Accelerating Cyber Acquisitions: Introducing a Time-Driven Approach to Manage Risk with Less Delay

9 Pages Posted: 1 Oct 2020

See all articles by Thomas Klemas

Thomas Klemas

Government of the United States of America - Air Force

Sean A Atkins

affiliation not provided to SSRN

Nazli Choucri

Massachusetts Institute of Technology (MIT) - Department of Political Science

Rebecca Lively

US Air Force Academy

Date Written: October 1, 2020

Abstract

The highly dynamic nature of the cyber domain demands that cyber operators are capable of rapidly evolving and adapting with exquisite timing. These forces, in turn, pressure acquisition specialists to accoutre cyber warfighters to keep pace with both cyber domain advancement and adversary progression. However, in the Department of Defense (DoD), a vigorous tug of war exists between time and risk pressures. Risk reduction is a crucial element of managing any complex enterprise and this is particularly true for the DoD and its acquisition program [1]. This risk aversion comes at significant cost, as obsolescence by risk minimization is a real phenomenon in DoD acquisition programs and significantly limits the adaptability of its operational cyber forces.
Our previous research generated three recommendations for reforming policy to deliver performance at the “speed of relevance” [3]. In this paper we focus on one of the recommendations: “Manage rather than avoid risk—especially time-based risks”. While this advice can apply to many areas of human endeavor, it has elevated urgency in cyberspace. Incomplete risk metrics lead to overly conservative acquisition efforts that imperil timely procurement of advanced cyber capabilities and repel innovators. Effective cyber defense operations require acquisition risk models to be extended beyond fiscal and technical risk metrics of performance, to include risks associated with the cost of failing to meet immediate mission requirements. This paper proposes a time-shifting approach to simultaneously (a) accelerate capability delivery while maintaining traditional rigor, and (b) achieve optimal balance between fiscal, performance, and time risks.

Keywords: cyber, acquisition, innovation

Suggested Citation

Klemas, Thomas and Atkins, Sean and Choucri, Nazli and Lively, Rebecca, Accelerating Cyber Acquisitions: Introducing a Time-Driven Approach to Manage Risk with Less Delay (October 1, 2020). MIT Political Science Department Research Paper No. 2020-7, Available at SSRN: https://ssrn.com/abstract=3703183 or http://dx.doi.org/10.2139/ssrn.3703183

Thomas Klemas

Government of the United States of America - Air Force ( email )

Washington, DC
United States

Sean Atkins

affiliation not provided to SSRN

Nazli Choucri (Contact Author)

Massachusetts Institute of Technology (MIT) - Department of Political Science ( email )

77 Massachusetts Avenue
Cambridge, MA 02139
United States

Rebecca Lively

US Air Force Academy ( email )

Colorado Springs, CO
United States

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Downloads
37
Abstract Views
212
PlumX Metrics