WASHINGTON — The Pentagon’s commercial technology hub has successfully transitioned a pilot from pilot to full-blown contract, a milestone for the 2-year-old office.
The Defense Innovation Unit Experimental, or DIUx, moved a pilot project with commercial cybersecurity firm Tanium into a $750 million, five-year contract with the U.S. Army. That contract was signed Sept. 26.
Tanium provides endpoint (think laptops or desktops) cybersecurity monitoring for large-scale clients. While Tanium works with a number of major financial institutions, the U.S. Army requirement marks the company’s largest single-user base — up to 1 million endpoints under the contract.
If a bug or hack is found on one system, Tanium can run a search across all users in roughly 15 seconds, discovering where the vulnerability spread, explained Ralph Kahn, Tanium’s vice president for federal affairs at the company. And because Tanium keeps historic data, it can go backward and look for where the vulnerability first appeared as well as discover the impact it had on the infected system.
The contract is structured as a one-year guarantee with four single-year options, but Kahn told Defense News that he believes his product will impress Army managers. He also believes DIUx, a pet project of former Secretary of Defense Ash Carter now run by Air Force reservist and Silicon Valley entrepreneur Raj Shah, should open the door to the commercial tech community to do more with the department.
Many commercial firms have complained in the past about doing business with the government, whether due to the slow acquisition system or rigorous, cost-imposing requirements. But Kahn notes there are benefits to working with the Department of Defense that can be folded back into its commercial customers, particularly if DIUx is able to shave years off the acquisition process.
Because the DoD is constantly targeted with cyberattacks, there are “use cases it might take two or three years to see in the commercial world, and we might see them in three to six months at DoD. That’s a big advantage,” Kahn noted. Additionally, the Pentagon has more patience for longer development times that a commercial company might not want to wait on.
Those benefits are harder to tap into with a traditional DoD acquisition cycle because by the time a company is on contract, technology outside the building often has moved on. But with DIUx, “the flexibility is built in there to do it quickly. Fail fast; find a pilot; if it doesn’t work, you move on,” he said.
For DIUx, the contract represents a proof of concept at a time when the office is poised to lose some of its autonomy due to a split of the Pentagon’s acquisition structure.
Tanium began its pilot contract with DIUx on Sept. 28, 2016. It took just over one year for the software to be installed for the pilot project, tested, certified by the U.S. Army and put on a production contract.
“This is the dream. We’re super excited,” Shah told Defense News. “This is why the entire DIUx acquisition system was designed, to do this exactly and to utilize this new authority that Congress has given the department.”
If all goes according to plan, Shah said he expects that a “large percentage” of the 58 ongoing pilot projects will transition to production contracts. While “several” projects are in the final stages of that process, Shah declined to put a timetable on when more projects would transition. The timetable is unclear for when those might go through.
Interestingly, a number of those prototypes are deployed on the battlefield, with his office seeing “war-fighting improvements that have occurred in a very short time frame,” Shah said.