Like many of us, Wendy Masiello remembers exactly where she was and what she was doing on 9/11. In her case, she was serving as the director of contracting for the Air Force’s Air Armament Center at Eglin Air Force Base, about 70 miles east of Pensacola on the Florida panhandle.
In the scramble that ensued on base that day, Masiello remembers having one concern that was unique to her line of work: The federal fiscal year ends on Sept. 30, meaning her team would have only 19 days to process emergency requests against the current budget authority, of which she expected a large number.
“One of our responsibilities was to do support systems for the medical community, including generators, and other equipment you deploy during natural or man-made disasters—things that you need in moments when you don’t know exactly what will come next,” Masiello recalls. “On 9/11, of course, there was so much confusion, and there was an instinct to send our people home, but I said, ‘No, you need to get us back to work, because the contracts we put together are for exactly the kind of equipment we are going to need now.’”
Masiello and her team indeed turned around many contracts in those final days of September 2001, and in the years to follow as the U.S. invaded Afghanistan and later Iraq, where she deployed in 2005. In the years since 9/11, her area of expertise has been in high demand. All told, the U.S. spent upwards of $8 trillion to fight wars overseas over the past 20 years—driving what Heidi Peltier, director of Boston University’s Costs of War Project, has dubbed a burgeoning “Camo Economy” of government contracting.
Traditional contracting giants like Lockheed Martin, Raytheon (which United Technologies acquired and merged with in 2019), and General Dynamics have benefited, while upstarts like Palantir Technologies have become household names.
“In 2019, the Pentagon spent $370 billion on contracting—more than half the total defense-related discretionary spending, $676 billion, and a whopping 164% higher than its spending on contractors in 2001,” Peltier wrote in a paper on the subject.
At the same time, measures ranging from Homeland Security disaster relief to expanding access to health care to the digitization of government business have created opportunities for companies of all sizes to cash in.
Along the way, the nature and structure of contracting has changed, and new complexities have emerged. Though some aspects of this evolution may have happened even if 9/11 had somehow been prevented, it is fair to say that the terrorist attacks created an inflection point. Before 9/11, then–Defense Secretary Donald Rumsfeld, who died this past June, championed ideas that, in his view, had the potential to cut through bureaucratic red tape. After the attacks, the Pentagon looked to contractors to supplement or accelerate initiatives in Afghanistan, Iraq, and elsewhere.
“Clearly, Rumsfeld was pro-privatization of aspects of the security apparatus,” says Sarah Kreps, a political scientist at Cornell University and director of the Cornell Tech Policy Lab, who studies the intersection of technology and national security. “Part of it is that he had worked in the bureaucracy for some many years, and so he knew there was an inefficiency to it.”
Though Rumsfeld’s efforts were often controversial, he was able to implement many of his ideas. During his tenure, the Pentagon dispatched Blackwater employees and other private security personnel to war zones to fulfill a variety of roles, sometimes with deadly results for civilians and contractors alike. As Rep. Mikie Sherrill, a New Jersey Democrat and former Navy pilot noted recently, more private contractors died during the 20-year American presence in Afghanistan (3,846) than U.S. troops (2,372).
As the U.S. military began pursuing the so-called asymmetric threat posed by terrorist cells in the remote mountains of Afghanistan and elsewhere, it came to rely more and more on new technology. In an effort to achieve precision targeting while also limiting U.S. casualties, the Pentagon adopted drone surveillance and drone warfare, meaning that the military now required new types of skills and sometimes turned to new suppliers to find them.
“Drones opened the door” to a deeper partnership between Silicon Valley and the Pentagon, says Kreps, who remembers a moment in the mid 2010s when a slew of engineering students she knew in the Bay Area left their academic programs early. A bunch went to work at Tesla, while another cohort joined AeroVironment, a top dronemaker then headquartered in Simi Valley, Calif. “The work was seen as novel enough to siphon off talent from the best tech universities in the world,” she recalls.
In parallel, the Pentagon began hiring upstarts like Palantir to analyze the troves of data they began to capture. Founded in Palo Alto in 2003, Palantir (which relocated its headquarters to Denver in 2020) crossed $1 billion in revenue this year. It’s still a baby by Pentagon contracting standards. By way of comparison, Lockheed Martin saw its revenue hit $65.4 billion in 2020, up from $45.6 billion in 2010. But if the giants still enjoy plenty of Pentagon business, the government seems increasingly comfortable working with smaller players to develop innovative new technologies.
