Mission Area
January 22, 2021
[In January 2021, Applied Cyber Technologies (ACT), part of PEO EIS's Defense Cyber Operations portfolio, was named the winner of the 2020 Maj. Gen. Harold J. "Harry" Greene Acquisition Writing Award for acquisition reform. ACT's article, to be published in the spring 2021 issue of AL&T magazine, appears below in its entirety.]
The defense acquisition community eagerly awaited updates to the 5000 Series acquisition guidance, originally published in 2015. The nation’s threat landscape has accelerated exponentially over the past few years, and it was clear we needed acquisition policies that allowed for more flexible and accelerated programs. The Department of Defense’s (DOD) January 2020 revision of the 5000 Series was welcomed by program managers (PMs) and acquisition professionals alike. The revised guidance speaks directly to challenges programs across the Department have faced, specifically with regard to assessing and acquiring systems with speed and agility.
The Department’s “transformational tool,” the Adaptive Acquisition Framework (AAF), and its associated pathways give programs agile, area-specific frameworks that promise to enable the delivery of warfighting capabilities “at the speed of relevance.” Critically, the new guidance represents a concerted effort by the Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD A&S) to change the acquisition culture by “simplifying policy, empowering PMs, tailoring acquisition approaches, conducting data driven analysis, actively managing risk and emphasizing sustainment.”
The revised policies offer guidelines, while encouraging PMs to “tailor” solutions to best suit program needs. Understandably, there is no precedent for this framework, and hence, no clear sense of how to realize its promise. While sustainment was emphasized in the new doctrine, there was little offered in the way of specific guidance or best practices. Additionally, the revised doctrine doesn’t provide a clear paradigm for integrating customer feedback into the acquisition process, a critical component to innovation and mission success.
Adaptive Agile Framework and the Cyber Domain
In recent years, the U.S. Army’s Defensive Cyber Operations leadership has become increasingly committed to overhauling cyber acquisitions. The Army recognized that in order for its Cyber Mission Forces (CMF) to maintain a competitive advantage in a highly dynamic threat landscape, it needed to create an environment that could deliver capabilities at speeds never realized before. CMF are actively engaged in missions on the nation’s behalf around the clock. In the cyber domain, speed exceeds the issue of “relevance.” Speed makes the difference between winning and losing, so it is absolutely critical to deliver defensive cyber capabilities to cyber Soldiers as soon as they become available.
The AAF stresses shortening prototype, development and acquisition timelines, but cyber requires timelines that are much shorter than any indicated in the new guidance. According to the AAF, the “Urgent Capability” pathway aims to “fulfill urgent operational needs (UONs) or other quick reaction capabilities (QRCs) in less than two years.” 2 For many systems and programs, shortening timelines to two years would be a much-needed improvement. However, two years is an eternity in cyber warfare, and giving our enemy that amount of time to build and deploy capabilities could result in unwanted consequences.
In 2018, Applied Cyber Technologies (ACT), a product office within Defensive Cyber Operations (DCO), in U.S. Army’s Program Executive Office Enterprise Information Systems (PEO EIS), was charged with creating a framework to rapidly develop, assess, deliver and sustain advanced defensive cyber capabilities to CMF. The team focused on truncating the process at every turn. The emphasis was on minimizing the time and metaphorical “space” between development and deployment, and fielding and feedback. There was a significant appreciation for the important role customer feedback plays in providing the right capabilities, and it was clear we had to integrate a smart sustainment plan.
Forging Ahead
To realize its vision, ACT developed two separate but interdependent functions, indicated by a loop that encompasses critical features of the program (Figure 2). While ACT’s Forge ensures the rapid development, assessment, integration and acquisition of cyber solutions, its Armory serves as the systems fielding and sustainment hub. ACT’s Forge and Armory are individual mission elements that are inherently interconnected and have a unique collaboration that changes the game for cyber acquisition.
The Forge and Armory exist to provide cyber Soldiers the tools, innovation and solutions to ensure they are ready to fight unseen and agile threats right now. The Forge and Armory were built specifically to:
- Facilitate rapid and agile acquisition solutions
- Close capability gaps when they are identified
- Provide collaboration and synchronization opportunity to the enterprise
- Leverage industry and academia expertise to solve problems
- Continuously innovate
At its core, the Forge is an innovation and integration center focused on the rapid development, assessment, integration and acquisition of new technologies for DCO platforms and capabilities. The Forge leverages Other Transaction Authority (OTA) to rapidly acquire technologies as prototypes and evaluate such technologies for limited or full deployment purposes. The Forge has invested in a groundbreaking, cloud-based innovation pipeline, which has shortened the time-to-prototype from months to weeks, and focuses heavily on collaboration with industry and academic partners to develop inputs and outputs of the Forge. The capabilities developed at the Forge are then provided to the Armory for deployment into the systems used by defensive cyber forces.
