coalition for
regulatory innovation

May 16, 2018

Tortoise and the Hare: Government Regulation vs Innovation

The year is 2018 and the U.S. Department of Defense (DoD) still uses floppy disks on some of its legacy systems.  Let that sink in.

This should serve as a wakeup call to advocates of increased regulation of innovators and disruptors in the technology space. Recently, Congress hauled in Facebook CEO Mark Zuckerberg for a joint congressional hearing in search of ways to regulate the world of tech, something that many critical onlookers of the hearing said Congress might not fully understand – meanwhile – offshoots of the government, like the DoD, are far behind the tech curve and are holding back the opportunity to enhance our national security measures.

Here’s a snapshot from the hearing that depicts the conceptual–contextual divide between Washington, D.C. and tech through an exchange between Senator Lindsay Graham (R-SC) and Facebook CEO, Mark Zuckerberg:

Senator Lindsay Graham: Do you embrace regulation?

Mark Zuckerberg: I think the real question, as the internet becomes more important in people’s lives, is what is the right regulation —

Senator Lindsay Graham: Do you as a company welcome regulation?

Mark Zuckerberg: If it’s the right regulation, yes.

The lines of regulatory practicality and regulatory strangulation begin to blur quickly for Washington when it comes to determining just what are the “right” regulations for the tech industry.

Senator Mark Warner (D-VA) explained in an interview:

“The days of the wild wild west that we’ve lived through for the last few years cannot continue. This is a problem that’s not going to go away.”

The recent congressional hearing with the Facebook CEO has made clear the point that Congress struggles to keep pace with the disruptors in tech. As mentioned, another case and point is the lag in technological updates in agencies like the DoD. With all things considered, it’s hard to believe that congress wants to play the antiquated role of regulation sheriff on the very industry that works to create tech innovation which will not only keep us competitive globally, but also has the power to increase our national security.

Unfortunately, the IT infrastructure of the U.S. government is outdated and held back by poorly designed acquisition rules and misaligned priorities.  It’s so bad that these barriers could impede DoD’s efforts to acquire cloud computing capabilities through its Joint Enterprise Defense Infrastructure (JEDI) program by 2019. According to Pentagon insiders, and reported by Signal Magazine, there is an internal cultural indifference to innovation. DoD leaders are actively working to change the cultural resistance and have even found it necessary to “pursue the revision of internal policies that are unnecessary barriers to success.”

However, it looks like they could do better.  The tech trade group, Professional Services Council (PSC), recently sent a letter to the DoD requesting that the “Cloud Executive Steering Group,” JEDI, “expand the scope of its current efforts to accelerate cloud computing adoption to include removing policy and regulatory barriers to leveraging cloud-based technologies across the DoD.” In the letter, PSC list out 6 points of regulatory friction:

  1. DoD should work with Office of Management and Budget (OMB) and Congress to adapt fiscal law to accelerate cloud adoption.
  2. Leverage the funding flexibility provided by the Modernizing Government Technology Act.
  3. Consider a more agile security requirements framework for cloud-based solutions.
  4. Amend DoDI 5000.74, Defense Acquisition of Services, to allow reciprocity for cloud security authorizations.
  5. Amend DoD Cloud Computing Security Requirements Guide (SRG) to allow reciprocal use of security authorizations and greater use of off-premises cloud solutions.
  6. Reassess the Cloud Access Point (CAP) and the Internet Access Point (IAP) programs for network boundary security.

Should these regulatory obstacles be addressed, and the mission of JEDI be successful, cloud computing could provide a powerful platform to deliver new tools and innovative technologies, leveraging commercial capabilities that will improve our military’s warfighting capabilities.

When it comes to technology, our regulatory system is stuck in the 20th Century. As seen with the DoD, Washington is little by little becoming aware of the need to bring its own technology systems up to speed.  It just takes a holistic cultural shift to do so. In the case of the DoD, making sure our government implements technological improvements and breaks away from archaic contracting regulations can be a matter of national security.