Navy leaders try to speed IT acquisition by reinterpreting the FAR
It takes at least six months to get from RFP to a contract award, and "six months is a lifetime when it comes to security," says the Navy's Victor Gavin.
Navy officials are looking for ways to streamline the process for getting new technology into the field.
Vendors will appreciate that Navy acquisition officials are keenly aware of the rapidity with which IT can become outdated and cyberthreats can magnify. Whether that awareness translates into a quicker buying cycle and a shrewder acquisition strategy remains to be seen.
Under ideal circumstances, it takes about six months for the Navy to move from knowing what it wants to buy to awarding a contract, said Victor Gavin, program executive officer for enterprise information systems in the Department of the Navy. That just won't cut it when it comes to IT and cybersecurity, he added.
"Six months is a lifetime when it comes to security, when it comes to our ability to respond to cyber threats," said Gavin, who spoke at an Oct. 27 luncheon hosted by AFCEA's D.C. chapter. "So we can't follow that model moving forward. That's one of the attractive things I see about the 'as-a-service' model. It allows us to make those selections within that…contractual structure while maintaining competition."
He was referring to an approach to buying services as you need them, a method prevalent in the private sector that he would like to see the Navy adopt.
Kevin Cooley, command information officer for the Navy's Fleet Cyber Command, agreed that the service does not yet have flexibility in IT acquisition.
"I think we struggle today as an enterprise...to get the kind of flexibility and responsiveness in our resourcing structure that we need to respond to threats that pop up well inside the typical programmatic cycle times," he said. "And it's something that we struggle with mightily."
Navy officials have two options for getting the Federal Acquisition Regulation -- the vast and at times cumbersome body of rules governing acquisition -- to help them buy IT and cybersecurity-related products and services more quickly, Cooley said. One is to urge Congress to statutorily overhaul the system, but a quicker option might be for Navy officials to use their interpretation of FAR to speed up the process.
When asked how that might work in practice, Cooley suggested labeling IT needs differently to fast-track them. But to more aggressively apply FAR to IT, one has to be intimately familiar with the regulations and how they pan out in practice. And while there is plenty of demand for such experts, they are in short supply, Cooley acknowledged.