The idea of buying technology faster, better and more cost-efficiently isn’t new in the government, but the Army believes it can improve its cyber-specific acquisition.
In the Army’s program executive office for enterprise information systems, officials in the defense cyber operations program are following a new acquisition strategy, one that takes advantage of a consortium-based approach and other transaction authority to achieve goals like a 30-day prototyping process.
The new strategy focuses on operational needs statements, prototyping, informing requirements, developing processes and standing up capabilities as core elements that help deliver a suite of defensive cyber capabilities earlier and in shorter periods of time, according to Army documents.
“The proper identification of DCO requirements and their operational interrelationships is difficult to conceptualize and can be extremely labor intensive,” Col. Scott Helmore, DCO product manager, and retired Brig. Gen. Tom Cole wrote in an Army release. “To help overcome this challenge, DCO recognized that rapid prototyping, with early and continuous collaboration with industry, is essential to effective delivery of cyber capabilities.”
Specifically, Helmore and Cole wrote that the Army is using the Consortium for Command, Control and Communications in Cyberspace (C5) established in September 2011 by Army Contracting Command – New Jersey to tackle the 2016 Joint Staff-approved DCO Information Systems Initial Capabilities Document. The ICD uses the Joint Capabilities Integration and Development System IT Box method, an “adaptable and flexible requirements approach that provides rapid capabilities to the soldier through use of a further delegated requirements process.”
The IT Box creates the overarching authority to establish the DCO family of systems. Currently, there are 11 programs, six of which are initial programs of record and all of which are expected to be Acquisition Category III. An additional five programs that are identified for future development.
The first six programs, which have fiscal 2018 projected start dates, include cyberspace analytics, a garrison DCO platform, a DCO tools suite, deployable DCO system, DCO mission planning and tactical DCO infrastructure, according to briefing slides presented at a recent DCO industry day posted by Federal News Radio.
Future capabilities slated for fiscal 2019 and 2020 include forensics and malware, user activity monitoring, advanced sensors, threat discovery and threat emulation.
The idea is that the consortium can help with recommending technologies, guiding integration, keeping open architecture and building a bench, according to notes from the briefing.
Currently, the Army is seeking an independent organization that will oversee the consortium, known as C-RAPID, and expects to find a winner in May. Once off the ground, C-RAPID is expected to launch anywhere between six and 24 prototyping projects per year, each taking 30 days to complete.
C-RAPID fits with broader Army efforts to streamline and accelerate the acquisition process, rapidly fielding prototypical solutions that address pressing capability gaps.
“This process, the journey we’ve been on is enduring — this is not just a quick reaction capability. We understand there’s some frustration in the field and we’ve asked them to have some tactical patience … this is going to be a tremendous year of delivery,” Maj. Gen. Patricia Frost, director of Army cyber within the Army’s headquarters G3/5/7, said at a December AUSA event in Arlington, Virginia.
“We are going to deliver prototypes to the field, and we’re not going to wait six to 10 years to build the perfect set of kit. We’re going to look at prototyping and a risk reduction, risk mitigation methodology. We need to be working with what our operators are telling us about how the threat is evolving in the different theaters that we’re operating in if we are going to take some leaps in capability development, which is why that prototyping is so important.”