Watchdog raps DARPA over 'systemic contracting concerns'

The U.S. agency known for funding cutting edge projects like highjacking autos by remote control and headless robotic mules hasn't been sticking to the rules when funding some of its blue-sky contracts.

Personnel at the Defense Advanced Research Projects Agency, better known as DARPA, did not consistently adhere to the scientific review process and federal acquisition rules before awarding some of its contracts, the Inspector General for the U.S. Department of Defense reported on Friday.

Although the DoDIG did not find anything wrong with the substance of the contracts it reviewed -- just on how they were awarded -- the auditors noted that failing to comply with federal rules opened up DARPA to potential risks down the road.

"Although we did not identify any contracts that DARPA personnel should not have awarded, DARPA may not be able to justify that personnel adequately substantiated proposal selections," the report said. "In addition, contracting personnel increased DARPA's contracting risks when issuing cost-reimbursement contracts."

To remedy the situation, the DoDIG recommended DARPA establish better controls to insure documentation for contracts was adequate, and to tighten up internal requirements for approving funding.

In the management section of the DoDIG report DARPA agreed to implement the recommendations of the auditors. Asked for further comment on the report, DARPA spokesman Eric Mazzacone said in an email, "We have nothing further to add at this time."

The DoDIG audit was partially primed by the Project On Government Oversight, a government watchdog group that complained of possible contract abuses at DARPA in 2011.

"The Inspector General's report points out a lot of systemic contracting concerns," POGO General Counsel Scott H. Amey said in an interview with CSOonline. "DARPA needs to improve its contracting system to make sure taxpayer dollars are not being wasted."

Although there were no disclosures in the report of waste, fraud or abuse by DARPA, there may still be some cause for concern. "It's a little scary that the agency isn't adhering to the contracting laws and regulations that are on the books," Amey said.

In addition to contracting irregularities, POGO has also raised issues of potential conflicts of interest at DARPA. In a letter to the DoDIG in the spring of 2011, POGO called for a probe into then-director Regina Dugan's continued financial and familial relationship with DARPA contractor RedXDefense.

"There was the appearance of a conflict of interest there," Amey explained. "It makes you wonder if the decisions that involve that company are merit-based or based on trying to please the boss."

With an audit and investigation into ethical practices at DARPA in progress, Dugan left the agency in March 2012Ã'Â to take a position at Google with another old DARPA hand, Vinton Cerf, commonly referred to as the father of the Internet.

Dugan heads a special projects section at Motorola, which is owned by Google, where, among other things, she's working on new forms of biometrics, including tattoos and pills, to replace passwords.

Earlier this year, the DoDIG gave DARPA a good report card on ethical practices at the agency. "The DARPA ethics policies and program implementation were consistent with Federal Government conflict-of-interest mitigation standards, and the DARPA personnel we selected for review were properly trained and followed DARPA policies," the DoDIG reportÃ'Â said.

"DARPA's ethics program appropriately mitigated the potential for conflicts-of-interest," it added.Ã'Â

Read more about compliance in CSOonline's Compliance section.

Join the CSO newsletter!

Error: Please check your email address.

Tags U.S. Department of DefenseDefense Advanced Research Projects AgencysecuritySecurity Leadership | ComplianceDARPASecurity Leadershipdata protection

More about CounselDefense Advanced Research Projects AgencyFederal GovernmentGoogleMotorolaScott Corporation

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by John P. Mello

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts