Issue

The criticality of information technology to the social, political and economic welfare of this country is indisputable. Further, government officials have noted that "America is under widespread attack in cyberspace.” To combat this information warfare, the Defense Advanced Research Program Agency (DARPA) has advanced a four-phase program called the National Cyber Range to enable a revolution in the Nation’s ability to conduct cyber operations by providing a sustainable cyber range. 

The National Cyber Range (NCR) will become a National resource for testing unclassified and classified cyber programs and will provide an environment for realistic, qualitative and quantitative assessment of potentially revolutionary cyber research and development technologies. 

DARPA initiated a review of existing business models that would be appropriate for the NCR.

Solution

CAT was asked to  review all of the traditional models used by the federal government: Government Owned Government Operated (GOGOs); Test and Evaluation facilities of the Department of Defense (T&Es); Government Owned Contractor Operated (GOCOs); Contractor Owned Contractor Operated (COCOs); federally funded research and development centers (FFRDCs); and University Based Research Centers, including university affiliated research centers (UARCs) and Department of Homeland Security Centers of Excellence. CAT reviewed and assessed key components of each facility’s structure and provided an overview highlighting the key attributes of each to narrow the options for the most appropriate business model for the NCR. The reviews also included site visits to a FFRDC, UARC and Center of Excellence where meetings were held with senior leadership to obtain their insights on the viability of their business model for meeting the goals of the NCR.

Result

CAT’s final report recommended the creation of a hybrid business organization model that will provide the NCR the maximum flexibility necessary to address an ever changing and rapidly changing cybersecurity environment. The business model chosen or created to operate the NCR must dovetail with the attributes most necessary for the success of the proposed cyber range. These attributes are: Collaboration, Leadership, Expertise and Management Tools.