Enable breadcrumbs token at /includes/pageheader.html.twig

The Cyber Implications Of Acquisition Speed

Part I: What is the problem?

Acquisition reform has been a topic of discussion among individuals in government, industry and academia for several decades. A regular outpouring of well-written studies has occurred year after year, such as the 1986 Packard Commission report, the 1992 U.S. General Accounting Office (now the Government Accountability Office) report on weapons acquisition, the 1993 report of the Defense Department Acquisition Law Advisory Panel and the more recent Center for Strategic and International Studies report “Measuring the Outcomes of Acquisition Reform by Major DoD Components.” These studies have made recommendations and measured progress. In some cases, the same recommendations are repeated from study to study.

Various government organizations also have led efforts to improve the acquisition process, such as the Defense Department’s Better Buying Power (BBP) initiative, which now is on version 3.0. Generally, the sponsors of such initiatives express a hope that they will incentivize productivity, innovation and speed through some form of partnership between industry and government. But within the information technology domain, and specifically within the context of cybersecurity, these actions have yet to produce a faster, simpler way to acquire technologies that, by their very nature, are crucial to national security. Often, strategies of provisioning information technology services, such as the degree of insourcing to government shops versus outsourcing to commercial firms, go back and forth. In the opinion of many experts and groups, the overall progress of reform has been negligible.

Frustrated by what it sees as fiscal waste and failed programs, Congress has taken action to push acquisition reform through various mechanisms, including addenda in the yearly National Defense Acquisition Act and specific laws, such as H.R.1232, the Federal Information Technology Acquisition Reform Act.

Many areas of acquisition have been identified for improvement. Goals include reducing cost, increasing innovation, improving quality, boosting program completion and shortening the time from requirement to fielding. Given the spate of cyber incidents and the great demand for cyber defense tools to protect governments’ networks, the need to define requirements, allocate resources and rapidly acquire technology is as crucial as was the Manhattan Project, which produced the first nuclear weapons during World War II.

All problems are problems, but some have a greater effect than others. In today’s austere environment, cost is the issue that managers often focus on, but speed drives costs. Programs with long development times almost always are expensive. In addition, systems with lengthy development cycles typically are marginal in meeting user needs by the time they are fielded.

Speed of adaptation is a major factor in determining who wins a conflict. Of the acquisition improvement areas, shortening the time from requirement to fielding has a direct link to an organization’s ability to respond to cyberthreats and take advantages of cyber opportunities. It is an engineering equivalent of Air Force Col. John Boyd’s OODA: Observe, orient, decide, act.

The need for speed is highlighted by the inability of large government acquisitions to match the pace of commercial information technology product development. Government often has difficulty acquiring and implementing products before they have come to the end of their life cycle. This is complicated by the integration of information technology products. It is not as simple as buying hardware “X” and software “Y” off the General Services Administration schedule. Government works in a world of systems of systems, taking commercial off-the-shelf products and adapting them to meet specific needs. Frequently, the entire acquisition process has to be engaged to get the right solution within “the latest time of value.”

James P. Craft is a member of the AFCEA Cyber Committee.

In the coming months, the AFCEA Cyber Committee will examine cyber acquisition issues, with the goal of identifying short-, medium- and long-term approaches; recommending investment strategies; and suggesting best practices for government and industry to speed up the information technology acquisition process.