Slow moving procurement process in the armed forces makes it difficult to have latest IT systems
Richard Wileman
The procurement, by most nations, of major defence information technology (IT) systems has increasingly become a problematic undertaking for their armed forces; and India is no exception. Technology is moving faster than at any time in history, and the nature of the different threats that face democratic nations are developing at an alarming rate. This is partly because the people behind the threats understand what the latest technology can achieve and where there are holes in the security, and partly because by the time IT-based systems are introduced into service, the software and hardware are usually older generations with their vulnerabilities widely known.
Why should this matter to countries, such as India, who undertake large defence IT procurement programmes such as the ambitious Battlefield Management Systems (BMS)? As with many nations, it matters due to the way in which defence procurement is undertaken. In the case of the BMS procurement, its scope, size and complexity are compounded by both the very lengthy timescale that it has already taken to get started, and then inevitably the time it will take to implement it into the Indian Army. The speed of procurement is simply too slow, and I would suggest, the way procurement is undertaken is too rigid, all of which inevitably results in the bidders proposing established, older generation technologies as these are more likely to be successfully evaluated and accepted into service. This means that semi-obsolete technologies are likely to end up being deployed within the Indian armed forces, and will remain in service for decades making the problem of cyber threats even more likely to be realised. To summarise, the pace of technology development far outpaces traditional procurement process.
Most procurement of defence systems tend to be structured to make the act of buying more easily managed, as against ensuring that the procured system is best suited to software updates and migration to more efficient and cost-effective hardware adoption. Almost all IT procurements are made with accompanying through-life support, although these are usually small enhancements to the existing technological approach, but seldom involve a true migration path from an older type of technology to the latest. In the case of the BMS programme, it is likely that the initial system will be based around a set of distributed networks with third party sub-systems supplying and using data. However, the next generation of systems utilise multi-cloud environments where the cloud owners may be from different parts of the armed forces or even other nations and coalition partners, all of which may have different data protocols and security procedures. Indeed, some clouds may be stacked one-inside-the-other like the Russian toy dolls with many individual clouds existing within a larger cloud environment. Trying to include future technology into initial requirements, even over a limited period of a few years, is unlikely to succeed but resorting to buying old technology, in the traditional way, is also unacceptable. So, is there a solution to this apparent dilemma?
Large multi-national companies, such as those involved in banking or aerospace etc. all invest significant amounts of money into their IT systems. They do this because their technology controls almost every aspect of their international operations and any failure of these systems, or a successful cyber-attack, can be catastrophic to the whole business. As a result, their IT improvements are not a series of staccato steps but rather a continuum where the latest technologies are continually incorporated once they have been evaluated and their interoperability and security assured. This means that the IT departments of these companies are continually looking at multiple development paths, where interoperability and migration are all factored into their thinking and the final decision as to which route is adopted to the nature of the evolving cyber threats. Often, these companies employ ‘attack teams’ whose sole job is to attack their own system to find any gaps in their security.
You must be logged in to view this content.