The primary mission of the Armory is to support the warfighter by optimizing current systems and capabilities in order to improve operational effectiveness and efficiency. To this end, the Armories are forward-deployed, regional hubs where cyber Soldiers can “check in” and “check out” ready-to-go cyber equipment complete with the latest software and configurations generated by the Forge. Much like a traditional “arms room” that issues Soldiers rifles and other kinetic weapons, the cyber Armory issues Cyber Protection Teams (CPTs) their requisite cyber equipment. By virtue of fielding these systems, the Armory plays a critical role as the customer feedback interface for DCO. And, by integrating the Forge with the Armory, the Forge can rapidly respond to warfighters’ needs by continuously improving existing capabilities and developing new ones.
The Armory provides a sustainable approach to the deployment of DCO cyber platforms by providing a software repository with the latest updates, patches, licensing, support and mission-focused training. Instead of outfitting each individual CPT with equipment, the systems are housed within an Armory, where the equipment is continuously updated and maintained with the latest updates and outputs of the Forge.
The Armory enables ACT to sustain cyber systems within the regional Armory locations, eliminating the logistical challenges of updating across a global, disparate force. This significantly reduces the Army’s cost of system sustainment. DOD’s new guidance stresses the importance of “…a supportability strategy that meets materiel readiness and operational support performance requirements, is safe and sustains the capability in the most cost-effective manner over its anticipated total life cycle.”3 The Armory falls neatly in line with that priority by offering the Army the most cost-effective way to sustain systems, particularly because the systems are inherently dynamic and require regular, ongoing updates.
Putting it All Together
So, how does it work? Before going on a mission, a CPT checks out the latest defensive cyber kit from the Armory. After the mission, they return the kit to the Armory. That’s it. Cyber Soldiers never have to worry about installs, updates, patches, licensing or regular maintenance; the Armory takes care of all that. Once the equipment comes back, the Armory performs routine maintenance, installs the next batch of capabilities and prepares the equipment for the next CPT.
At check-out, the Armory’s technical team receives live feedback from users regarding kit capabilities and systems performance. That feedback is documented and integrated into the next iteration of kit enhancements. The Armory model creates a unique and consistent interface between DCO and cyber Soldiers, allowing ACT to gather feedback from users and adjust capabilities rapidly. While the Armory serves a critical role in the sustainment and fielding of defensive cyber systems, it’s the Armory’s ability to shrink the feedback loop between Soldiers, program office, requirements developer and industry that pays dividends for DCO.
Additionally, upon kit return, the Armory conducts a complete performance analysis, identifies and assesses systems issues, and provides continuous feedback to the Forge for evaluation on whether identified gaps can and should be addressed. This continual loop of fielding and feedback, and development and deployment are at the heart of ACT’s ability to innovate and provide cutting-edge capabilities rapidly. It is this condensed loop that enables the program to provide defensive cyber capabilities at a speed relevant to cyber Soldiers.
From the Soldier’s perspective, the Armory’s fielding capability is efficient and critical. And, its sustainment function eliminates the Soldiers’ burden of regularly maintaining equipment, thus freeing them up to focus on the mission at hand.
The Forge’s innovation in acquisitions and technology (development and deployment), combined with DCO’s programs, and the Armory’s sustainment function (fielding and feedback), all work to encompass DCO’s evolutionary acquisition model. The model represents how ACT aims to provide defensive capabilities to CMF quickly and seamlessly.
DOD’s updated AAF and associated pathways support accelerated timelines that better reflect the current threat landscape. Importantly, the AAF allows for the kind of flexibility that defensive cyber operations require. For organizations in the cyber enterprise, it is critical to tailor a model that best provides our cyber customers with the tools they need when they need them—which, of course, is as close to now as possible.
We’ve often heard it said: Necessity is the mother of invention. Not too long ago, it would have been unimaginable to develop a prototype within a week or two, acquire a capability within a few months and build a “smarter,” more cost-efficient sustainment program that intimately integrates customer feedback, which in turn is used to improve systems almost immediately. But, that is what cyber warfare needs. By creating the Forge and Armory framework, we think the promise of rapid cyber acquisitions is being fulfilled right before our eyes.
ACT’s Forge and Armory construct embody the rapid development, agile framework, adaptable processes and speed that supports and furthers DOD’s AAF strategy. The Forge and Armory have the potential to create long-lasting, positive impacts for the cyber enterprise and for cyber Soldiers at large. Much like the cyber capabilities they deliver, the Forge and Armory processes are continuously being iterated to keep pace with cyber warfare’s operational tempo. The cyber enterprise will never reach its full potential unless we fully adopt an agile way of operating, a flexible mindset and a willingness to step forward in a new way.