New Contract May Put the U.S. Navy’s Massive IT Network At Risk

April 12, 2020 Topic: Security Region: Americas Blog Brand: The Buzz Tags: TechnologyU.S. NavyCyber Security

New Contract May Put the U.S. Navy’s Massive IT Network At Risk

What should be done?

The U.S. Navy operates several of the largest IT networks on Earth. In order to better integrate communications between installations in the United States and around the world, it wants to combine those networks into one massive IT enterprise. At the same time, the Navy intends to modernize that new network, adding advanced cybersecurity and additional functionality. Yet this alone did not seem to be a big enough challenge for the Navy. In a move that can only be described as adding risk to the effort, the Navy dismissed the companies that had worked on its networks for a combined total of thirty years and awarded the contract to manage the new consolidated enterprise to a company that has little experience working Navy and Marine Corps IT.

In 2000, the Navy and Marine Corps took the forward-leaning step of undertaking the creation of one IT network that would connect all of its CONUS-based installations and selected sites overseas. In doing so, the Sea services had to integrate hundreds of stand-alone networks of different sizes, incompatible protocols, and widely disparate technologies into a single modernized and more secure network. The new network, called the Navy-Marine Corps Intranet (NMCI), initially brought together some 400,000 computers and devices at more than 1,000 sites in the homeland and abroad.

For its first two decades of operation, NMCI and a smaller system called the Marine Corps Enterprise Network (MCEN) were managed by a single contractor team in a program called the Next Generation Enterprise Network (NGEN). Because NGEN was one of the first of its kind in IT network integration contracts and such a massive undertaking, it proved extremely challenging in its early years. Moreover, NGEN had to evolve over time as technologies changed, the Navy and Marine Corps expanded their use of the networks, and threats evolved.

Over time, the Navy decided that it wanted more control over the NGEN effort and greater flexibility in the modernization of hardware. Consequently, it released a Request for Proposal for a follow-on to NGEN, called NGEN-Recompete or NGEN-R, which divided the overall work into two major parts: the first, called Service Management, Integration and Transport (SMIT) and the second, End User Hardware (EUHW). Were this not enough change and uncertainty to inject into the process, the Navy will serve as the overall program manager, a job it has not done for almost twenty years. 

The U.S. Navy recently awarded two follow-on contracts under NGEN-R. The smaller of the two, EUHW, was awarded to HPI Federal. The larger and more complex contract, SMIT, was awarded to Leidos. Under SMIT, Leidos will be responsible not only for managing the existing NMCI and MCEN networks, but also for modernizing their operations and adding features such as cloud storage. In addition, the new contract will include integrating not just NMCI and MCEN but a third network, the OCONUS Navy Enterprise Network (ONE-NET), to create a globally integrated enterprise.

Having won the SMIT portion of NGEN-R, the challenges for Leidos are enormous. While there is a transition period, it is relatively short—just nine months. Leidos must hit the ground running in order to achieve a seamless handover. It must do so while managing the hiring of thousands of new people and the integration of a number of IT companies that it only recently acquired. 

The SMIT contract includes an imposing set of performance requirements. Leidos will be responsible for delivering periodic software upgrades, network logistics management, day-to-day network operations, comprehensive security, virtualization services and even manning the help desk. At the same time it is learning its way around NMCI, MCEN and ONE-NET, Leidos will have to start planning for the necessary modernization of these massive networks, as well as their eventual integration. This is akin to doing both a tune-up and changing the tires while the car is in motion. 

Of cause for some concern is the fact that Leidos has had problems managing other IT networking efforts. In July 2015, the Department of Defense (DoD) awarded the Military Health System Genesis contract to Leidos Partnership for Defense Health (LPDH). The objective was to provide DoD with an electronic health records system based on commercially available technology. With options, the contract had a potential duration of 10 years and a ceiling of $4.3 billion. 

Since 2015, Genesis has experienced a lot of difficulties. DoD has identified a long list of technical and functional problems with the program. The initial system was judged to be neither operationally suitable nor effective. Moreover, rather than saving money by using commercially-based software, the cost of the contract has increased by 27 percent since 2015 with no change in requirements. It is also uncertain whether Genesis will be able to fulfil the requirement to be interoperable with the Department of Veterans Affairs’ electronic health records system. It is perhaps fortunate for Leidos that, unlike NGEN-R, Genesis is being rolled out in stages and has until 2024 to be completely installed. 

It is bad enough to have problems building an electronic health care records system. Particularly at this time, the health of every service person and veteran is an important issue. But any major problems with the Navy and Marine Corps major networks could be a matter of life and death. 

In awarding the SMIT contract to Leidos, the Navy took the risk of losing the more than thirty years of total experience with NMCI and ONE-NET embodied in the current contractor teams. It went with a contractor team led by a company without significant experience managing Navy and Marine Corps IT programs. At this point in time, this seems like an excessively risky and potentially costly decision.

Dan Gouré, Ph.D., is a vice president at the public-policy research think tank Lexington Institute. Goure has a background in the public sector and U.S. federal government, most recently serving as a member of the 2001 Department of Defense Transition Team. You can follow him on Twitter at @dgoure and the Lexington Institute @LexNextDC. Read his full bio here.

Image: Flickr.