Navy’s ‘Black Pearl’ software factory forging ahead toward secret-level authorization

The Navy Department’s “Black Pearl” software factory program is making headway on partnering with customers across the department, as it looks to move its services into the realm of classified networks.

Manuel Gauto, chief engineer for Black Pearl, said the program has gotten “unclassified down,” with the software factory accredited up to “impact level five” data, which includes controlled unclassified information and national security systems.

Now, Black Pearl is looking to get accredited for “impact level six” so it can work with secret-level classified workloads.

“So the folks who aren’t able to operate on unclassified [networks] also have an option,” Gauto said on Federal News Network.

In the few years since it was established, Black Pearl has worked with a range of organizations to deliver DevSecOps software practices, including the program executive office for integrated weapon systems, which runs the Navy’s Aegis Weapon System platform.

Black Pearl is also helping the Rapid Autonomy Integration Lab in their mission to deliver unmanned naval vessels.

“We’re kind of pretty pervasive at this point,” Gauto said.

Navy’s ATO journey

But as it seeks IL-6 authorization, perhaps the most important partnership the Black Pearl program has developed is with the authorizing officials at organizations across the Navy. The offices that grant or deny authority-to-operate packages are often seen as a barrier to new technologies, including agile software development services.

Gauto said his initial approach with authorizing offices was “less diplomatic” as the program worked to gain ATOs.

“Now, we’ve brought in a lot more people,” Gauto said. “We have a cyber team on Black Pearl. We’ve built relationships with the authorizing official team. They now work together to figure out how to get to ‘yes.’ It’s much less adversarial.”

Still, Gauto said he would choose security over compliance “11 times out of ten.” He said policy often lags behind technology and threats, meaning Black Pearl has to go above and beyond to ensure its internal systems stay secure, while also working with their customers to secure their software environments.

But Gauto said he believes authorizing officials have the “best interests of the Navy at heart.”

“They want the Navy to be better,” Gauto said. “They want the Navy to be secure. But they also are custodians of this process that has been built upon for a long time now. So we kind of have to slowly guide them into alignment with the newer technologies that are coming out. And I think that’s where we’ve had success.”

The program has also developed guidance for Navy organizations to make it easier to talk with authorizing officials about software containers, Kubernetes, the cloud and other leading edge technologies, Gauto said.

Black Pearl’s ‘Shipyard’

Black Pearl is now developing a new offering called “Shipyard” that Gauto said is “our software factory for delivering to the cloud.”

“It will be the policies and procedures, it will be the rules for the code scanners, it will be a little dashboard or something that’s like, ‘you are good to go or you are not good to go because XYZ,’” Gauto said.

Black Pearl has also developed services that help translate cybersecurity data into “a tool that authorizing officials are familiar with,” Gauto said.

“That’s kind of an intermediate step,” he said. “Let’s at least start leveraging the data and make them comfortable with where the data is coming from. And then we can have a conversation around, okay, well, maybe you can take the data in it’s less transformed form because it actually has even more information that may be more helpful for you. And that’s where we’re really focused. It’s having those conversations with the authorizing officials and in a way, negotiating what they want to see on behalf of the community.”

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.