Army Defensive Cyber Operations Maintain Balancing Act
The service must avoid suffering innovation overload.
Speed is of the essence as the U.S. Army works earnestly with industry to equip the force with the latest tools to combat cyber attacks. Yet rapid acquisition must be weighed against wasteful haste as the service aims to deliver combat-effective capabilities without breaking stride.
These capabilities include a revamped tool suite, a portable cyber defense system and advanced cyber situational awareness. At the forefront of these efforts is the project manager, defensive cyber operations (PM DCO), part of the Army’s Program Executive Office Enterprise Information Systems.
The biggest challenge facing the DCO is the balance between traditional acquisition and moving quickly, says Col. Chad Harris, USA, PM DCO. “We are still in the Army, we are still in the government, so there are processes and bureaucracies we have to work through,” he points out. “Our leadership wants to move fast, but we have to move fast in a way that both the Army and the user are okay with.”
As an example, he notes that the DCO had planned to modernize its tool suites every three to six months. But the user offered that this pace of change was too rapid—it didn’t give them a chance to train on the new tools or develop expertise operating them. “We’ve had to address our strategy to account for that—to say, ‘There is a balance between bringing new stuff in and letting the force get familiar with what it is using,’” he points out.
“We are delivering relevant cyber capability today,” Col. Harris states. “We’re providing soldiers what they need to defend the network. Soldiers are getting what they need when they need it. If the soldier receives equipment too late, it’s not relevant.”
The Army always has incorporated innovation where appropriate, and now the service must incorporate it from a DCO perspective. Col. Harris explains that the cyber Forge at Fort Belvoir, which was stood up in April, is the innovation facility at which the Army is applying new methodologies to speed new defensive cyber capabilities to the force. “It’s about bringing pieces together—the people, the facility and the tools—to bring innovation into the Army,” he says.
“We want to be agile; we want to bring in innovation,” Col. Harris states. “In order to do that, we’ve set up the pieces … and we are going to need our industry partners to be a part of that.”
He continues that the Army has laid out a process known as the Cyberspace Real-time Acquisition Prototyping Innovation Development, or C-RAPID. Describing this as “the crawl phase of a crawl-walk-run,” he explains that the Army is still developing the processes for its success. These include the problem statement presented to industry.
Col. Harris emphasizes that industry must be part of the process for it to succeed. He offers that he told industry directly, “I need you guys to want to collaborate with us. You say you do, but when we bring you in, you have to be all in. You have to be willing to collaborate with your other industry partners.”
He adds that the Army saw this approach work in the Deployable DCO System (DDS) Modular, a recent other transaction authority (OTA) innovation. The Army presented industry with a problem statement for modularizing the DDS flyaway kit and reducing its size. Industry responded positively: “If it wasn’t a home run, it was a good triple,” the colonel states. “They came in, they brought great kit, they were willing to work with each other … one of the companies, SealingTech, brought in great hardware that was modularized and small in a form factor. We were also looking for advanced sensors, which CACI was able to bring to the table. We were able to marry them up … and that’s what we ended up procuring as a prototype.”
The DCO’s specific OTA is known as COBRA, for Cyber Operations Broad Responsive Agreement. COBRA is designed to help the DCO solve cyber challenges and enable rapid prototyping, the colonel observes.
Col. Harris emphasizes that the DCO is not going to pursue all its innovative capabilities via OTAs. “The OTA is not a panacea. It’s not the end-all, be-all for procurements. They are a useful tool for prototyping, but they do not replace FAR [Federal Acquisition Regulation]-based contracting. You can take an OTA into production, and sometimes that is the right method. But there is a place for FAR-based contracting and, within the DCO realm, we’re using FAR-based contracts,” he declares. He cites firm-fixed-price contracts on cyber analytics and DCO mission planning as examples of the organization’s FAR contracting.
The DCO’s key technology wish list includes kit having small enough hardware with sufficient computational power and storage, Col. Harris offers. DCO mission planning that provides proper visualization for the cyber protection brigade is another. Both the Army and industry are expected to provide the organization’s needed technologies moving forward, but the colonel cites the Army as a major source.
“We don’t want to just outsource to industry,” he explains. “We don’t want only industry doing the work; because you don’t build the bench, you don’t get smarter at this mission, and you end up not doing it well. So how do you build the workforce? You have to balance it,” he states. The DCO is bringing key capabilities into the Forge while selecting soldiers who are subject matter experts. This comes under workforce management, he adds.
The DCO is working with Tobyhanna Army Depot, which supports the organization, on skill sets and hardware applicability. Tobyhanna will address needs and shortcomings through recently established agreements.
For the near term, the DCO will refine its tool suite into a subsequent iteration. The organization will evaluate the current tool suite to keep heavily used tools and divest less vital versions. This evaluation also will seek ways of replacing multiple tools with converged follow-ons to decrease their size and optimize the tool suite.
Col. Harris’ goal is an integrated system that can be used across all cyber forces—offensive or defensive. “I would like to see us leverage the power of the Army and the Defense Department to look at kit that works for everyone.” This kit would be easy to use, simpler for soldiers to train on with a shorter training time line, and able to empower more soldiers to perform the cyber defense mission. “That is one of the things that we lack: the skill set and the training of our cyber defenders, making sure we have the right people doing the mission,” he states.
From a mission-planning perspective, the colonel wants to be able to see a fused picture of the battlefield “from the network endpoint up to the floor of the operations center.” This would allow a cyber commander and the chain of command to make the necessary decisions, he emphasizes.
Ultimately, he would like to see the big data platform used more widely. A bigger and better training package would allow that capability to be expanded and used by others in cyber defense forces, he professes.
The time frame for most of these DCO goals is to complete them by early 2020. “We will have the Forge completely operational; our processes will be in place to where we are running OTAs on a weekly basis to bring innovation into the government,” Col. Harris offers. “We will have the armories stood up at Fort Gordon, Fort Belvoir and Tobyhanna. We’ll have the [standard operating procedures] for how we continue to maintain weapon systems and start to be able to transition that equipment to the user—effectively, efficiently and seamlessly.”
Col. Harris offers that these efforts are designed to ensure the Army can respond to the threat. “My worst nightmare is that we can’t respond to threats as quickly as we need to.” That might happen if the Army goes back to old ways of “good enough” or “the system won’t let us do something,” he warns. “When we see a threat that is having an impact on our networks or our soldiers, we need to be able to respond to that. And if we can’t, that’s my nightmare.”
That might come to pass if any of several actions play out. If the DCO abuses its authorities and is not allowed to use OTAs any further, if it is weighed down by more regulations or if senior leadership no longer supports its efforts, the DCO might not achieve its goals. And these goals are the key to avoiding potential pitfalls.
“If we can achieve the vision we’ve set out to achieve—and that goes back to our collaboration with industry, having our team built and working together to solve problems—the nightmare scenario won’t happen,” the colonel declares.