With Great Data Comes Great Responsibility (Podcast Transcript)

                         [00:10] Richard C. Howard: With great data comes great responsibility. What's funny about that is obviously it's a reference to Spiderman and it's not my reference either. So if you're in the DoD public sector sales arena and you do anything that has to do with data, I highly advise you to check out FCIA. They're an organization that puts out a magazine called Signal. And in this month, and it's January of 2023, Abraham Yee, who's a senior account executive for the army, has kind of a funny fake quote, right? So it basically says with great power, with great data comes great responsibility and attributes it to Spider Man. And then he goes on to correct himself and say, hey, well, after fact checking it's with great power. But what's funny about that is how important data is right now to the US. Military. And I wanted to get into an episode that just talks about data in general. So whether you have a system that is transmitting data, whether you're involved in that, whether you are processing data, trying to understand it with a product that you might have, or if you just have an application or user, interface, any type of software suite that is going to use data.

                         Basically, if you have anything that is going to connect to a government system, especially us, military, so I'd like to keep it with the military. But if it's going to connect to any system, any hardware that's owned by the military and you're moving data around, there's some things you need to be aware of and we'll talk about those and then just how important it is to understand the vast amounts of data that are out there. So thinking about all of the weapon systems that we have, and then thinking about all of just the data lakes and databases that are in the different services that either aren't connected to each other or even if they are, how do you understand those vast amounts of data, right? So there are a few efforts right now, big picture efforts. One is called JAD C two. That's an acronym. And the other one is ABMS. So ABMS stands for advanced Battle Management System. And the history of ABMS, it started as a program that would replace certain aircraft that we have command and control aircraft in the air. But it kind of morphed into how do we connect all of the information how do we take all of the information out there?

                         Whether it's information that is picked up by sensors, whether it is data that's worked on by analysts all of the different data sets that could apply to command and control of the air and get that the right information in front of the right user. So that could be an Air Battle Manager, which is essentially an operator, somebody that would be out deployed, that would be involved with directing where aircraft go, coordinating between troops and things like that. There are also strategic implications, right? So there are senior leaders that need certain amounts of information. They're going to need different information than the war fighters going to need. This applies to way more than just aircraft and command and control as it applies to aerial battles and moving aircraft around. This applies to everything. So Jazzea Two is kind of the overarching and that stands for Joint All Domain Command and Control and it's supposed to cover all of the services.

                         Each of the services have something like ABMS, where they're working on their own version of Jazz Two. But big picture, what we want to do is take all the data and we're making more and more data every day. That same Signal magazine article that I was reading said that 74 zetabytes is the total data in the world by the end of 2021. And they're quoting some statistics within there and there are other statistics too. But their main point is that the amount of data is increasing every day that we're producing. And a lot of it we're not going to need, right? I mean, the problem is how do we search through all of that data and get the right piece of information and get it to the right user? And that could be a general or colonel that is making decisions strategically or even tactically, but for a lot of people and it could be for the operator. And that's kind of the example I gave at the beginning. So we need to get the right information in front of the right user. And there are a ton of businesses now that are focusing just on these problem sets. And by the way, these problem sets, if you listen to the podcast, you're not just solving problems for the US military and the DoD, you're solving problems commercially too, because obviously we're creating a ton of data commercially.

                         A lot of the solutions that are being developed through things like SBIR and STTR and different OTAs and regular, I guess more traditional contracting means a lot of these are going to have dual use applications. So what if you find yourself in the bucket? I know I'm being broad, but there's so many different things we could be talking about. We could be talking about cyber-security, we could be talking about It or OT. We could be talking about if you're building sensors, if you are transmitting data on small devices or large devices, you could be in satellite. I mean, there are so many different that you could be a user interface developer or an application developer. But a couple of things to be aware of if you have a product or solution that you think would be perfect for the military when you sell something to the military, if it's going to connect to any of the government systems. Typically what we need is something called an ATO, which is an acronym again and it stands for Approval to operate. So if you hear ATO stands for approval to operate. And that basically means and it was the big thing when I was in as an acquisitions officer. It's big.

                         Now in order for the government to connect your thing to their system, whatever system that might be, they need something called an ATO, an approval to operate. There are always exceptions to this but big picture and in order to get that approval to operate, you are going to have to have a lot of different cyber security requirements in place to ensure that you're meeting the security of the system. Security is a huge deal for the government. So we want to make sure they're not just hooking anything up to their systems. They want to make sure that they've been validated, that they have the right security measures in place, that they've been tested. So there are quite a few things that go into that ATO. Now there are a couple of programs out there that I would urge you to take a look at. One of them is called FedRAMP. Now some of you may have heard of FedRAMP before. I've had people on the show talk about FedRAMP and it stands for the Federal Risk and Authorization Management Program. You can go to the website FedRAMP gov. It basically says that FedRAMP provides a standardized approach to security authorizations for cloud service offerings.

