Navy: Faster acquisition key to cyber defense

Faced with a rapidly evolving cyber threat, the Navy is developing new strategies for acquiring cyber defense capabilities.

The problem is that the Defense Department’s existing acquisition model — DOD 5000 — is ill-equipped to meet the fast-moving needs of cyber defense.

“DOD 5000 doesn’t work for cyber defense,” said Kevin McNally, the Navy's program manager for information assurance and cybersecurity. “It’s built for the acquisition of ships, aircraft and weapons systems. Full operational capability can take seven years. Cyberattack tools progress far more rapidly than that.”

McNally, speaking June 28 at the IDGA Cyber Warfare and Security Summit in Washington, D.C., said the new acquisition approach would allow the Navy to work in six-month increments of spiral development, with multiple efforts working in parallel. A group composed of key naval departments will meet periodically to assess progress, identify new threats and re-evaluate needs, McNally said.

“Every six months, we’re looking at requirements, defenses and tools," he added. "We ask, ‘Do we need to field new capabilities? What capabilities do we need, and how should we deploy?’”

The Navy is also implementing DOD’s broader acquisition reform efforts but is taking a proactive approach with the new measures.

“There’s a big push to do acquisition reform, and we’re hoping that’s successful,” McNally said. “But I haven’t seen anything come out yet that simplifies acquisition for IT or cyber.”

For now, the Navy is looking forward to some of the advantages of its new approach, such as being better able to keep up with technology, introducing new commercial products more quickly and closing in on evolving threats. The department is also focusing on issues such as identifying network anomalies and behaviors, moving from reactive to predictive measures, and addressing advanced persistent and insider threats, McNally said.

“I don’t think we’ll ever close the gap [with rapidly evolving threats completely], but we can get closer,” he said.

Still, there are challenges, including securing resources and planning ahead for a future that is constantly changing. The broader DOD acquisition process is also cumbersome and can slow cyber development, he said.

About the Author

Amber Corrin is a former staff writer for FCW and Defense Systems.

Featured

  • Image: Shutterstock

    COVID, black swans and gray rhinos

    Steven Kelman suggests we should spend more time planning for the known risks on the horizon.

  • IT Modernization
    businessman dragging old computer monitor (Ollyy/Shutterstock.com)

    Pro-bono technologists look to help cash-strapped states struggling with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help.

Stay Connected