Not everyone was happy with the growing partnership between Big Tech and the government, however, particularly in matters related to intelligence gathering. In 2018, more than 3,000 Google employees signed an open-letter petition to CEO Sundar Pichai arguing that the company’s participation in Project Maven, an effort by the Pentagon to adapt artificial intelligence technology for battlefield use, was contrary to the company’s famous motto of “Don’t be evil.” In the face of internal blowback, Google opted not to seek a renewal of the Maven business, which was worth up to $15 million over 18 months, according to the New York Times. Employees at Microsoft and Amazon protested some of their companies’ intelligence and defense-related government contracts as well.
For Pentagon planners, accustomed to working with the Boeings and Lockheed Martins of the world, these episodes were something of a rude awakening. “With Google getting into Project Maven, there was such a backlash on the part of employees, who said, ‘We didn’t go to Google to do DoD contracting,’” says Kreps. “That was new. In the early 2000s, with private security firms in Iraq and Afghanistan, everyone knew they were involved in the business of defense. Everyone who went to work at Blackwater knew what they had signed up for.”
If tech giants like Amazon or Google, for whom a $15 million government contract was barely a drop in the revenue bucket, passed on defense work in order to mollify unhappy employees, there were plenty of smaller tech firms willing to fill the vacuum. The question then was how to manage them. Government contract managers are understandably cautious of spending taxpayer dollars on untested technology from an unproven vendor.
And some of the wariness is mutual, notes Masiello. In 2014, she became a lieutenant general overseeing the Defense Contract Management Agency based at Fort Lee, Va., which has responsibility for negotiating all contracts for the Department of Defense as well as other agencies—placing her at the nexus of many of these issues. (She retired from the military in 2017 and is now an independent consultant.)
One sticking point in particular, she noted, was intellectual property. Innovative technology companies might want government funding in the early stages of developing a new technology, but they were unsurprisingly cautious when negotiating a deal that limited their ability to commercialize it later on. “In some cases, companies have done a good job in R&D, and then when they get to the production phase of a contract, they walk away from the opportunity because they don’t want to give up their rights to the government,” Masiello says. “So a big question in the contracting world is, How do we protect and encourage innovators to work with us while also allowing us to protect our investment?”
To create opportunities for startups to work with the government, more contract managers are experimenting with an arrangement called the consortia model, whereby the government taps a third party—often a nonprofit—to manage a contract that draws contributions from a number of different startups and small businesses.
“In consortia models, we group around expertise,” says Kraig Conrad, CEO of the National Contract Management Association, an organization in Ashburn, Va., whose members include government contracting officers and the companies with whom they do business. (Masiello is president-elect of NCMA’s board.)
“It provides nontraditional startups, who often say that working with the federal government slows us down, with a vehicle to participate in a contract,” Conrad says. “And it’s a method for the government to tap into development skills or power a programming need.”
Cybersecurity can be a thorny issue when working with startups—“some of whom do not share military cybersecurity concerns,” Masiello notes—whether under the traditional contracting model or within these new kinds of arrangements. As the government works with more technology suppliers, the exposure to hacks and ransomware attacks—and responsibility for mitigating them—is a huge area of focus for contractors and contractor managers today.
Tellingly, this concern reflects one of the shifts that has happened over the past two decades in terms of national security policy. Increasingly it seems as if the forces that would do us harm have pivoted, and are instead trying to steal our data or compromise our essential operating systems, whether it be the SolarWinds or Colonial Pipeline hack.
President Joe Biden convened a group of CEOs, including Amazon’s Andy Jassy, Microsoft’s Satya Nadella, and Apple’s Tim Cook, on the topic in August. “We’ve seen time and again how the technologies we rely on—from our cell phones to pipelines to the electric grid—can become targets of hackers and criminals. At the same time, our skilled cybersecurity workforce has not grown fast enough to keep pace,” Biden said. “The reality is most of our critical infrastructure is owned and operated by the private sector, and the federal government can’t meet this challenge alone.”
As the government looks to the private sector for help on this crucial issue, Masiello’s logic from the morning of 9/11 applies: The government should be contracting for the type of technology you need when you don’t exactly know what’s coming your way. But it’s doubly hard to know what that is in a world where the threats are not physical but technological. How well the government learns to work with technology suppliers will ultimately determine how well equipped the U.S. is to meet the growing cybersecurity challenge. Twenty years ago, few would have imagined the abstract-seeming but no less worrying dangers we would face today.
Subscribe to Fortune Daily to get essential business stories straight to your inbox each morning.