Can Agile Fix Canadian Cyber Defence Procurement?
Introducing the Defence Agile Procurement Insights and Analysis Project
Canadian Cyber in Context is sponsored by
All views expressed belong to Canadian Cyber in Context and do not reflect the position of any sponsor.
Suppose you ask the average Canadian defence analyst about their thoughts on Canadian defence procurement. In most cases, they’ll either say it is too complex and they don’t understand it, or it is too complex and it is broken. Usually, it is both.
The House of Commons Standing Committee on National Defence released a report following their study of defence procurement, “A Time for Change: Reforming Defence Procurement in Canada.” Among the problems identified are a complex bureaucracy with numerous hurdles, a culture of extreme risk aversion, personnel shortages, a chronic inability to spend all of its funding, and more. The common issues these cause are significant delays and cost overruns; however, the end result is that the Canadian Armed Forces (CAF) struggles to obtain what it needs to defend Canada.
These problems were on the minds of EXA Consulting Group President Alex McPhail and Carleton University Professor and William and Jeanie Barton Chair in International Affairs, Dr. Philippe Lagassé (Also the person behind Debating Canadian Defence), who asked, “Can agile processes help address this?”
To determine whether agile processes and methodologies can help Canadian defence procurement, the Defence Agile Procurement Insights and Analysis (DAPIA) project was launched. DAPIA is a MINDS-funded research project that has been a joint initiative between the Canadian Defence and Security Network (CDSN) and EXA Consulting Group. I was hired as a research assistant and co-author for the final report, which can be downloaded below.
DAPIA sought to establish a vehicle for productive discussion to encourage the Department of National Defence (DND) and stakeholder organizations to consider and experiment with the use of agile procurement in defence procurement.
But first, what is agile procurement?
Agile processes refer to a method of project management which diverges from traditional project management. Agile uses iterative, flexible approaches that emphasize end-user engagement and ongoing collaboration between the contractor and end-user throughout the entire process. Traditional, also called waterfall procurement, is a more rigid approach that requires outlining and establishing everything upfront, with requirements, design, development, and testing all occurring in sequential order rather than through iterative processes. What makes agile processes difficult to integrate into procurement is that they are not a one-size-fits-all model, as traditional/waterfall procurement attempts. However, this also happens to be one of the significant strengths of agile procurement, as the supplier and end-user can jointly dictate the ways to integrate agile processes in a manner that is manageable for both parties.
I do not want to steal the thunder from the report itself, but instead encourage you to read it, which can be downloaded at the bottom of the page. It is a concise report that contains a wealth of important information about Canadian defence procurement and potential mechanisms for improvement. Rather than restate the report, I will provide some additional commentary from a cyber-perspective after a summary and explain why this project is significant for Canadian national cyber defence.
DAPIA Report Summary
The problems identified by DAPIA reinforce and support much of what the House of Commons Committee on National Defence reported. The complex procurement ecosystem, which can at times involve dozens of different governments and departments, leads to inherent structural barriers. As a means to overcome these barriers, DAPIA recommends launching a pilot agile procurement program that will minimize these cross-organizational requirements.
A key to the pilot program is carefully selecting the right project and contractor with experience in complex projects, particularly those with expertise in developing minimal viable products using agile processes. This is because the biggest challenge with any pilot project is ensuring its success within the existing procurement system itself, and controlling the conditions to ensure success. In addition, it was suggested that it be exempted from the industrial and technological benefits program specifically because of how rigid a program it is to integrate into an agile process.
There was also a common misconception that agile processes are inherently more risk-prone. During the DAPIA workshop, when talking through agile processes more in depth, participants agreed that agile procurement is not inherently more risky, but is a means to manage risk more proactively. This highlights how culture and education are just as much of an obstacle in defence procurement as the institutional and structural barriers of the bureaucracy.
These conditions also make it incredibly difficult for small and medium-sized businesses (SMBs) to participate. The high cost of entry and the time it takes for a procurement to be completed make it cost-prohibitive for SMBs to meaningfully engage with and sell to the federal government and military. This is especially the case for start-ups and emerging technologies in the broader innovation space, where many already operate on thin margins and lack the funds to wait a year to receive a contract that might not even be for an amount that would warrant attempting to sell to the government. This is especially true when discussing cyber, artificial intelligence/machine learning, and quantum sensing technologies, all of which Canada has a unique advantage. Some of the most advanced capabilities and innovative solutions in these areas are developed by start-ups and small firms.