                         If you are interested in that, I would go to the website and check it out if you have anything that you think would be in line with what we've discussed so far. And it has a chart there that talks about the agency process for going through FedRAMP authorization. And you can go through an Agency and an agency, you can go through the DoD, you can go through the Air Force, you can go through Navy Army or you can go through the Joint Authorizations Board which they are acronym that is Jab. So the basic process for that is you select an authorization path, there's a preparation phase which and by the way, I'm just on the website just reading right through the chart, there's a readiness assessment, there's a pre authorization. Then you go into the authorization phase where there's a full security assessment agency authorization process and then continuous monitoring. So what is the readiness assessment?

                         Well, according to the website, to achieve the FedRAMP Ready designation, you have to work with a third party organization to complete a readiness assessment of your service offering and they're going to take a look at your capability to meet federal security requirements. So without I'm not going to read the list of security requirements, but that's essentially what that is. With the pre authorization you will formalize a partnership with an agency in the FedRAMP marketplace and they are looking at a few things here. They have some bullet points, but looking at a system that's fully built and functional, that's a quote. They're looking to make sure that you're committed and onboard with the FedRAMP process, there's an intake process and then there's a determination for your security categorization. Categorization. And I'm saying that wrong. Categorization. And then there's a kickoff meeting and there's some other things as well in there. Going through the authorization process, there's a security assessment and then there's an agency authorization process. I'm glossing over that. That could take a while.

                         And then, in the well here they have a step here about the agency authorization process. They conduct a security authorization package review where they are going through different details and ensuring that going through risk analysis and everything else, you meet all the requirements so they can issue an ATO. And we talked about that already, which is your approval to operate. I don't want to make FedRAMP sound easy. This is a decision you need to make as a business if you are going to make the investment of going through FedRAMP. And by the way, there are some other places you can check out here too. As far as cyber security, security requirements, I would Google CMMC, I would Google Platform One, which is essentially I want to say that's with the Air Force. I don't want to speak out of turn here, but let's see modern ever error DevSec Op pipeline. So I would just die. Pin platform One into Google. It's going to bring it up here. And you'll know you're in the right place because there's a badge on the front and there's a little character that looks like a baby yoda and a Platform One badge, but basically says under Platform One. This allows users to deploy Dev SEC software factory and start solving software problems with a 90% solution. Day one.

                         So starting from nothing, I would go to the website and read through that as well. It looks like they also have some dates for upcoming sessions where they will brief you on kind of what they're doing, what the process looks like. So looking at that I think will help. So there are a lot of requirements if you are doing anything with data, but it's a huge area. Every conference I've been to lately is focused on data, how do we solve various data related problems? So if you're looking for a niche, if you're looking for an area to focus, I would start reading, I'd get your FCA. And by the way, I don't get a piece of this, I'm a FCA member, but I do get the Signal magazine reading that is going to help you understand where the military is at. So that's kind of step one is if you're just getting started, maybe taking a look at Signal magazine, looking at FCA is going to give you some good big picture ideas of where the military is headed as far as data is concerned. And then I would go to the Platform One website and the FedRAMP website and start looking at some of the security requirements. And then if you're overwhelmed or with any of that. I would say that a good place to start.

                         If you're just starting, you don't have the requirements in place, you just have maybe a solution that you're building out. Take a look at the SBIR program because you may be able to it's going to get your foot in the door because you can do a lot of demo and test projects that way where you may not need an ATO or some of the more advanced security requirements right away. And I'm not going to speak for every SBIR is a little bit different. You can go to SBIR.gov to look at some of those opportunities, but a lot of companies get their foot in the door that way and they can see that there's a government need for what they have before they start investing in things like the FedRAMP process. So I'm a big believer in making sure that before you make a huge investment we see that there's a need and there's funding available to build out whatever the technological solution is that you have and to potentially go on contract with the government. It would be great if you can get that contract initially ahead of time to help kind of build out a prototype and test it out. And then as you're seeing that there's a need and there's a future for what you're building within the DoD now you can start looking at some of these more advanced like FedRAMP and some of these processes.

                         So anyway, those are just my thoughts. Take a look, take a look at the programs that are available. Let me know in the comments or you can go to Dodcontract.com if you have any suggestions on future episodes. I'll cover whatever you guys are interested in. Don't forget to subscribe to the episode, don't forget to leave a comment. Those always helps and we have plenty of programs at Dodcontract.com that we've helped many, many clients with SPIR, with things like FedRAMP and Platform One. If we can't do it, we'll point you in the right direction and give you to a subject matter expert that can do some of that. Everything from we have a great interview coming up with former colonel, Orndorff I should say retired, he's been on before, he's 30 years as a contracting officer. He has an amazing level of knowledge as it comes to contracts. He talks a little bit about reviewing RFPs and proposals for RFPs and making sure we're hitting the nuance of what the CEO is looking for. He talks, he gives a lot of great tips and advice too on contracting, what to do when you get stuck or if you have a problem. So that episode will be coming out shortly, so keep an eye out for that. Head over to Dodcontract.com and we will see you next time.

If you enjoyed this episode, you can also check out Military Technology Development and Investment episode where I discussed some of the technologies the US military is investing, why small businesses are prime for these contracts and a bit about teh history of US military contracts and how they have been responsible for some of the worlds greatest technologies!