The way in which traditional weapon systems develop and mature technology and the fact that the current acquisition process fails to take into account user preferences makes buying information technology (IT) a challenge for the Defense Department (DoD), according to a top Pentagon official.

In IT alone, the DoD spends more than $30 billion annually, William Lynn, deputy secretary of defense, told attendees at a recent Washington, D.C., defense IT acquisition summit.

“So how we integrate IT into our operations and structure (acquisition) is one of the most important determinants of our military power,” Lynn said. “That’s why IT is the focus of the QDR–the DoD’s once every four-year look at the threats we face, how we respond to them and what our national strategy should be.”

Lynn was the keynote speaker for the Defense IT Acquisition Summit, sponsored by Defense Daily, the Interoperability Clearing House, and the IT Acquisition Advisory Council.

IT acquisition is a challenge for DoD for two primary reasons, Lynn said.

First, traditional weapon systems develop mature technology in classified settings. “IT development happens in the commercial marketplace. Mature technology is then imported into DoD systems often with little further modification,” he said.

And, weapon systems depend upon stable requirements, Lynn added.

“But with IT, technology changes faster than the requirements process can keep up. It changes faster than the budget process and it changes faster than the acquisition milestone process,” he said. “For all these reasons, the normal acquisition process does not work for IT.”

On average, it takes 81 months, in DoD, from when a program is first funded to when it becomes operational, Lynn said.

“If we take into account the continued growth of computing power, this means that systems are being delivered four to five generations behind the state-of-the-art,” he said.

The second problem with the current acquisition process is that it also fails to take into account end user preferences, Lynn added.

“Our soldiers are digital natives. IT is a natural part of every thing they do. Many of our enemies are digital natives as well,” Lynn said. “Unless we build systems for technology savvy soldiers, we will continue to limit ourselves in the fight against technology savvy enemies.”

Lynn said a new approach is taking shape inside the DoD.

“We recognize that IT has never been the classic acquisition model,” he added. “The inherent modularity of IT together with its rapid commercialization means that the nature and life cycle of IT platforms differs significantly from other weapon system.”

Similarly, the government’s role in maturing them is different as well, Lynn said.

“With most IT being developed commercially, our primary role is to design system architecture and test vendor components,” he noted.

And future IT systems will be continually modified as they age, allowing old platforms to be used for new missions, Lynn said. “Our approach to acquisition must be mindful of this kind of thinking.”

“We need to encourage the use of commercials technology, we need to emphasize open design protocols that make systems easy to modify, and we need to adopt SOA (Service Oriented Architecture) to allow vendors to be unable to monopolize systems with proprietary technology,” he added.

This approach to IT is already working inside the DoD.

The Navy’s submarine program has been relying on the Acoustic Rapid COTS (commercial-off-the-shelf) Insertion (ARCI) program to upgrade combat systems. With the exception of a few items, all of the hardware and 60 percent of the software on submarines is commercial, Lynn said.

And with open architecture, new capabilities can be inserted each time a submarine returns to base, he added.

“A more nimble IT acquisition process is even more important with the transition away from supplemental appropriations bills, which have allowed us to deliver crucial warfighting technologies outside the usual budget acquisition processes,” Lynn said. “As we return to funding war time programs with a base budget, we need to build greater responsiveness to our standing processes. We need to redirect IT systems from an 81-month march to obsolescence and put them on a path to meet warfighters’ evolving needs.”

Although IT provides the military with tremendous advantages, Lynn acknowledged it is a double-edged sword. As the military grows more dependent on information networks for command and control, intelligence and logistics, and as advanced weapon systems and technologies depend on computer systems and networks, those networks become tempting targets for our adversaries, he added. “All 15,000 of them.”

This includes seven million computers, laptops, servers and other devices, Lynn noted.

“This is not a merging threat. This is not some future contingency. The cyber threat is here today, it is here now,” he added.

More than 100 foreign intelligence organizations are trying to hack into U.S. systems and today, more governments are developing offensive cyber capabilities, Lynn said. “Russia and China already have the capacity to disrupt elements of the U.S. information infrastructure.

And the cyber threat does not end with states. Organized criminal groups and individual hackers are building local networks that compromise computers using bot nets and zombies, Lynn said. Those criminal groups then rent those compromised networks out to the highest bidder, in essence becoming 21st century cyber mercenaries, he added.

Terrorist groups are active on 1,000s of web sites, too, Lynn said. “Al Qaeda others have expressed the desire to unleash coordinated cyber attacks on the U.S.”

“Our defense networks are already under attack. They are probed thousands of times each day. They are scanned millions of times each day, and the frequency and sophistication of those attacks is increasing exponentially,” he added. “It’s an unprecedented challenge to our national security.”

By virtue of its source, speed, and its stealth, cyber warfare marks a new development in the history of war, Lynn said.

While in the 18th and 19th centuries, it took ships days to cross the ocean, and in the Cold War missiles could cross the seas in minutes, today’s cyber attacks can be mounted in milliseconds, he said.

“The speed has profound implications for how we mount a defense. If attacked in milliseconds, we can’t take days or weeks or months to respond,” Lynn added. “We need to respond at network speed before attacks compromise ongoing operations or the lives of our troops. Fortunately, to this point, cyber attacks on our military networks have not cost any lives.”

But they are costing an increasing amount of money, Lynn said.

“In one recent six-month period, the department spent more than $100 million simply defending its networks,” he added. “For all these reasons, the president has called the cyber threat one of the most serious economic and national security challenges we face as a nation.”

The DoD is taking steps to protect and defend its networks. From training and certifying a world-class cyber workforce, to developing doctrine on how the DoD can protect cyber space as a domain, Lynn said. “The ongoing QDR is accessing our current capabilities and will make recommendations on doctrine for the future.”