The concept of agile software factories isn’t a new one for DoD. They already exist in each of the military services. But the Pentagon thinks the next critical steps are to integrate those relatively small hubs of innovation into one coherent “ecosystem” that shares code across service boundaries, uses a common set of commercial development tools, and drastically speeds up the security approval process for each piece of software that emerges from those factories.
The scaled-up and better-integrated software factories are one of three major objectives in an ambitious new software modernization strategy Deputy Defense Secretary Kathleen Hicks approved last week. The document also emphasizes the need to move the military to a well-designed cloud computing environment and to reform its acquisition and other bureaucratic processes to make them more amenable to software.
“Delivering a more lethal force requires the ability to evolve faster and be more adaptable than our adversaries,” Hicks wrote in a preamble to the strategy, which DoD published Friday. “The department’s adaptability increasingly relies on software and the ability to securely and rapidly deliver resilient software capability is a competitive advantage that will define future conflicts. Transforming software delivery times from years to minutes will require significant change to our processes, policies, workforce, and technology.”
The emphasis on software factories has echoes of the approach the Air Force has taken in its own software modernization efforts, at least in pockets. That service has more than a dozen such factories working within various commands, but also considers them part of one “ecosystem” that leverages Platform One, its centralized DevSecOps environment. The Pentagon formally designated Platform One as a DoD-wide enterprise service in 2020.
While the new strategy doesn’t call on the entire department to move to Platform One specifically, it does point out the need for DoD developers to converge on a “reasonable” number of service providers and software repositories.
“DevSecOps platforms at scale must provide not only technical capability but the processes to attract and onboard customers (e.g., business operations model, sustainment model, and cybersecurity processes),” according to the strategy. “This ecosystem of DevSecOps platforms must also provide a diversity of capability to address the department’s various mission scenarios.”
The document takes a similar posture when it comes to cloud computing services. It doesn’t insist that DoD components use the Joint Warfighter Cloud Capability (JWCC) contracts the department is preparing to award to four major cloud companies, but does emphasize the need for a sensible “portfolio” of enterprise cloud contracts that eliminate duplication.
“The multi-cloud, multi-vendor approach still holds true,” the strategy says. “The requirement for cloud across all classification domains, from enterprise to tactical edge, is still valid. The need to transition from disparate cloud efforts to a structured, integrated, and cost-effective cloud portfolio remains the department’s intent.”
DoD’s way ahead was clearly influenced by the Defense Innovation Board’s 2019 study on software acquisition, which the new strategy calls out by name.
The imperative to share code and development infrastructure across DoD organizations is one major theme specifically mentioned; reform of DoD’s internal acquisition and budgeting processes to make them more compatible with the quick clip of modern software development is another.
The department has already made some inroads toward implementing the DIB’s recommendations by creating a new software-specific “pathway” in the latest rewrite of its main internal acquisition instruction (DoDI 5000.02), but the strategy says leaders need to do a lot more, including by updating other policies and informal guidance that makes modern software development harder than it needs to be.
Those forthcoming reforms also have to include very serious changes to how DoD thinks about its workforce, the strategy says.
“Developers are not the only ones who can impact software modernization. From infrastructure managers to operators, the entire workforce has the opportunity to help evolve technology,” Defense leaders wrote. “The department must drive toward a technology-literate workforce, not just the warfighter but all those who serve the various missions of defense. The entire workforce must understand their role in delivering software and find ways to streamline processes, push for automation, and better leverage technology.”
Although last week’s document is a fairly comprehensive articulation of DoD’s big ideas for how to make its software practices more relevant to real-world demands, it doesn’t actually say how the department will achieve those goals.
That much more difficult task has been handed to a working group made up of leaders from the offices of the DoD CIO, the undersecretary of Defense for acquisition and sustainment and the undersecretary of Defense for research and engineering.
Hicks’ memo approving the strategy gives that body, the Software Modernization Senior Steering Group (SWSSG), six months come up with a detailed implementation plan. Once that’s done, the same group will continue to meet after that to make sure the department is making measurable progress. The strategy itself calls for action plans that will be updated and reassessed each year.
“The SSG will develop performance metrics to measure progress against meaningful operational outcomes and reassess the action plan regularly to ensure that priorities and target activities remain relevant and of value,” according to the strategy. “They will follow this strategy’s publication with various guidance documents (e.g., policy, reference designs, and standards) to support implementation and ensure integration with other initiatives like [Joint All-Domain Command and Control], zero trust, and electromagnetic spectrum superiority. Additionally, they will establish a software capability portfolio to integrate activities, shape budgetary decisions, and ensure the smart investment of resources.”