A book called “Men are From Mars, Women are From Venus” made a minor sensation a few years ago. It tried to delineate the differences between the sexes, postulating they are so pronounced, men and women might as well be from different planets.
The same might be true of contractors and federal government buyers. Sometimes it seems as if they from different planets. The other day I was interviewing Frank Anderson Jr., the former president of Defense Acquisition University. He described how, when becoming a consultant to contractors after decades in federal service, he was surprised at how differently the two sides really do see things.
Not that either side is wrong, Anderson said. Just different world views. Government acquisition people, centering on contracting officers and people who write requests for information or proposals, or statements of work, come at business from an ingrained compliance point of view. Are all the FAR and U.S. Code impositions honored? Are the government’s exact requirements spelled out in totally unambiguous ways? It’s all about process.
True, you often hear agency executives call for the government to simply state what it wants and, as the expression usually goes, “then let industry figure out how to do it.” In reality that rarely happens. One basic reason is that cost and price have to be factors in what the government buys, and if you let industry just do it’s thing, you could get a very expensive solution.
The compliance mentality tends to default to the literal interpretation of things, and the always-play-it-safe routine. Thus, because there are times throughout the acquisition cycle when it’s wise to keep an arm’s length from industry, government buyers sometime play it safe by maintaining a cone of silence between contracting officers and vendors, period.
Industry, on the other hand, views the government for exactly what it is: a customer to which it aims to make a profitable sale or, better yet, an annuity with ongoing revenue. It’s not that contractors don’t recognize the public purpose of what they are doing, but rather that as organizations they are oriented towards positive returns on investments. Anderson pointed out that the government is obligated to let contractors make a profit, or it won’t have anyone willing to do business with it.
I’d been thinking about this after reading the Homeland Security Department’s recent draft solicitation for a blanket purchase agreement for cybersecurity products and services - specifically continuous monitoring tools and what DHS calls CMaaS, or continuous monitoring as a service.
Because the statement of work is a draft, the department is expecting and encouraging industry feedback. But I couldn’t help notice that in 22 pages – a short request for information relatively speaking – the draft contained no less than 40 references to the FAR, the Code of Federal Regulations, National Institute of Standards and Technology publications, executive orders and OMB policy circulars. True, much of this is boilerplate, but I wonder how many man-hours each bidder will eventually spend on each of these compliance issues.
More than that, the draft presents a fairly rigid, prescriptive approach to continuous monitoring, dotted with some vague areas. In particular it expresses the hope that the government will get the ability to “…correlate and analyze critical security-related information, and enhance risk-based decision making…” An industry itching to sell cybersecurity tools will find a way to live with this approach.