It takes years to develop, test and field major weapon systems throughout the Defense Department. But when it comes to cyberspace, emerging threats and capabilities are measured in hours, minutes and seconds. The old way of buying defense systems just can’t keep up.
The Army, however, is applying a strategy known as the IT Box model to deliver faster acquisition decisions for new cyber capabilities. First developed in 2008, the IT Box model is designed to place various cyber tools in overarching requirements definition packages that can be pushed down below the joint level to the individual services. The construct will allow the Army Training and Doctrine Command to rapidly update major cyber requirements documents as new operational needs are identified by Army units, potentially improving response times from years or months to just weeks.
“Cyber doesn’t fit the traditional acquisition process that you would use to deliver a tank,” said Kevin Fahey, executive director of the Army’s System of Systems Engineering and Integration (SoSE&I) directorate, in a post on the Army web site. “As the Army moves from responding to operational needs statements to creating cyber programs of record, we are laying the groundwork to continuously take advantage of the best technology out there.”
According to the Army, it plans to leverage the IT Box model to acquire a broad range of cyber capabilities, including analytics, advanced sensors, forensics, infrastructure and insider threat discovery systems.
The IT Box model was initially developed as a way to improve the Defense Department’s Joint Capability Integration and Development System (JCIDS). The four sides of the box represent the organization that provides oversight and management of the product; the capabilities required; the cost of application development; and the costs associated with sustaining and supporting the product during operations. The Joint Requirements Oversight Council, which sits at the Joint Chiefs of Staff level, is able to delegate requirements management down to the unit level at a sponsoring organization.
“By tailoring the IT Box construct to cyber, we are creating the foundation for rapid response that our soldiers will need for years to come,” said Col. B.J. Stephens, director of the Army’s Cyber Focal, an office under the Assistant Secretary of the Army for Acquisition, Logistics and Technology (ASA-ALT) responsible for coordinating and synchronizing cyberspace requirements across Army program offices. “At the same time, the Army has established the Cyber Acquisition Requirements and Resourcing (CARR) working group to provide Army oversight and governance for cyber IT Box requirements so the right stakeholders are prioritizing the acquisition of each materiel solution.”
In one of the major success stories involving the use of the IT Box model, the Joint Chiefs of Staff delegated responsibilities for tailored acquisitions related to a major mission planning system — the Integrated Strategic Planning and Analysis Network (ISPAN) — to the U.S. Strategic Command. The ability to closely integrate requirements definition with the acquisition process enabled Stratcom and the Air Force to improve the acquisition timeline for ISPAN from more than 5 years for the initial capability to just 15 months for the second increment of the system.
Join the conversation by commenting below. And follow me on Twitter at @DanielVerton.