As taxpayers are aware, the public sector isn't known as a bastion of efficiency. Security approvals for new software are no exception. While security is essential for military operations, security approvals for software duplicate existing work.

For example, after years of a company working to gain approval to sell software to the Navy, that company must again undergo an arduous process of approval to sell the same software to the Army. Costs go up, and software can quickly become obsolete.

To streamline this process, lawmakers should implement reciprocity agreements for these critical security approvals to reduce bureaucracy, save taxpayers money, and keep software state of the art while improving government efficiency.

To incorporate a new piece of software, a military agency must first acquire an Authority to Operate (ATO) for the software to demonstrate it is secure. While a vital aspect of military cybersecurity, the system repeats the same work each time software is considered for use.

The Federal Risk and Authorization Management Program (FedRAMP) sets the standards for military cloud computing software. Estimates on the cost vary, but the budget for a FedRAMP Authority to Operate can range from $250,000 to $3 million.

These bills are ultimately passed on to taxpayers. Depending on the agency, the time for assessing an ATO can vary. It can take three to nine months at some agencies, whereas at the Department of Defense, it can get as high as three years.

Each of these costs delays new technologies and can disincentivize competition. Barriers to entry create a lock-in effect for older technologies by limiting how new technologies can replace them. They also tend to disadvantage smaller competitors that cannot bear the increased costs and time. Using older software too long could potentially increase cyber security vulnerabilities by preventing innovative technologies while costing taxpayer dollars.

Given these problems, it is promising that one bill making its way through Congress would address these them. One provision in a bill that has passed the House of Representatives requires military departments reviewing cloud-based software for an ATO to defer to decisions made by prior departments, assuming the software will be used similarly.

This change would reduce the resources military departments need to spend reviewing software without reducing the security requirements of the initial review. If software with a review process of only $500,000 is used in four military departments, this would reduce the overall review by $1.5 million and potentially speed up its implementation.

Additionally, it reduces the cost of applying for an ATO, making it more viable for small, innovative companies to compete. Quicker adoption of new technologies and more innovation can ensure we stay ahead in the cyber security of military departments while reducing costs.

There is a second benefit to taxpayers in new technologies. It has been typical for technological innovations that were initially of military origin to find their way into consumer use. Streamlining the ATO process for military use will have downstream effects on the security of consumer cloud-based software products in years to come.

Modernizing the ATO process would speed up and reduce the cost of implementing new technologies, and keeping military software up to date while potentially encouraging more innovation and better future consumer products, without lowering the Pentagon's security standards.