Rapid Acquisition and Fielding for Information Assurance and Cyber Security in the Navy

Rapid Acquisition and Fielding for Information Assurance and Cyber Security in the Navy

Isaac R. Porche
Shawn McKay
Megan McKernan
Robert W. Button
Bob Murphy
Kate Giglio
Elliot Axelband
Copyright Date: 2012
Published by: RAND Corporation
Pages: 102
https://www.jstor.org/stable/10.7249/j.ctt5hhvw9
  • Cite this Item
  • Book Info
    Rapid Acquisition and Fielding for Information Assurance and Cyber Security in the Navy
    Book Description:

    The U.S. Navy requires an agile and adaptable acquisition process that can field new information technology capabilities and services in relatively short and responsive time frames. A RAND study sought to identify ways to accelerate or bypass the traditional acquisition process in response to the unique demands of information technology and cyber programs.

    eISBN: 978-0-8330-8348-7
    Subjects: Technology

Table of Contents

  1. Front Matter
    (pp. i-ii)
  2. Preface
    (pp. iii-iv)
  3. Table of Contents
    (pp. v-vi)
  4. Figures
    (pp. vii-viii)
  5. Tables
    (pp. ix-x)
  6. Summary
    (pp. xi-xviii)
  7. Acknowledgments
    (pp. xix-xx)
  8. Abbreviations
    (pp. xxi-xxiv)
  9. CHAPTER ONE Introduction
    (pp. 1-6)

    In general, today’s acquisition and testing system is designed for large-scale, hardware-based weapon systems. It is marked by high-level oversight and a deliberate, serial approach to development and testing. As a result, this current process (based on the U.S. Department of Defense [DoD] 5000-series regulations)—from requirements definition to initial operational test and evaluation (OT&E)—typically takes years to complete. Such a process is particularly unsuited for dynamically changing information technology (IT) systems. A Defense Science Board (DSB) study found that only 16 percent of all IT systems were on budget and on time, while 53 percent were both late...

  10. CHAPTER TWO Testing (Certification and Accreditation): Challenges, Best Practices, and Recommendations
    (pp. 7-16)

    In this chapter, we outline the challenges that C&A and operational testing pose to PMW 130’s CND program and provide specific recommendations to overcome them.¹ The bulk of the chapter focuses on required changes in the C&A process to meet the six-month acquisition requirements for CND updates, which fall within the second acquisition speed category listed in Chapter One. We briefly discuss the required changes to the C&A process for handling emerging threats (e.g., worms), which falls into the first acquisition speed category (days or weeks).

    The DSB task force report on acquisition of IT proposed general testing guidelines to...

  11. CHAPTER THREE The Navy Modernization Process: Challenges, Best Practices, and Recommendations
    (pp. 17-24)

    The Navy currently conducts ship changes through the Navy Modernization Process, or NMP. Previously called SHIPMAIN, for “ship maintenance,” this process was implemented to eliminate redundancies in prior maintenance processes by standardizing the planning, budgeting, engineering, and installation of shipboard improvements (Penderbrook Associates, undated).

    The NMP also seeks to “maintain configuration control of the various changes made to ship systems and equipment over the life of a ship” (Schank et al., 2009, p. xviii). Despite intended efficiencies, the NMP is a long and complicated process; programs have been affected by its long-standing structural and (more recently) institutional problems resulting from...

  12. CHAPTER FOUR Budgeting, Funding, and Contracts: Challenges, Best Practices, and Recommendations
    (pp. 25-28)

    Outside of testing and installation, the acquisition process also includes budgeting, funding, and contracting. This chapter looks at these issues in relation to cyber acquisition. Although these steps are not as problematic as C&A and NMP, cyber programs still face challenges in these areas. We gleaned best practices and recommendations from programs that have already dealt with budgeting, contracting, and funding challenges. Given that cyber acquisition requires a rapid acquisition tempo and incremental builds for IT acquisition, some of the challenges, best practices, and recommendations presented here relate to both rapid and IT acquisition.

    PMW 130’ s mission presents both...

  13. CHAPTER FIVE Governance, Integration and Training, and Emerging Needs: Challenges, Best Practices, and Recommendations
    (pp. 29-32)

    This study set out to explore several aspects of the cyber acquisition process. In addition to testing, installation, and budgeting and contracting, we looked at governance, integration and training, and “emerging” needs. We found fewer hurdles to cyber acquisition in these latter areas. In this chapter, we explore these additional pieces of IT and cyber acquisition.

    Cyber acquisition faces challenges resulting from IT acquisition governance in the Navy primarily because this governance is widely dispersed. According to VADM Harry Harris, assistant to the Chairman of the Joint Chiefs of Staff, “Alignment and authority issues preclude achievement and execution of effective...

  14. CHAPTER SIX Summary and Conclusions
    (pp. 33-36)

    In PEO C4I and the rest of the Navy, rapid acquisition or fielding does occur except with special prioritization and exceptional treatment, both of which require resources that may not be routinely available to PMW 130 and its cyber program. New agile methods outlined in the DSB report (2009b) that seek iterative and incremental development on six-month cycles will be difficult to achieve without new authorities at the PM or PEO level and a change in the approach to budgeting.

    In this chapter, we summarize the findings and recommendations offered throughout the report in a way that directly addresses the...

  15. APPENDIX A Survey of Rapid Acquisition Processes
    (pp. 37-40)
  16. APPENDIX B Navy Rapid Acquisition Options
    (pp. 41-46)
  17. APPENDIX C Case Studies of Successful Rapid and IT Acquisition
    (pp. 47-50)
  18. APPENDIX D JCIDS and Incremental Acquisition
    (pp. 51-56)
  19. APPENDIX E Review of Cyber and IT Acquisition Literature
    (pp. 57-64)
  20. APPENDIX F Air Force Cyber Acquisition
    (pp. 65-68)
  21. APPENDIX G Worms
    (pp. 69-72)
  22. Bibliography
    (pp. 73-78)