Needs assessment is the first step in preparing solicitation specifications. Specifications are what you tell other people you need. If you can't articulate your own needs, you don't have much chance of having anyone actually giving you what you need. You'd better do your measurements at least twice before you go out to bid. Vendors who make the cut may not make what you really require.
That, anyway, was a take-away I got from the following article:
DoD Cybersecurity Spending: Where’s the Beef?
To cash in on the increased spending on cybersecurity, a number of big defense contractors acquired many cybersecurity firms over the last few years.
Now that the defense industry has positioned itself in the cybersecurity market, the US Department of Defense wants to expand its cooperation with cybersecurity contractors to improve defenses for military computers and networks.
Not only are defense contractors positioning themselves for cybersecurity business, but also the Pentagon has indicated it plans to spend a lot more on cybersecurity despite cuts in the overall budget.
n its FY 2012 budget proposal [PDF], the Pentagon said it plans to spend $2.3 billion on cybersecurity capabilities. It said the money would go toward programs like the new US Cyber Command, construction of a Joint Operations Center for Cyber Command at Ft. Meade, Md., $500 million for new related technologies, and funds for training and improved situational awareness.
However, the Air Force said that it would spend $4.6 billion alone in FY 2012 on cybersecurity. In response to this discrepancy, NextGov queried the Pentagon and they came up with a revised figure of $3.2 billion in cybersecurity spending department-wide, including the services. The Pentagon attributed the discrepancy to the Air Force including a broad range of spending not directly related to cybersecurity and information assurance, such as IT infrastructure.
There has (sic) been problems with fuzzy definitions before, particularly between the terms “information assurance”, the more traditional Pentagon phrase, and cybersecurity. Information assurance includes “measures that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and nonrepudiation,” according to the Defense Acquisition Guidebook (DAC).
By contrast, cybersecurity is a much broader, more amorphous term; it is difficult to find a DoD definition of the term. The Obama administration’s cybersecurity legislation proposal [PDF], submitted to Congress on May 12/11, defines cybersecurity services as “products, goods, or services intended to detect or prevent activity intended to result in unauthorized access to, exfiltration of, manipulation of, or impairment to the integrity, confidentiality, or availability of an information system or information stored on or transiting an information system.” Cybersecurity threat is defined as “any action that may result in unauthorized access to, exfiltration of, manipulation of, or impairment to the integrity, confidentiality, or availability of an information system or information stored on or transiting an information system.”
This confusion about definitions could lead to discrepancies in budget figures as well as problems with the procurement process. “The flaws in the definitions will follow into the procurement cycle and you will end up with the government buying maybe what it doesn’t need,” said Robert Burton, who served as the top career federal procurement official in the White House Office of Federal Procurement Policy during the George W. Bush administration.
“When people can’t even agree about the most basic terminology, you know there is going to be a lot of confusion,” said Noah Shachtman, a nonresident fellow at the Brookings Institution and a contributing editor at Wired magazine. “The chances there aren’t billions of dollars in redundancies are slim to none.”
It appears that the bulk of the Pentagon’s spending on cybersecurity is going to traditional information systems security programs, a total of $1.9 billion. DoD information systems are defined by the DAC as “entire infrastructure, organization, personnel, and components for the collection, storage, processing, maintenance, use, sharing, dissemination, disposition, display, or transmission of information.”
Protecting these systems is the bread and butter of most traditional cybersecurity firms—firms which the big defense contractors are busy buying up. So they should be well positioned to cash in on this spending.
By contrast, DARPA is looking to spend millions on advanced cybersecurity programs.
See also, this GAO report (11-469), Defense Acquisition:
DOD Should Clarify Requirements for Assessing and Documenting Technical-Data Needs:
Because many systems remain in DOD’s inventory for decades, decisions that officials make during the acquisition process to acquire or not acquire rights to technical data can have far-reaching implications for DOD’s ability to sustain the systems and competitively procure parts and services.
Weapon systems are costly to sustain in part because they often incorporate technologically complex subsystems and components and need expensive spare parts and logistics support to meet required readiness levels. According to DOD, at least 70 percent of a weapon system’s life-cycle costs are incurred to operate and support a weapon system after it has been acquired, with the percentage depending on how long a system remains in the inventory.
Congress passed the Weapon System Acquisition Reform Act of 2009, which required in part that the Secretary of Defense is to ensure the acquisition strategy for each major defense-acquisition program includes measures to ensure competition, or the option of competition, in contracts for the program throughout its life cycle.
The Department of Defense (DOD) needs access to technical data related to its weapon systems in order to control costs and maintain flexibility in the acquisition and sustainment of those weapon systems. Technical data—recorded information used to produce, support, maintain, or operate a system1—can enable the government to complete maintenance work in house, as well as to competitively award contracts for the acquisition and sustainment of a weapon system.