Defence procurement reform and the adoption of agile processes would support the Canadian military, fostering the growth of Canadian industry and small businesses.
Indigenous Participation
In 2021, the Government of Canada mandated that all federal government departments and agencies must ensure that a minimum of 5% of the total value of contracts is held by Indigenous businesses for procurement contracts. Despite support for the program from Indigenous business leaders, they all stated that the system was not working as intended, and major defence contractors agree with this sentiment.
One specific concern brought up by all Indigenous suppliers interviewed was that major contractors have approached them to front a workshare under the guise of an Indigenous-owned company. The arrangement works by a prime contractor establishing a company as its token Indigenous supplier by funnelling all subcontracts through the Indigenous subcontractor. All indigenous business leaders spoken to as part of this study refused to take part in such agreements and referred to such arrangements as “Rent-a-feather.”
What particularly struck us as researchers was the universality of the claims made by the Indigenous business leaders we spoke to. In particular, during the workshop, major contractor business representatives did not disagree with the statements made by Indigenous leaders. The business leaders voiced support and interest in the 5% Indigenous procurement participation, but cited the widespread confusion, including the implementation of the Indigenous Skill and Employment Training program. Multiple workshop participants noted that the lack of clear rules from the government and the perceived ad hoc program-by-program application means that there is an imbalanced playing field, where the bulk of the economic benefits of Indigenous procurement participation are likely to benefit only a few.
Can this help Canadian Cyber Defence?
Everything stated here is my opinion and does not necessarily reflect that of the DAPIA project.
Agile processes have their roots in software development, dating back to the 1960s. However, this did not really gain momentum and widespread adoption until the 1990s, as new, smaller software companies sought to refine the development process to be faster and more lightweight. This is part of the reason why the United States Department of Defence announced earlier this year that it would require all future software to use the Defence Innovation Unit’s Commercial Solution Opening, which is a fully agile procurement vehicle. Not only has the DIU had tremendous success with this approach, but it could be said that the United States Department of Defence is trying to meet industry standards by mandating an approach that builds in agile processes at every step of the process.
Although agile procurement will not solve all the procurement problems, agile processes are a potential tool to help frame and overcome many of the transient, ongoing difficulties in defence procurement identified above. The iterative processes and direct user engagement are particularly beneficial for information technology-related capabilities, as they enable great adaptability and flexibility in developing a solution that is more tailored to the user's needs than in a traditional procurement model, allowing for updates or changes as the iterative process progresses and understanding of the product and end-user’s needs are better understood. This iterative process is at the core of agile processes, as it enables the quick development of a minimal viable product to meet the basic needs of a capability, while allowing for staged, gradual development based on established needs at the start of the procurement and as new needs are identified through the iterative process.
Procurement positions which specifically support cyber and information technology-related capabilities are among the toughest positions to staff and sustain.
Agile procurement fundamentally shifts the relationship between the DND/CAF and suppliers from a reactive to a proactive approach, necessitating direct, ongoing engagement between the government and suppliers to ensure the success of each iterative process within an agile framework. While agile procurement is a project management framework, executing it as intended requires a different mindset than how the government has traditionally operated. A risk-averse culture encourages passivity or reactivity to needs that favour the least risky option, which is not risk management but risk avoidance. However, it is important to contextualize the types of risk we’re talking about here. This is not external, programmatic risks where the government has no control. The entire process was created and mandated by the government, yet the political leaders attempt to act as if this is some intransient phenomenon that is universal to all countries. In defence procurement, we must shift the risk away from worrying about money or being embarrassed by mistakes and instead be embarrassed by the state of the military. The real risk Canada faces is the loss of life of CAF personnel and Canadians. By being so risk-averse, the Government of Canada is effectively saying it cares more about money than the life of a Canadian soldier.
Fixing defence procurement isn’t just about acquiring the latest military technology; it's also about embracing new approaches and strategies that ensure the success of the Canadian military. Risk-averse behaviour in defence procurement isn’t concerned with the risk of damage to Canada; it’s a concern about politics and money. So long as Canada’s political parties continue to treat defence as a political instrument rather than their responsibility, changes will not happen. The appointment of Stephen Fuhr as Secretary of State for Defence Procurement and Prime Minister Carney’s commitment to developing a Defence Procurement Agency send positive signals, but these signals have been presented before with minimal to show for it. There are many reasons to be cautiously optimistic about current attempts. There is no better time than now to push for significant change, while you have substantial national support for national defence that you have not seen in years.
Read the full report here:
