Navy takes spiral approach to cyber acquisition
- By Amber Corrin
- Jun 28, 2011
The Defense Department’s DOD 5000 acquisition model is ill-fit for the fast-moving needs of cyber defense, and therefore the Navy is developing new strategies of its own to meet the rapidly evolving cyber threat, one official said June 28 at the IDGA Cyber Warfare and Security Summit in Washington, D.C.
“DOD 5000 doesn’t work for cyber defense. It’s built for the acquisition of ships, aircrafts and weapons systems; full operational capability can take 7 years. Cyberattack tools progress far more rapidly than that,” said Kevin McNally, program manager for information assurance and cybersecurity, Navy PEO-C4I.
McNally said the new acquisition approach would allow the Navy to work in six-month increments of spiral development, with multiple efforts working in parallel. A group comprising key naval departments will meet periodically to assess progress, identify new threats and reevaluate needs, McNally said.
“Every six months we’re looking at requirements, defenses and tools. We ask, ‘Do we need to field new capabilities? What capabilities do we need, and how should we deploy?’” McNally said.
The Navy is implementing DOD’s broader acquisition reform efforts as well, but is taking a proactive approach with the new measures.
“There’s a big push to do acquisition reform, and we’re hoping that’s successful,” McNally said. “But I haven’t seen anything come out yet that simplifies acquisition for IT or cyber.”
For now, the Navy is looking toward some of the advantages of its new approach, such as being better able to keep up with technology, introducing new commercial products more quickly and closing in on evolving threats. The department is also focusing issues such as identifying network anomalies and behaviors, moving from reactive to predictive measures and addressing the advanced persistent and insider threats, McNally said.
“I don’t think we’ll ever close the gap [with rapidly evolving threats completely], but we can get closer,” he said.
Still, there are challenges, including securing resources and planning ahead for a future that is constantly changing. The broader DOD acquisition process is also cumbersome and can slow down cyber development, he said.
Amber Corrin is a staff writer covering military networks for Defense Systems.