Thank you for the opportunity to address the Subcommittee on Readiness and Management Support of the
Section 804 of the FY10 National Defense Authorization Act (NDAA) directed the DoD to develop and implement a new acquisition process for information technology systems based on the recommendations of Chapter 6 of the
Defense Business Systems, as defined in 10 U.S.C. 2222, are information systems, other than a National Security System, operated by, for, or on behalf of the DoD, including financial systems, management information systems, financial data feeder systems, and the information technology and cybersecurity infrastructure used to support business activities, such as contracting, pay and personnel management systems, some logistics systems, financial planning and budgeting, installations management, and human resource management. Because NSS tend to be broader in scope with significant interoperability needs and requirements, we use different policies and procedures to acquire these two product categories.
IT REQUIREMENT PROCESS IMPLEMENTATION
To acquire IT, one must start with defined requirements (or capabilities). The Department has worked to condense timelines, increase collaboration between communities, and improve processes to deliver the right capabilities to the warfighter in operationally relevant timelines. The Chairman of the Joint Chiefs has modified the Department's Joint Capability Integration and Development System (JCIDS) by instituting a major change for Information System (IS) requirements development which introduces the "Information Technology (IT) Box," enabling the delegation of authorities to specifically support the more rapid timelines necessary for IT capabilities through the Defense Acquisition System processes. The four sides of the "IT Box" include the organization that will provide oversight and management of the product; the capabilities required; the cost for application and system development; and the costs for sustainment and operations. Under this construct, upon approval of an IS- Initial Capabilities Document (ICD) or IS- Capabilities Development Document (CDD) by the
An example of the Department's recent use of the "IT Box" was through tailoring an IT acquisition that supports the Combatant Commanders with mission planning tools through an automated and enterprise capability called the 'Integrated Strategic Planning and Analysis Network (ISPAN) Increment 2' program. The Vice Chairman
. Time between Milestone B and Initial Operational Capability:
This demonstrates the value of close coordination between the requirements and acquisition process for the delivery of IT capabilities.
DEFENSE ACQUISITION SYSTEM IMPLEMENTATION OF IT
SECTION 933 IMPLEMENTATION
Following Section 804 was Section 933 in the FY 2011 NDAA which required DoD to develop a strategy for the rapid acquisition of cyber tools, applications, and capabilities for USCYBERCOM and other cyber operations components of the military. It specifically requested an orderly process for determining and approving operational requirements; a well-defined, repeatable, transparent and disciplined process for developing capabilities in accordance with the acquisition guidance and policy; allocation of facilities and other resources to thoroughly test capabilities in development, before deployment, and operational use to validate performance and take into account collateral damage, and to promote interoperability, share innovation, and avoid unproductive duplication in cyber operational capabilities.
In response to Section 933, the Department chartered the Cyber Investment Management Board (CIMB). The goal of the (CIMB) is to unite IT policy and operational requirements and identify gaps and resources to enable the rapid acquisition and development of cyber capabilities. The
. enable rapid cyber acquisition and balance investments based on operational need,
. align and synchronize requirements, testing and evaluation;
. facilitate oversight and improve insight of DoD cyber activities and investments, and
. enable integration and transparency among key process owners.
Another Department initiative stemming from Section 933 is the Cyber Acquisition Process Pilot Plan. The plan was approved by the Undersecretary of Defense for Acquisition, Technology and Logistics on
IT has many challenges, of which cyber capabilities add complexity to. Finding the expertise and skillsets required to develop and acquire capabilities for IT systems for cyberspace operations is challenging. For example, one challenge found in the cyber acquisition domain is that many cyber capabilities are not acquired or developed under a traditional acquisition program of record structure because of the funding level of the cyber development efforts. In many cases, a program manager does not exist. The talents we require span Information Assurance, Information Technology, Operations, and in the case of Defense Business Systems, enterprise management. The talent pool is small and rarely meets the level of expertise across the necessary areas; those who possess the required skills are in extremely high demand. Industry faces similar challenges; the Department, other federal organizations, and industry are all seeking the same skillsets increasing the challenge to recruit talent and retain talent.
We are working to address these IT workforce issues. With the assistance of the
We are working to simplify the process of acquisition through a Legislative Review in coordination with Rep. Thornberry, Vice Chairman of the HASC. Additionally, there is also a joint effort for AT&L and the DoD CIO to develop a Cybersecurity Guidebook for Program Managers. This guidebook is being developed to provide program managers clear and concise guidance on what Cybersecurity activities should be conducted at each point in the acquisition lifecycle, while emphasizing early integration of cybersecurity requirements. The purpose is to help program managers ensure cybersecurity is considered in the design of a new capability instead of later on in the process when it may be too costly or take too long to implement it correctly. The Program Assessment Root Cause Analysis (PARCA) directorate works in my organization, which contributes to our understanding of the root cause of IT program failures in order to prevent them from re-occurring. Again, with the help of the DAWDF funding, we will bring back lessons learned to the DAU to ensure we train our people on effective program management, engineering, logistics, contracting, etc.
Another effort to help program managers is adjusting our cybersecurity test and evaluation (T&E) procedures to include early developmental T&E involvement in test planning and execution. The goal is to improve the resiliency of military capabilities before beginning production and deployment. Early discovery of system vulnerabilities can facilitate remediation to reduce the impact on cost, schedule and performance.
One example of this is regression testing, which is a term for tests to ensure that software changes in one part of a system do not break or alter working functionality in another. Every software system requires regression testing. The Director for Operational Testing and Evaluation (DOT&E) is now examining regression test procedures as part of its suitability evaluations. DOT&E has also begun helping some programs convert to automated (vice manual) regression testing so as to gauge the extent of the problem the Department faces. In the last two years they have been able to help the
I would like to conclude with the following key points. The DoD is evolving its approach to IT acquisition. We are off to a good start with the interim DoDI 5000.02 which provides program structures and procedures tailored to the dominant characteristics of the product being acquired and to unique program circumstances, including operational urgency and risk factors. We will continue to work with the DoD CIO to implement IT Policy, and the DCMO to execute to the Business Enterprise Architecture. The Department recognizes the distinct challenges associated with acquiring IT capabilities and we are taking disciplined and proactive steps to improve our processes to compensate for them.
Read this original document at: http://www.armed-services.senate.gov/download/?id=ece37678-a09b-469c-adfc-aa6f90c2cbe0&download=1
Most Popular Stories
- Apple, HP, Intel May Take a Hit from Slowdown in Smartphone Sales Growth
- FDIC Files Lawsuit on Behalf of Banks Allegedly Hurt by Libor Scandal
- Some California Cities Seeking Water Independence
- Motley Crue's Nikki Sixx Marries Model Courtney Bingham
- Chinese e-Commerce Giant Alibaba Gears for IPO in U.S.
- Will Missing Malaysian Jet Prompt Aviation System Change?