After years of working as a small shop with most of its requirements outsourced to the Air Force, Cyber Command’s J9 acquisition and technology directorate finally has the ingredients for an independent acquisition program. While it may be some time before it can take on big platform acquisitions on its own, it now has the budget, if not the manpower, to increase the scope and scale of what it buys.
The plan is part of a five-year build up that will eventually see the directorate operating with more people and more responsibilities. Now it just needs to move forward and develop a track record, said Michael Clark, CYBERCOM’s director of cyber acquisition and technology.
“Working with Congress, and the Secretary, we have language that within the next five years, by fiscal 2027, USCYBERCOM will assume the acquisition decision authority over the warfighting platform. We have the acquisition responsibility that’s going to be built over time,” Clark said Thursday at AFCEA’s TechNet Cyber conference in Baltimore.
When the command got acquisition authority in 2016, it had a $70 million budget and five years of authorization. That meant it depended on the military services to execute most of its requirements. The directorate now has a budget of $3.2 billion, enough to start new programs which will allow the directorate to eventually stop requiring help from other services.
Among its first priorities is a plan to build a joint cyber weapons program management office this year. The Air Force will build out the office and CYBERCOM will reimburse the department before eventually taking it over.
“I’m going to stand up a program management office for the joint cyber weapons portfolio, that’s going to be part of the agenda as well. So that’s an acquisition activity that I’m already doing within the command without the formality of a program office where we’re going to formulate the acquisition decisions,” Clark said.
With enough money in place to move forward, the directorate needs to hire people to implement its plans. Clark said he has authorization to fill 24 entry-level positions. The new hires will create a foundation for ambitious plans to expand the mission, but more staff will be needed.
“I’m aspirational if I can get the people. It’s my Achilles heel right now. I want to be able to have a [program executive] office stood up and begin doing PEO responsibilities for the components that I’m actually building within the command today,” Clark said.
Clark said CYBERCOM has always sought to model itself on Special Operations Command. It is a model acquisition professionals frequently reference because SOCOM has a reputation for an agile, speedier acquisition process, and, like CYBERCOM, has its own service-like acquisition authorities.
“Gone are the days where we have the luxury of doing a large contract to deliver a capability five years from now, because it will be obsolete. We’re moving our acquisition strategy away from that construct to one that’s going to be much more DevSecOps related, where we’re building capabilities at the speed of operational relevance,” Clark said.
As for a next step, Clark said after a build-out of current capabilities, he would like to move to a phase two plan. While the directorate currently has control of enabling the cyber mission forces, Clark says it aspires to eventually take over acquisition for the cyber protection teams, the cyber mission teams and national support teams.
“We began pursuing the enhanced budget authority. We were advocating very strongly to [CYBERCOM Commander Gen. Paul Nakasone] that it should be the whole cyber budget of the department – at least that part of the budget that was clearly identified as cyber operations – which was about $10 billion. And he drew us back. He said we’ve got to prove ourselves first before we take that on,” Clark said.