In many ways, the business of national security is the business of managing risk. In the United States, the Chairman of the Joint Chiefs of Staff annually assesses risk to the US military’s ability to execute the National Military Strategy and risk is always top of mind with the military’s operational commanders.
Risk is no less an obsession for those engaged in developing and fielding new military capabilities, in both government and industry.
Because risks in the national security arena are real and substantial, matters of life and death, and in some cases organisational and national survival, it is necessary to carefully manage risk so that the worst outcomes are avoided.
In some cases, this means building in redundancy to systems so that, for example, as an aircraft takes damage from enemy fire, it retains the ability to fly and land, living to fight another day. In many cases though, national security risks are less concrete than the threat of battle damage, and the solutions to mitigating risk less clear.
Risk assessment and risk management are fine arts in many parts of the national security enterprise. However, this is far from universally so. Teams developing new weapon systems generally do a pretty good job of assessing what risks are likely to most imperil the success of their programme. Sometimes they succeed in managing this risk and sometimes they don’t. However, we don’t have similarly mature mechanisms for assessing systemic risk across defence industry.
The Trump Administration’s industrial base review did a good job in identifying a range of discrete risks in the industrial base which it has subsequently worked to mitigate, apparently with some success. However, the Administration wasn’t able to deliver a ready metric for estimating the level of strategic risk across the industrial base, enabling policymakers to effectively manage that risk.
This shortfall, which stretches back well before the time of the current Administration, is unfortunate. Not just because defence industry faces risks from an aggressive and sophisticated set of foes seeking to compromise its supply chains and steal its intellectual property, but because changes in the US approach to developing and acquiring new systems are also adding to the risk defence companies face.
As part of its push for greater innovation and shorter timelines in the acquisition process, the military has turned heavily to approaches like Other Transaction Authority agreements (OTAs), which frequently require matching investment from industry. In traditional defence acquisition, the government has usually born the full financial risk of failure in challenging development programmes, insulating defence industry from this risk.
Under OTA approaches, industry will often have to share some of this financial risk. In addition to the increased risk of financial loss in complex development programmes, the use of rapid prototyping as the primary development approach (often in a competitive environment where one or more competitors will lose) also gives industry less certainty that investments put into designing and building a prototype are likely to result in follow-on production work.
So while industry is expected to take a greater financial stake in capturing government business, the expected rewards for doing so have grown less certain. In this respect, defence industry is facing a double whammy of increasing risk, and in some cases, industry may be left holding the bag. Individual companies will likely experience varying degrees of success in managing this risk, but how much additional systemic risk is being introduced into the industrial base as a result? At this stage, the answer remains unclear.
There are, of course, ways for industry to mitigate this form of risk from government policy. After all, they face these risks to some extent just by being in the defence industry in the first place. One way to mitigate the greater financial risk and uncertainty in defence acquisition programmes today is to leverage commercial research and development for national security applications to an even greater extent. This approach reduces the share of investment industry must make in developing new capabilities specifically for defence, and creates potential for alternative markets if the military doesn’t decide to buy or move forward with a system after the prototyping phase is complete. Another likely mitigation option for companies is to merger, acquiring other companies with key technologies that are already developed, and improving their ability to absorb and manage risk through greater scale.
While higher levels of industry consolidation may mitigate risks for individual firms, it is likely to increase overall systemic risk for government customers and taxpayers. At the end of the day, the increased risk presented by some of the more rapid acquisition approaches popular today is unlikely to be a deal breaker for military leaders looking for more rapid deployment of new technology. However, defence leadership would be well served to closely monitor these risks, identify what industry is doing to mitigate them, and develop policy options for managing systemic risks in the defence industry.