he digital environment has fundamentally changed the character of modern warfare. Operational and warfighting successes require that we be ready to prevail in a security environment that is changing quickly and becoming increasingly complex. The growing importance of the digital world on our national security resulting from the rapid rate of technology development, the ease of new technology adoption, and the proliferation of information systems has enabled multiple global players to challenge U.S. superiority.
“Going Digital” is the broad integration of data and application of analytical tools to improve human decision-making, making forces more lethal, more agile, more data-informed, and more warfighter-focused. A true digital transformation accelerates and improves our ability to deliver better outcomes in warfighting, readiness, and speed to capability. Warfighters will use automation, machine learning, artificial intelligence, and advanced analytic
tools to speed and improve their actions and decision-making for a variety of applications, but above all, to defeat our adversaries.
Spurred in part by the Defense Innovation Board’s Software Acquisition and Practices (SWAP) study
with its recognition that software is never done being developed, major changes to acquisition policy, processes, test and certifications are well underway across Department of Defense (DoD) services and are moving at an accelerated pace. DoD’s Chief Information Officer (CIO) established the DoD DevSecOps Initiative (DSOP) and DevSecOps Community of Practice that is already accelerating digital transformation through its focus on security-first modern software development practices, automation, acquisition, education, and commonality of purpose that will drive deep and lasting culture change, agility, and innovation. DevSecOps is a security-focused culture change, merging previously siloed disciplines of development, security, and operations into a cohesive whole. DevSecOps applies advanced practices and automated tooling, accelerating the rate of transformation while reducing software vulnerabilities and risk.
One key focus of the initiative is enabling Enterprise “software factories,” offering automated software tooling, security automation, common services, and standards so warfighter systems and business system developers can more rapidly build, test, deploy, and operate applications that are secure, flexible, and interoperable. The benefits of this common Enterprise approach include eliminating barriers to continuous authorization to operate
(ATO) under the DoD Risk Management Framework.
On Sept 12, 2019 DoD’s Chief CIO published the first version of the DoD Enterprise DevSecOps Reference Design to the public, providing a roadmap to practitioners on the practical application of concepts, practice and tooling. This Reference Design will soon be supplemented with a series of playbooks embodying common practices and implementation guidance for DevSecOps and achieving continuous ATO. These foundational tools will help achieve commonality of practices.
DoD’s digital transformation is a revolutionary development and seeing the pace of change unfolding is remarkable in an area that is consistently thriving on change and new developments. Leadership is actively driving to remove obstacles to success including tackling critical software licensing challenges. While much DevSecOps software tooling is open source, open source does not mean free and many of the most important tools are expensive.
To ensure success, DoD must adopt a flexible Enterprise-wide licensing approach covering a wide span of critical DevSecOps tools similar to what was done with Host Based Security System (HBSS) and Assured Compliance Assessment Solution (ACAS), but much broader in scope and not limited to a handful of vendors. Approaching our licensing challenges in this way will help DoD to reduce costs while enabling teams to leverage best of breed tools to accelerate transformation without having to separately contract for software while simultaneously speeding adoption.
DELTA Resources is supporting DoD in laying the foundation of the Digital Force by providing Acquisition and Systems Engineering Services to enable more agile, scalable, flexible and composable capabilities. DELTA Resources is assisting DoD components in the focus on and development of the architectures which will form the foundation for the Operational Environment (OA) (where the warfighter fights) and Developmental Environment (DE) (where the tools and services are developed). In addition, our company is involved in critical Digital-leaning projects like Naval Tactical Grid Exercise to provide operational context to integrate, consolidate, and rapidly deploy digital
capabilities. We are also providing Systems Engineering Services support to offices, developing standards for future weapon system development, and supporting the first DoD Business Systems to leverage DevSecOps in a DISA-approved commercial cloud environment.
Along with the support of PSC and the critical work by other PSC member companies, these are among the many ways we are collectively enhancing the digital ecosystem to change warfare.
This article was published October 30, 2019 in the Fall 2019 edition of PSC's Service Contractor Magazine. Click here to view the PDF of this release.