U.S. Cyber Command’s main warrior cadre has been deemed ready for war and now the organization is shifting its focus to readiness and operations.
Sources have told Fifth Domain that DoD’s cyber warriors lack certain skills, capabilities and even equipment. One source went so far as to say that the list of what these forces can do is short.
As a result, the military wants to quickly get these new cyber warriors the tools they need. To do this, they are turning to contracting vehicles such as other transaction authorities and the so-called IT Box construct as a way to skirt the traditional acquisition system, which is often derided as lethargic, bureaucratic and not optimized for the high tempo of the software-centric world.
These approaches allow for the government to partner with non-traditional companies for less mature technologies and prototypes meaning solutions, albeit some that are not always 100 percent mature, get to warfighters faster. This approach allows DoD to be more agile and flexible in procuring and equipping, multiple industry sources told Fifth Domain. However, one potential downside to this approach is a lack of competition for this work.
What do cyber warriors need?
As the command is growing, maturing and standing on its own, it needs training modules, infrastructure to conduct operations on and tools.
Leaders say one of the most critical needs of cyber warriors is a training platform. And industry officials add that often the first time cyber warriors face certain techniques is during a mission. This is because of a lack of a holistic and robust training environment, similar to the Army’s combat training centers or the Air Force’s Red Flag.
To change that the Army, on behalf of Cyber Command, is in charge of an effort called the Persistent Cyber Training Environment. The Army, using an OTA approach, is running a series of innovation challenges as a way to prototype capability. This approach would provide an interim solution to cyber warriors while at the same time reduce risk and help the larger program of record.
Another capability cyber warriors will need is an operational platform from which to house tools, launch operations and perform command and control.
Currently, the Air Force is working this program on behalf of Cyber Command. The Unified Platform, as it’s called, is considered one of CYBERCOM’s largest and most critical acquisition programs to date. Industry officials have said it is necessary to conduct cyber operations and is critical to national security.
The Air Force’s acquisition strategy is not totally clear, with some industry sources noting that they are not taking an OTA approach to this critical capability. The service is currently using the General Services Administration’s premier enterprise Alliant Government wide Acquisition Contract vehicle in which multiple contractors will be awarded and will compete against each other for individual task orders on the final program. Federal agencies traditionally use Alliant to implement new and innovative technologies.
Despite being an attractive option to rapidly equip forces, these vehicles come with some risk.
Industry officials acknowledge that OTAs were meant for prototyping, research and development and risk reduction for larger programs of record, not as a replacement for procuring large programs and platforms. While Congress has extended the use of OTAs for actual development of production, William LaPlante, senior vice president and general manager for MITRE National Security Sector, calls this “a dodgy area.”
LaPlante, who served as assistant secretary of the Air Force for acquisition,, told Fifth Domain that the OTAs can limit competition. Since these rapid prototyping vehicles enable DoD to work with non-traditional companies that don’t have to bring forth fully developed solutions, they tend to favor smaller tech companies as opposed to larger defense contractors.
LaPlante said if one subscribes to the philosophy that the best product comes from a full competition, the competition part of these contracting mechanisms is not very clear.
Second, he said, going faster means the upfront homework in the way of budgeting, market research and strategy may be neglected. While this work might take a bit of time, if it’s not done, he said, the risk of making mistakes increases.
Going forward, LaPlante noted that it will be important how blowback and failure is handled because “there’s no question mistakes will be made."
There is also the issue of integration. With a series of disparate systems, it is unclear who will be the integrator: government or industry?
“It’s a perpetual discussion of the last 20-30 years: is the government itself strong enough to assume the role of integrator? Probably not. You need some industry partner,” he said.
Mark Pomerleau is a reporter for C4ISRNET, covering information warfare and cyberspace.