The Next Evolution of Devsecops For The Defense Department

By Jonas Lazo, Vice President of Digital Engineering, Sev1Tech

The White House recently proposed an $842 billion budget for the Department of Defense (DOD) for 2024, emphasizing the Administration’s commitment to continue the DOD’s IT modernization momentum. IT modernization initiatives will be especially crucial in reaching the Department’s goal of fully adopting a Joint All-Domain Command and Control (JADC2) posture, a concept that aims to unite all the armed forces and their networks.

JADC2 is necessary for the future of American defense, but it cannot be achieved unless legacy software and vendor lock-in are eliminated and an interoperable system is established. For many years, a posture of secrecy was leveraged to keep the country and its warfighters safe. Unfortunately, this mentality has created a level of disconnect between the service branches and formed a culture of mistrust regarding sharing information about ideal modernization initiatives and technology.

To overcome these challenges and make JADC2 a reality, the DOD will need to implement a new approach toward deploying robust technology to support mission success and adopt policies that ensure technology is used to its fullest extent and can evolve as needed without sacrificing security. A “software factory of the future” approach can enable DOD to achieve these key goals. This DevSecOps-based mindset creates a software foundation with built-in security that can be modified and tailored to the organization with a common pipeline and basic connectivity. This mindset will allow the DOD to become more agile and evolve quickly.

The challenges of a multi-service organization

One of the most well-known challenges facing the DOD is legacy technology. In addition to being expensive to maintain, legacy technology is often more difficult to operate, especially when integrating with newer, modern technologies. These outdated systems that are extensive and complex to integrate also make adding advanced security or incorporating holistic network security more challenging, creating an open door for vulnerabilities.

Another obstacle to modernization is vendor lock-in. Vendor lock-in hinders the ability to easily transition to a new service provider due to financial or technical complexity. It prevents the DOD from removing technology that no longer serves its mission or acquiring tools that can meet evolving threats, often restricting its path forward toward modernization.

While these two obstacles are gradually becoming less common, the DOD continues to struggle with a mentality of distrust. The service branches often only trust technology that is specifically developed for them. While there are admittedly some security concerns to consider, this frequently prevents the service branches from sharing valuable learnings and knowledge with each other. To accelerate the IT production pipeline, service branches should communicate with each other and share best practices so that technology and processes can evolve.

Cultural transformation enables digital transformation 

One of the keys to overcoming roadblocks to digital modernization is encouraging a cultural evolution in the organization and adopting mentalities that will support modernization progress over the long term.

This cultural evolution includes prioritizing warfighter-centric design. Warfighter-centric design includes and consults these end users throughout the development, testing and implementation process. This approach allows the warfighter to become familiar with the technology before ever using it in the field and gives them the opportunity to share concerns and perspectives as it is being developed. Warfighter-centric design is a key component of modern DevSecOps, which aims to allow warfighters to focus more on their mission and less on cyber concerns when on a battlefield. A software factory of the future approach can overcome all these challenges, and an excellent example of it being put into practice is the U.S. Coast Guard’s digital modernization efforts.

Laying the Foundation for DOD Modernization

Recently, the Coast Guard has begun to develop its own software factory of the future based on previous work by the Navy. Through a collaborative approach, the Coast Guard is building upon the Navy’s initial modernization work and advancing its own more rapidly by learning from the Navy’s previous experiences. Conversely, the Navy also stands to reap the benefits because of the foundational nature of software factory of the future, which can enable the Navy to use the technology developed by the Coast Guard to fit future needs it may have.

Service branches working together and creating a collaborative ecosystem via a software factory of the future approach will be essential for the DOD’s digital modernization efforts and our nation’s future defense capabilities. It will require defense leaders and warfighters to adopt an agile mindset and workflow so that everyone can work together cohesively — with open lines of communication — to achieve mission success. While legacy software, a self-reliant mindset and vendor lock-in are challenges, they can be overcome by shifting long-held mindsets, prioritizing warfighter-centric design and adopting a software factory of the future approach.

About the Author

Jonas Lazo is Vice President of Digital Engineering at Sev1Tech. He has deployed enterprise-level applications for Navy and Marine Corps operations and led DevSecOps design-thinking workshops with the Navy, USMC, Army and USCG. A cleared IT/Software Engineer and registered Agile Coach, he was formerly the Navy Technical Warrant Holder for Cloud Computing as a Navy civilian, where he authored the Naval Cloud Playbook and Cloud Reference Architecture engineering/cybersecurity standards for cloud migration.