In December, the Army made awards under its first-ever Cyber Innovation Challenge just five months after launching the project. Officials are pleased at having shown they can involve non-traditional vendors in the DoD procurement process and acquire new tools very quickly. The next step is to do it at the scale the Pentagon needs.
In the first innovation challenge, the Army told an industry consortium that it wanted to buy deployable cloud-based toolkits for its cyber protection teams to use as they travel to various combatant commands to help defend Army networks. The awards — to Critical Stack, Inc., for $3 million and Parsons Corp. for $1.5 million — will deliver prototypes for testing sometime between now and April.
The speed of the Deployable Defensive Cyberspace Operations Infrastructure (DDI) procurement was due in part to the fact that the Army is using Other Transaction Authority (OTA) for its cyber challenges. The technique lets the government avoid most of the hurdles involved in the usual federal procurement process, but generally can only be used for prototypes and where the government isn’t footing the entire research bill.
If after testing the new kits the Army wants to buy enough to outfit all 20 of its cyber protection teams, it will have to do so through a procurement that follows the Federal Acquisition Regulation without getting slowed down by the usual processes that can take months to officially validate a new requirement every time technology evolves — plus the time it takes to make a competitive award.
That’s where the IT Box comes in, Army officials said during an appearance on Federal News Radio’s On DoD. In existence since 2008 and coming into increasing favor within the Army, the construct lets the military services get one-time approval through the military’s usual Joint Capabilities Integration and Development System without having to redo the process each time they want to add or subtract significant features from a system.
“It allows us to define an end-state and then incrementally apply additional capability as the system grows, and that’s really what we would do here,” said Doug Wiltsie, the director of the Army’s System of Systems Engineering and Integration directorate. “So as we come out of the OTA phase and we’ve determined whether the capability the prototype provides is or is not our real requirement, it lets us have discussions between our acquisition, operational and requirements communities about the kinds of capabilities we can provide in given timeframes and to do that incrementally. And it allows us the flexibility within the end-state requirement if something changes from the operational side or the requirements side to insert that into the process and make those changes.”
The process uses periodic “capability drop documents” to make changes to a baseline product like DDI. If the Army wants to make changes to the technologies it plans to deliver to its cyber teams, it can do so quickly but also in a way that ensures the technological additions don’t bring budget surprises.
That’s a contrast to some previous approaches that used urgent operational needs statements to seek approval for rapid technology buys.
“This is really going to take the place of ONS in the future so that requirements aren’t validated without the necessary funding already allocated,” said Maj. Gen. Stephen Fogarty, the commander of the Army Cyber Center of Excellence. “Changes in cyber take place at a very fast pace, and we believe this gives us the flexibility we require to stay ahead of requirements and not be shooting behind the rabbit.”
The underlying “micro cloud” and “nano cloud” technologies the Army is experimenting with during the prototype phase sprang initially from the Defense Advanced Research Projects Agency’s Plan X, which DARPA says is meant to leverage academic and private sector expertise to better defend DoD networks.
“This is really the initial spinout from Plan X. We’re embracing the idea of the open stacks that are being used heavily in industry,” said Ron Pontius, the civilian deputy to the commander at Army Cyber Command. “When you take a bigger perspective about how we transition the forward-leaning technical research piece that DARPA’s doing into actual capabilities, this is a positive story that tells us we can do that.”