U.S. military experts on Monday said current acquisition rules hamper their ability to respond quickly to a growing number of cyber attacks against U.S. weapons and computer networks and new approaches are needed.
Kristina Harrington, director of the signals intelligence directorate at the National Reconnaissance Office (NRO), said acquisition programmes typically take about two years to initiate and execute, but rapidly changing threats in the cyber domain require a different approach.
“The current acquisition process is not fast enough to keep up with the speed (of the threat),” Harrington said at a space and cyber conference hosted by the Space Foundation. “Two years after we started is too late in the cyber industry.”
Harrington and other government and industry speakers underscored their concerns about growing and increasingly sophisticated attacks on U.S. computer networks and said the Pentagon was working hard to beef up cyber security.
Their comments came the same day that the U.S. government charged five Chinese military officers, accusing them of hacking into American nuclear, metal and solar companies to steal trade secrets, These are the first criminal hacking charges filed by Washington against specific foreign individuals.
Harrington told reporters after the panel that the NRO, which designs, builds and operates U.S. spy satellites for the U.S. military and intelligence communities, was looking at using umbrella contracts with a range of companies that would give it more flexibility to order specific work as threats arose.
She said the agency was historically focused on buying, fielding and operating the best satellites in the world, but the ground networks used to operate them needed more attention because they were increasingly complex and had become a growing target of cyber attacks.
She said she understood that lawmakers need to carefully oversee acquisition programs, but said rapid changes in the cyber world meant the government needed more flexibility to respond than the current acquisition system offered.
U.S. weapons programs are subject to many complex regulations and oversight processes aimed at addressing the cost overruns, schedule delays and other issues that have plagued defense acquisition programs for decades.
Harrington and other officials argue that the cyber domain is fundamentally different and requires different rules than those applied to fighter jets, warships and missiles.
“We need to be looking at a different way of doing things,” Harrington said during her panel discussion, adding that private industry was increasingly driving change in the cyber realm.
William Marion, chief technology officer for Air Force Space Command, said the Pentagon had undertaken a comprehensive review of cyber security issues across the department and was beginning to make changes, but current acquisition rules and oversight still slowed its ability to respond.
Executives at smaller companies say the Pentagon’s bureaucracy also makes it difficult for them to bid for cyber security contracts, which tend to be dominated by big firms like Boeing, Lockheed Martin and Raytheon.