Navy: Faster acquisition key to cyber defense

Faced with a rapidly evolving cyber threat, the Navy is developing new strategies for acquiring cyber defense capabilities.

The problem is that the Defense Department’s existing acquisition model — DOD 5000 — is ill-equipped to meet the fast-moving needs of cyber defense.

“DOD 5000 doesn’t work for cyber defense,” said Kevin McNally, the Navy's program manager for information assurance and cybersecurity. “It’s built for the acquisition of ships, aircraft and weapons systems. Full operational capability can take seven years. Cyberattack tools progress far more rapidly than that.”

McNally, speaking June 28 at the IDGA Cyber Warfare and Security Summit in Washington, D.C., said the new acquisition approach would allow the Navy to work in six-month increments of spiral development, with multiple efforts working in parallel. A group composed of key naval departments will meet periodically to assess progress, identify new threats and re-evaluate needs, McNally said.

“Every six months, we’re looking at requirements, defenses and tools," he added. "We ask, ‘Do we need to field new capabilities? What capabilities do we need, and how should we deploy?’”

The Navy is also implementing DOD’s broader acquisition reform efforts but is taking a proactive approach with the new measures.

“There’s a big push to do acquisition reform, and we’re hoping that’s successful,” McNally said. “But I haven’t seen anything come out yet that simplifies acquisition for IT or cyber.”

For now, the Navy is looking forward to some of the advantages of its new approach, such as being better able to keep up with technology, introducing new commercial products more quickly and closing in on evolving threats. The department is also focusing on issues such as identifying network anomalies and behaviors, moving from reactive to predictive measures, and addressing advanced persistent and insider threats, McNally said.

“I don’t think we’ll ever close the gap [with rapidly evolving threats completely], but we can get closer,” he said.

Still, there are challenges, including securing resources and planning ahead for a future that is constantly changing. The broader DOD acquisition process is also cumbersome and can slow cyber development, he said.

About the Author

Amber Corrin is a former staff writer for FCW and Defense Systems.

Featured

  • Defense
    Soldiers from the Old Guard test the second iteration of the Integrated Visual Augmentation System (IVAS) capability set during an exercise at Fort Belvoir, VA in Fall 2019. Photo by Courtney Bacon

    IVAS and the future of defense acquisition

    The Army’s Integrated Visual Augmentation System has been in the works for years, but the potentially multibillion deal could mark a paradigm shift in how the Defense Department buys and leverages technology.

  • Cybersecurity
    Deputy Secretary of Homeland Security Alejandro Mayorkas  (U.S. Coast Guard photo by Petty Officer 3rd Class Lora Ratliff)

    Mayorkas announces cyber 'sprints' on ransomware, ICS, workforce

    The Homeland Security secretary announced a series of focused efforts to address issues around ransomware, critical infrastructure and the agency's workforce that will all be launched in the coming weeks.

Stay Connected