MCLEAN, Va.—Given the rapidly changing nature of cyber threats, the Army acquisition leadership is working to create an acquisition process that responds quickly to the needs of its cyber forces and cyberspace needs, service officials said on May 28.
In the cyberspace operation “the pace of change of technology” and “of the environment is such that we must be able to move with greater speed,” Ronald Pontius, deputy to the Commanding General of U.S. Army Cyber Command and 2nd Army, said here at an Army Cyberspace Industry and Innovation Day organized by the Association for Enterprise Information, which is part of the National Defense Industrial Association. “And from an operational entity, what we are conveying to the acquisition community is that we must be able to rapidly deliver cyberspace capability with agility, flexibility, and accountability.”
Pontius said that the years it takes for the traditional process of generating and formulating requirements is “absolutely not going to be successful in this space.”
Pontius shared the keynote duties at the industry day with Kevin Fahey, who is the executive director of the System of Systems Engineering and Integration Directorate within the Office of the Assistant Secretary of the Army for Acquisition, Logistics and Technology (ALT).
Fahey said Army acquisition is looking at two approaches that will help speed the process of getting capabilities into the hands of cyber forces. In the near-term, Fahey said his office is looking to do a “Challenge Framework,” which his slide presentation described as the Army “developing a repeatable challenge-based model (or framework) to obtain limited quantity pilot/production solutions using OTA vehicles…” OTA refers to Other Transaction Authority in federal acquisition parlance, allowing Defense Department entities flexibility to enter into transactions for prototype projects directly related to specific needs and outside of the traditional contracting process.
Fahey indicated that challenges will be done through a consortium or group.
Longer-term, and Fahey said this idea is still being worked out, he wants to pursue cyber acquisitions through a consortium. According to a briefing slide presented by Fahey, the consortium is defined as such: “Today the Army is advertising its intent to evaluate new forming or existing communities to effectively leverage leading technology and industry innovation.”
“I do believe…a consortium is perfect for the cyber space,” Fahey said. “But we can’t afford to go through the normal acquisition process.” Later in his presentation, Fahey said if “we have the opportunity that if we buy something that meets a requirement, we can field it in a prototype situation to our cyber forces to sort of try it out and inform the big requirements as we go forward. So I think it’s an opportunity not only to do research and development and see if things work, but actually field it to units to actually give us feedback as we feed it back to the regular requirements.”
To help focus its cyber acquisition efforts, the Army created a Cyber Focal Group that reports to Fahey. Heidi Shyu, the Assistant Secretary of the Army for ALT, decided against creating a separate Program Executive Office (PEO) within her office to manage all cyber-related acquisitions “because she believe every PEO has to worry about cyber,” Fahey said. He and Pontius said the four PEOs that will have primary responsibilities for cyber activities include C3T, which develops , acquires and supports the Army’s tactical communications network, Enterprise Information Systems, which is in charge of enterprise networks, Intelligence Electronic Warfare & Sensors, and Simulation, Training, & Instrumentation.
Fahey said his job and that of the Cyber Focal Group is to work with the cyber community, review requirements, and then have Shyu “allocate the requirements to the correct PEO” who, in turn, will focus on “how to set up the conditions to be responsive to these requirements.”
The need for rapid, flexible access to cyber capabilities is driven by two things, Pontius said. One is that technology is evolving rapidly. The other is that the threat is increasing rapidly too, “probably” faster than the pace of technology as barriers to entry for threat actors are coming down given the widespread availability on the Internet of tools to threaten information networks, he said.
The Army, like the other military services, is in the process of setting up its Cyber Mission Forces, which will conduct defensive cyber operations (DCO), offensive cyber operations (OCO), and defending the DoD Information Network, which is called the DoDIN.
The Army plans to have 41 active duty cyber teams and 21 teams in the Reserves. The Army is currently 65 percent of the way to building its Cyber Mission Force and is expected to complete the effort by the end of 2016 as scheduled, Pontius said.