The Defense Department released its Software Modernization Strategy focused on delivering at the “speed of relevance” to accomplish the goals of accelerating the enterprise cloud environment, establishing a department-wide software factory ecosystem, and transforming processes to enable resilience and speed.
Implementation of the strategy, which replaces the 2018 DoD Cloud Strategy and is part of the DoD Digital Modernization Strategy, will be led by the DoD Chief Information Officer, the Under Secretary of Defense for Acquisition and Sustainment, and the Under Secretary of Defense for Research and Engineering through the Software Modernization Senior Steering Group, Deputy Secretary of Defense Kathleen Hicks said in a memo accompanying the new strategy. The steering group is tasked with delivering an implementation plan within 180 days.
“Delivering a more lethal force requires the ability to evolve faster and be more adaptable than our adversaries,” Hicks wrote. “The Department’s adaptability increasingly relies on software and the ability to securely and rapidly deliver resilient software capability is a competitive advantage that will define future conflicts. Transforming software delivery times from years to minutes will require significant change to our processes, policies, workforce, and technology.”
Declaring at the outset that “now is the time to be bold,” the strategy stresses that the intended outcomes are shifting secure software delivery left through modern infrastructure and platforms and enabling this shift through true process transformation and people development.
“DoD must review and modernize requirements, budget, acquisition, and security processes to take advantage of new approaches and technologies, ensuring not only speed, but better quality and protection,” the document states, adding that “fighting and winning on the next battlefield will depend on DoD’s proficiency to rapidly and securely deliver resilient software capabilities” and the department “cannot rely on antiquated platforms and processes of the past, and cannot do it alone.”
The strategy outlines the unifying principles of “aggressively adopting modern software development practices that effectively integrate performance and security throughout the software development lifecycle,” accelerating cloud adoption, ensuring “collaborative stewardship of enterprise capabilities,” training and leveraging “an upskilled workforce,” and ensuring that policies, processes, and standards from contracting to intellectual property rights “not hinder but empower the vision of this strategy.”
“The approach is practical — unify efforts across DoD and partner with industry-leading software institutions to produce a portfolio of best-in-class software capabilities enabled by DoD processes,” the document says. “These capabilities must augment and integrate with other infrastructure components to include Zero Trust Architectures (ZTA), electromagnetic spectrum capabilities, and a growing inventory of connected military devices.”
The strategy is open to multiple avenues of buying or developing software, taking into account the technical enablers necessary to “address mission requirements, enable interoperability, and ensure security”: the DoD Enterprise Cloud Environment, automated design patterns, DevSecOps, and enterprise services.
“The software modernization framework recognizes that processes must change to take advantage of new technology. These changes must consider not only pace and agility, but incentives to facilitate new behavior, policy updates to allow for innovation and experimentation, and a shift from software compliance to operational readiness,” the strategy continues. “At DoD’s scale, these changes should start small but allow for incremental growth and eventual enterprise adoption. Desired outcomes from transformation efforts include shortening acquisition timelines, providing economic incentives to break down siloed business operations and independently managed services, and reducing the lead time for cybersecurity compliance.”
Areas noted for process transformation include business operations, acquisition, cybersecurity, testing, and building and retaining a technology-literate workforce.
For the strategy’s first goal of accelerating the DoD Enterprise Cloud Environment, the department intends to have “a meaningfully differentiated set of enterprise contracts that leverages existing acquisition success while avoiding duplication,” secure data by “improving authorization processes and establishing DCO in the cloud,” use automated design patterns across DoD to promote “consistent and robust architecture, up-to-date security, and a faster path to deployment,” and prepare infrastructure outside the continental United States.
The second goal of establishing a software factory ecosystem includes advancing DevSecOps through enterprise providers, accelerating software deployment with continuous authorization, driving reciprocity of tools with an enterprise repository, streamlining control points for seamless end-to-end software delivery, and ensuring speed that “cannot allow digital infrastructure to become stale.”
The third goal of transforming processes to enable resilience and speed focuses on evolving policy, regulations, and standards; making acquisition more agile; ensuring “appropriate data access and appropriate data rights to develop, maintain, and protect software”; planning “early for the needed skillsets of the future and update hiring processes, career development programs, and workforce incentives to build toward a workplace where the best want to serve and stay”; building tech savviness among “not just the warfighter but all those who serve the various missions of defense”; managing COTS software for efficiencies and effectiveness; and incentivizing the use of enterprise services.
“Software will be the differentiator in the continued defense of our nation and is the building block for emerging technologies. It is a critical asset we must defend and an advantage we must exploit. DoD must take steps to lead in software modernization,” the strategy says, emphasizing “it cannot be overemphasized that the road ahead is bumpy, resources limited, and competition fierce.”
