DOD’s innovation ecosystem is growing, but strict compliance is a barrier, DARPA director says

(DOD / Lisa Ferdinando)


Written by

The number of innovative companies the Department of Defense is working with has increased in recent years, but a key roadblock remains compliance regulations, the head of the Defense Advanced Research Projects Agency told Congress Tuesday.

The growth of the innovation ecosystem is a welcome sign to DOD and is the result of outreach programs like the Small Business Innovation Research (SBIR) awards. But DARPA Director Stefanie Tompkins told senators that compliance requirements remain an obstacle to further growth of the innovation base, especially for small companies and some universities.

“We will be looking for ways to sort of meet them in the middle and find ways to make it easier for them to participate and while still being fully compliant with our requirements,” Tompkins told the Senate Appropriations Subcommittee on Defense.

While she did not name specific compliance regimes that are hampering growth of the innovation base, new requirements for contractors have been added in recent years, including the need to rid their networks of specific Chinese-made technology and to ensure their cybersecurity meets basic DOD standards.

Tompkins specifically noted some universities not being able to clear regulatory hurdles. In October, a group of universities asked for an exemption from the Cybersecurity Maturity Model Certification (CMMC), a new standard for contractors that will require them to pay for a third-party verification that their networks meet security controls. CMMC leaders have said that universities will not be exempt.

“We are going to be taking a hard look at potential barriers,” Tompkins said.

Other officials have voiced concern over the barriers CMMC could place on industry. Lauren Knausenberger, CIO of the Air Force, said she had “mixed feelings” on the program and worried some of the requirements were too strict.

“I would rather just say, ‘Hey let’s just give you some endpoint requirements,’” Knausenberger said about small sub-contractors that do not have the resources to meet some of the requirements.

Tompkins said it is important to keep growing the innovation base to meet growing technological threats. DARPA is engaged in research on artificial intelligence, hardware advancements and quantum sciences, among other areas, that often also have commercial applications.

“We are seeing that increase and we hope to see it even more,” Tompkins told Senators. “To get the best ideas and to get the best capabilities we need to be reaching the broadest possible and most diverse performer pool possible.”

-In this Story-

Cybersecurity, Cybersecurity Maturity Model Certification (CMMC), Defense Advanced Research Projects Agency (DARPA), Innovation, Section 889, Senate