each user.”
DISA has since also awarded two OTAs for “cloud-based internet browser isolation prototypes” to redirect “internet browsing from a user’s desktop to a remote server external to the [DOD Information Network, or DODIN] so malicious activity does not impact operations.”
“We are very excited to be using this OTA contract vehicle to bring in new innovation and allow us to take cybersecurity to the next level within the department,” Norton said.