(Alan Lessig / Gannett Government Media)
For almost three years, Brendan Burke has been directing one of the government’s biggest commercial IT procurement programs: The Army’s Computer Hardware Enterprise Software and Solutions (CHESS).
The CHESS program aims to be the Army’s one-stop shop for commercial IT, managing more than $30 billion worth of contracts. By far the biggest of those — Information Technology Enterprise Solutions-2 Services (ITES-2S) — is a $20 billion indefinite-delivery/indefinite-quantity (IDIQ) program that was awarded to 16 vendors in 2006 and provides the Army and other agencies everything from laptops to biometrics and systems integration services.
ITES-2S is slated to expire next year, so early last year, Burke and the CHESS office began planning the follow-on contract, ITES-3S, estimated to be worth up to $25 billion over five years and viewed as one of the hottest prospects in the federal IT marketplace. A final request for proposals is due out in the third quarter this fiscal year and an award is scheduled for the following year. But Burke says he anticipates some slippage in that schedule due to the realities of large contract management.
Among the changes people will notice about ITES-3S from its predecessor, Burke says: More focus on cyber security, more small business presence, and more robust reporting requirements to promote greater transparency into contract activity. Burke is holding an information exchange Feb. 20 to discuss the latest developments in the ITES-3S program.
From the CHESS offices at Fort Belvoir in northern Virginia, Burke sat down with Federal Times Editor Steve Watkins to discuss preparations for ITES-3S and other topics. Following are edited excerpts.
What is the status of ITES-3S? Are you still expecting a final RFP in the third quarter of this year and an award third quarter next year?
I hope so. I think that’s kind of one of the challenges that we’ll talk through probably as we go. One of the challenges we face is the increased focus on large IDIQ contracts, strategic sourcing, all of those efforts. What I like to tell everyone is that CHESS has been strategic sourcing since 1998. That’s what the program was founded to do. But the way the processes work, everything is a new start of sorts. So the follow on effort to ITES is 3S. If you recognize 2S as a successful program, you would hope that the follow-on effort from it would be more streamlined through the acquisition process and the follow-on action. But we’re not really finding that to be the case.
Why is that?
I think it’s just again a lot of good ideas and good efforts to try to focus in on these large procurements. But anytime you add a focus point, it adds another step in the process. So we are an active and supportive member of the strategic sourcing efforts that are going on within the Army, within the DOD and then within the federal government. But like anything, the bigger the crowd gets, the longer actions take.
What’s an example of one of these additional focuses that you’re wrestling with right now?
I think the OMB business case process. You have to post the business case to the OMB MAX website to let other federal agencies know what you’re trying to do from a strategic sourcing standpoint and to ensure we’re not duplicating effort. Again, I applaud that — that’s a great activity, and it does make sure that we don't duplicate something that’s already going on. But it is another document that gets reviewed and signed by the head acquisition person of each agency. So any time we do that, it’s inevitably [going to add time to the process].
What does differentiate ITES from these other commercial IT contract vehicles out there?
Our focus is that we are an Army program, we are built for Army requirements, and that is how we evaluate our offerers. Now we do evaluate other federal agencies and other DOD components to use our requirements, and we think that makes sense because, if we pick the best of breed for the Army, there is a chance that they could support other agencies. What I think makes CHESS fundamentally different from some of those other actions is our mission is to satisfy the Army mission. So we’re focused on Army requirements and Army initiatives and things that make it easier for our Army contracting officers and requiring activities to ensure compliance with Army policies.
I think one [example] is the TPM chip. [Trusted Platform Module, a security hardware device that holds computer generated keys for encryption that helps thwart hackers looking to capture passwords and sensitive data.] Computers are available on [GSA] Schedule 70 and a host of other contracts that exist. On our contract, any of the laptops have the TPM chip and that is because we use that for our “data at rest” security. So a customer or a person within the Army could go to another vehicle, and as long as they know to add the requirement for a TPM chip, the computer that they get on that agreement will meet the requirements. But we are counting on the contractor officer knowing that, the requiring activity knowing that, putting that into the RFP, evaluating it and making sure it is compliant and then awarding. Whereas in the CHESS model, we put that as a mandatory upfront term and condition. If you buy a laptop from our contracts, you know it has that.
Is there much that separates Army requirements from other military service requirements on commercial IT?
There are commonalities, but there still remains unique differences for how the Army manages its network and how the Air Force manages its network. I think, organizationally, we are getting after those problems and issues and challenges — the JIE [Joint Information Environment] effort [for example]. So again if we had one network with one clear standard and one approval process, then we could have one contract to support that. But the reality of the situation today is that not all devices that are authorized on the Army network are authorized on the Air Force network or the DOD network. There is probably not a lot of them, but there are several of them. And oftentimes I would say it is a matter of implementation policy or the structure of it. We all have the same requirement for security, but we may interpret it slightly different. And that does lead to differentiation between agencies.
So back to my original question on the status of the ITES-3S: Are you still on track or do you suspect there may be some changes down the road?
We are on track, but I expect us to get off track. That's the reality of these — no matter what we plan, it’s going to take longer than what we plan for. We have an industry day scheduled on the 20th of February.
Is there any kind of early preview of news that people might get out of that that you can share with us?
What I do think industry will get out of that is a better understanding of our notional structure for the contract and what we think it will look like. ... A lot of what will be presented on the 20th will be caveated to say we don't have a finalized, approved at the DOD level, acquisition strategy. This is all draft at this point.
Can you now discuss in broad sketches what that strategy is?
It will be fairly similar to ITES-2S. I don't think we are going to see anything that is revolutionary. There will be some evolutionary differences. We will be addressing a little bit some of the functional task areas to update for some of the change. Probably an easy example of that is when ITES 2S was written I don't even know if the word cyber security was out there yet. Certainly now that is a requirement.
One of the challenges we have talked to previously in RFIs and industry feedback is [the] fine line between requirements generation and requirements fulfillment. So the OCI — organizational conflict of interest — issues. In the current 2S contract, it does allow for some more program management kind of tasks. So it’s not to say we want to take that out of 3S because we do believe there is a need for that. But what we don't envision is ITES-3S being the place that [program managers] get their organic office traditional support contracts. So it’s not really a shift in the requirements, but it’s a focus — or a calling to attention — that we’re not looking for the vehicle to be that kind of source: The on-site programmatic support staffing actions.
The other big change I think from an industry perspective is [that] while we have small business primes on ITES 2S, we didn’t have the ability to limit fair opportunity competition to just those small businesses. In 3S, we do think that we’ll have that.
Will there be any other noticeable changes in the structure and offerings of ITES 3S versus the current ITES 2S? I don’t think any big changes. I think they’re going to see some enhancements and improvements to the website and the automation support of the RFP/RFI tool, so sort of streamlining the ordering process for the contracting officers and requiring activities. That’s not something that’s necessarily going to be in the 3S requirements, that’s kind of more of our internal improvements. I think we are going to ask for more data reports from [prime contractors] and expose that information to the ordering and contracting officers.
Are you expecting a similar number of awards as you have with 2S?
I think this is probably the most sensitive part of what we’re waiting for approval on. I would say, at this point, I would expect more total awards than are on ITES 2S. But that breakout being a significant reserve for small business portions. So we have 16 primes today, I think we will have a total package of more than 16, but it won't be 16 large business prime awards. ■