The Defense Information Systems Agency (DISA) continues to place a lot of emphasis on cyber security, but is looking for ideas about new tools that could replace existing ones at a lower cost, according to agency executives speaking to the media during the AFCEA conference at the DC Convention Center.
John Hickey, DISA’s risk management executive – who is transitioning into the Cyber Directorate – raised the topic of less expensive cyber security tools. But, he noted, “You have to do sole source in some cases if you really want to get something in a speedy way.”
Alfred Rivera, director of development and business at the agency, said DISA is building a Department of Defense Information Network (DoDIN) laboratory to provide a test bed for evaluating products’ security, interoperability, and performance. The lab will be available not just for DISA’s existing business partners, but for vendors that want to bring in their products for testing and evaluation.
Rivera said the lab is one way for DISA to move its innovation capabilities forward. “We want to have the means to do that,” he said.
DISA’s deputy director, USAF Maj. Gen. Sarah Zabel, suggested that companies really need to give up on offering proprietary solutions, and accept that using open standards will give the Defense Department the option of “mov[ing] away from products, as well as toward them.”
At the same time, DISA officials said their recent well-publicized trips to Silicon Valley were very educational.
“What we’re learning is, they really do have a certain timeline for them to make money, or the [venture capitalists] lose interest,” said DISA’s director, Army Lt. Gen. Alan Lynn. “It seems to be about nine months.”
David Bennett, DISA’s CIO as of May 1, suggested the California companies need to learn how to get into military markets through existing contract vehicles. “The big companies have broken the code and already made their way into DoD, so they can partner [up],” he said.
“One aspect that the vendor community is doing [is] they’re looking at building security in first, as new products and capabilities are deployed,” said Jack Wilmer, who is taking up his new role as vice director of development and business at the beginning of the month. “We’re not [deploying] in a benign environment any more … They need to be building with security from Day 1. That will really help us transition capabilities into the department.”