Marines adopt acquisition approach to work at cyber speed

By: Mark Pomerleau, 

October 13, 2016

Source Link

Marines adopt acquisition approach to work at cyber speed

Marine Corps Systems Command (MCSC) has announced a new process for rapidly fielding cyber capabilities to its personnel.

A new cyber advisory team (CAT), which is made up of acquisition professionals and located at the command deck as a command asset for program office, seeks to facilitate and expedite acquisition and provide expertise on all things cyber, the team’s director, Mike Cirillo, told C4ISRNET.

In May at the annual Sea-Air-Space conference, the commander of Marine Forces Cyber Command, Brig. Gen. Loretta Reynolds, expressed concern that battling in cyberspace with outdated acquisition processes doesn't work. "The cyberthreat is an all day, everyday thing. We have got to have the ability to put tools on a network that get after the threats as they arrive.”

And now those tools have arrived. 

While there have been acquisional difficulties, Cirillo said CAT tailors the acquisition process to the fast-moving pace that is so common in the information technology field — something that was not done before. Senior acquisition officials gathered to analyze this pace, offering several recommendations to improve the Marines’ acquisition in cyberspace capabilities, he said.

The team developed two primary lines of effort under this program: an emergency acquisition process, which focuses on fielding capabilities in less than 30 days; and an urgency acquisition process, which is designed to field capabilities between 31 and 180 days. Anything that might take more than 180 days will be considered under the traditional acquisition process, Cirillo said, as it is clearly not an urgent need.

The team recently completed its first acquisition under this new process, MCSC said.

“Leveraging commercial-off-the-shelf hardware and software, the new capability allows the Corps’ cyber protection teams to conduct cybersecurity operations onsite and remotely protect the network,” MCSC said in a news release.

The team developed this new process, leveraging existing authorities. Cirillo analogized the process of traditional acquisition to what the team did to a football game. With traditional acquisition, the entire offensive team has to make it in the end zone at the same time — all arriving together, he said, while a highly tailored system looks like an offense getting the ball at the 10 yard line and the running back sprinting to the end zone as fast as possible without any interference.

The team examined what it could do without breaking any laws and putting aside what is not needed to make progress, he said.

Providing a brief vignette of what acquisition might look like in the aforementioned emergency process, Cirillo said a normal team consists of a senior IT program manager, an IT expert and a contracting offer. This team, given its small size and immense expertise, has the wherewithal to make progress without having to coordinate with many others, basically executing missions, Cirillo said.

“Even with the CAT in place, we had not had an opportunity to exercise the emergency cyber acquisition process until the ... acquisition,” said Andrew Dwyer, CAT liaison officer to Marine Corps Forces Cyberspace Command. “Our relationship with MARFORCYBER enables us to identify cyber requirements early and expedite the acquisition process.”

When the team received the emergency request, they worked with Dwyer and the Program Manager for Information Systems and Infrastructure (ISI) to acquire and field the capability in less than 30 days.

“We are thrilled with our recent successes and will continue to improve the process while injecting leadership, professionalism and urgency to support our customer's mission priorities,” Dwyer said.

“The Commandant’s intent to improve Marine Corps acquisition stems from the knowledge that the operational landscape around us has changed,” Cirillo said. “This kind of cultural change began at our senior leadership level and, reinforced with little victories like this emergency cyber acquisition, we can effect sustainable refinements to traditional acquisition processes earlier and faster.”

“Our end goal is to provide speed to the Corp’s cyber warfighting capability while maintaining the discipline necessary for a unified, standardized and configuration-controlled network,” said Harry Oldland, ISI program manager. “These improvements will provide more responsive and effective support to our cyber forces, including where and how our industry partners can help us provide tactical IT capabilities to our operational forces.”