The U.S. Defense Department’s fiscal 2011 authorization bill included a worthy provision: Draw up a cyber acquisition plan that gets these technologies to the field as quickly as possible.
Unlike the rapidly developing technology itself, DoD acquisition, which includes cyber, is a complex, slow-moving beast. And now is the time to be rapidly fielding technologies, as news of the U.S. involvement in the development of the Flame and Stuxnet viruses no doubt makes the U.S. an even more inviting target for foreign cyber attack.
the cyber realm is one of the few areas within the Pentagon budget that is seeing an influx of cash, so it is vital that a nimble framework be established to incorporate those technologies to keep up with the demand.
However, the plan DoD came up with — the so-called 933 report — would likely slow the process rather than streamline it.
The plan — overseen by the Pentagon’s acquisition, technology and logistics office — would create two governing bodies to guide cyber acquisition. The first is a “senior level” committee, chaired by the Pentagon’s top acquisition and policy executives and the vice chairman of the Joint Chiefs of Staff. The second panel, which is discussed in more vague terms but likely would include a combination of cyber academics and representatives from industry, would examine broader technology developments and provide recommendations to DoD.
The two bodies would oversee two cyber development tracks: rapid and deliberate.
But adding two layers of bureaucracy is unlikely to ramp up cyber acquisition. The plan has, at the very least, been delayed, if not shelved.
While DoD is right to avoid embracing the plan right away, the need to quickly field cyber technologies is more urgent every day. And while the U.S. has honed its skills in the realm of rapid fielding — such as counter-IED technologies and mine-resistant, ambush-protected vehicles — cyber technology is an entirely different matter.
Cyber experts argue that the most efficient and effective way forward is to put rapid acquisition and fielding in the hands of the technical experts. They understand the threat and they know the technologies in ways acquisition experts do not. Yet that does not take into account how acquisition expertise can make the process better.
The other problem is, any process that increases the amount of discretion within a purchasing body — and likely relies on commercial, off-the-shelf technologies — would run counter to recent moves to limit discretion in the buying process within DoD, including legislative proposals to restrict commercial acquisition.
Either way, DoD must re-examine this issue with greater urgency, incorporate lessons learned from a decade spent rapidly acquiring and fielding equipment, and come up with the best way to get technologies into the hands of the nation’s cyber warriors. Those who would seek to do the U.S. harm aren’t waiting.