The Defense Department needs to rethink how it buys and develops software, according to Defense Innovation Board report.

The Defense Innovation Board warned that the Defense Department’s age-old approach to software procurement and development could dull the military’s technological edge.

“A large amount of DOD’s software takes too long, costs too much, and is too brittle to be competitive in the long run,” the board said in the study’s executive summary of its Software Acquisition and Practices report. “If DOD does not take steps to modernize its software acquisition and development practices, we will no longer have the best military in the world, no matter how much we invest or how talented and dedicated our armed forces may be.”

The SWAP study was mandated by the National Defense Authorization Act in fiscal 2018. It examines how the agency procures and advances software and offers recommendations on how it could do so more efficiently.

The board noted that the study largely echoes recommendations and conclusions drawn from past studies, and particularly a 1987 Report of the Task Force on Military Software by the Defense Science Board.

“This particular assessment, from over 30 years ago, referenced over 30 previous studies and is largely aligned with the assessments of more recent studies, including this one.”

In its latest study, the board emphasizes three “overarching themes” that are critical to their findings. First, the study identifies speed and cycle time as the most important metrics for software. It notes that most Defense software projects use “waterfall development processes” that take years to identify requirements and select contractors, and by the time the projects come together, the software or tactics may be outdated.

Because software is made for people by people, the report notes that digital talent matters. Yet it argues most of Defense’s human resources policies are not “conducive to attracting retaining, and promoting digital talent.” The board said while DOD presently has military and civilian expertise, it’s not taking advantage of its internal personnel through pay bonuses, outlined career paths, or access to early promotions.

The board also iterates that software is different from hardware. Though Defense buys software in the same light that it does hardware, it should actually be developed, deployed and improved using different and less-linear cycle times.

“The current approach to acquisition was defined in a different era, for different purposes, and only works for software projects through enormous effort and creativity,” it said.

The board organizes its specific recommendations for the Pentagon into “four lines of effort” that bring together multiple defense stakeholders.

It suggests that Congress and Defense must refactor statutes, regulations and processes for software to allow for more rapid deployment and continuous improvement to the field.

It also said the Armed Services and the Office of the Secretary of Defense should create and maintain cross-program and cross-Service digital infrastructure and eliminate existing hardware-centric regulations and barriers. The board also recommends they establish new paths for digital talent by presenting software development as a high-priority career track.

Defense and industry should also work together to change the actual practice of software procurement and development by modernizing approaches in a way that prioritizes speed as the most critical metric.

“In many ways this mission is as challenging as any combat mission: while participants’ lives may not be directly at risk in defining, implementing, and communicating the needed changes to policy and culture, the lives of those who defend our nation ultimately depend on DOD’s ability to redefine its approach to delivering combat-critical software to the field,” the board said.

Air Force’s New Fast-Track Process Can Grant Cybersecurity Authorizations In One Week

By Aaron Boyd,
Senior Editor, Nextgov

MARCH 27, 2019

The process is a mix of quick but comprehensive testing up front followed by continuous monitoring through the life of the app.

The Air Force is taking one of the longest, most difficult, critical aspects of cybersecurity and IT deployment in the public sector and fast-tracking the process.

Last week, Air Force Undersecretary Matthew Donovan signed a memo authorizing officials to grant IT systems an authority to operate—the designation certifying the application is reasonably secure from cyberattacks—on an expedited timetable.

Obtaining an ATO is often an arduous process that can take months, especially for military systems that are constant targets for bad actors worldwide. During pilot tests earlier this year, officials at the Air Operations Center used the Fast-Track ATO process to certify a system in just one week, according to Frank Konieczny, the Air Force’s chief technology officer.

Prior to developing the fast-track process, the Air Force relied on the Risk Management Framework, a schema developed by the National Institute for Standards and Technology to establish a baseline cybersecurity posture. However, that largely led to check-the-box compliance rather than real security, Konieczny said during a panel Tuesday at the RSA Federal Summit.

“People always complained RMF was too long, too onerous and didn’t provide anything except a lot of paperwork,” he said. “So, now we’re trying to get back to the operational side, let’s look at it from an operational viewpoint: What do we really need to do to actually support it going forward and doing it faster than just paperwork?”

Rather than go through each security control individually, the fast-track process allows project owners to run a penetration test—in which cybersecurity experts attempt to break the system—to establish a security baseline, then incorporate continuous monitoring of those systems into the future to ensure it remains secure.

“It comes down to the premise that RMF is a compliance issue. It doesn’t mean you’re secure, it means you’re compliant,” Konieczny said. “We’re saying, basically, if you want to do a fast ATO, you need to think about looking at some of the controls that you’re going to monitor, doing a pen test and doing continuous monitoring after that. … The pen test will actually answer some of those controls [questions] right away. And it’s a better case because it’s not just compliance anymore, it’s how you operationally put the information out there.”

Agencies are expected to spend more on cloud, digital services

If current trends continue, the federal government could spend more than $93 billion on IT in fiscal 2020, according to projections from Bloomberg Government analysts. In the wake of analysts calling for a recession this is interesting news.

The administration’s 2020 budget proposal isn’t expected until at least March 11—another government shutdown could push that out further—but the federal IT budget has grown about 5 percent annually in recent years.

“Based on historical spending trends, we’re looking at between $93 and $94 billion in an IT budget, about half of which will go to civilian agencies and the other half will go to the Pentagon,” Bloomberg Government Federal Market Analyst Chris Cornillie said Tuesday during a webcast.

Cornillie noted a spike in IT contract spending from fiscal 2017 to 2018, jumping from about $59 billion to $64.7 billion. Bloomberg analysts expect that trend to continue based on ongoing programs and initiatives, bringing the projected 2020 contract spend upward of $68 billion.

Cornillie also offered projections on three major IT areas: artificial intelligence, cloud and digital services.

The latest push to incorporate AI technology in government—the White House’s American AI Initiative launched Monday—does not include any funding, but Bloomberg analysts have found an increase in spending among civilian and defense agencies. This information is invaluable for Vendors interested in getting on schedule.

Agencies spent $592 million on AI and machine learning technologies in fiscal 2018, including the first $100 million AI contract, awarded by U.S. Special Operations Command. Spending could increase in 2019 by more than 40 percent to $850 million, according to projections, with defense agencies outspending their civilian counterparts by about $50 million.

While AI is one of the biggest buzzwords in tech, cloud will remain the top IT spending category in the coming year, according to Bloomberg analysts. Spending on cloud services has grown by 18 percent in civilian agencies and 28 percent in the Defense Department, bringing the total spend to $4.1 billion in fiscal 2018. Based on current trends, analysts expect cloud spending to top $5 billion before the end of 2019.

A good portion of that spend will come from defense agencies, including initial outlays on major contracts like the $10 billion Joint Enterprise Defense Infrastructure and Defense Enterprise Office Solutions contracts, which are both on track to be awarded this year.

“Although the Pentagon is a relative latecomer to cloud computing, spending on cloud at the Pentagon is increasing dramatically,” Cornillie said.

Spending on digital services—things like citizen-facing apps and web portals—has also been on the rise, gaining 5 percent to 10 percent annually in recent years. Agencies spent $4.3 billion on these services last year and are on track to spend $4.6 billion in fiscal 2019.

Bloomberg analysts also noted this will be spurred by the December passage of the 21st Century Integrated Digital Experience Act, or 21stt Century IDEA, which requires agencies to improve digital services within the next two years. Spending for the Government is affected by recession luckily for all Government Contractors or those slick enough to get onto a GSA Schedule.