The Defense Department’s DoD 5000 acquisition model does not acknowledge the fast-evolving nature of cyber threat, so the Navy is now developing new strategies to better counter Internet attacks, according to an official.
“DoD 5000 doesn’t work for cyber defense,” said Kevin McNally, program manager for information assurance and cybersecurity, Navy PEO-C4I, according to Defense Systems. “It’s built for the acquisition of ships, aircraft and weapons systems; full operational capability can take seven years. Cyber attack tools progress far more rapidly than that.”
Navy’s new approach would allow it to work in six-month increments of spiral development, with several efforts working in parallel, McNally said. A group of key naval departments will meet regularly to appraise progress, identify new threats and reassess needs, he added.
The department is also implementing DoD’s more sweeping acquisition reform efforts, dealing proactively with the new measures. Although there is a big push to do acquisition reform, McNally said he has yet to see anything that simplifies IT or cyber acquisition.
For now, the Navy is looking toward some of the advantages of its new approach, such as improved measures to keep up with technology, introducing new commercial products quicker and closing in on evolving threats. The department is also focusing on issues such as identifying network anomalies and behaviors, moving from reactive to predictive measures and addressing the advanced persistent threats and insider threats, McNally said.