Platform One Goes Secret
Over the last two years, the Department of Defense (DoD) enterprise software service platform known as Platform One has expanded to provide the military with development security operations (DevSecOps) capability. For the rest of 2024, the Air Force-based organization is further broadening software development solutions for warfighters across key enclaves, explained Lt. Col. Brian Viola, materiel leader, Platform One.
One of Col. Viola’s main goals for Platform One is to expand the platform’s secure software supply chain environment to the secret and top-secret (TS) classification levels.
“We think that is really important,” the colonel said. “For weapon systems that operate in secret and TS levels, to get that secure supply chain to them, you have to make it easy. And today, they're having to do all these moves themselves. So, getting that, and at least doing that first mile for them is going to make it easier.”
For cloud-related options, Platform One is working on an Impact Level 6, or IL 6, environment.
“In getting to IL 6, you do need a cross-domain solution,” Col. Viola explained. “And there is no enterprise cross-domain solution that is approved for Air Force use today. There's AWS Diode, and there's an exception of policies to leverage that in limited circumstances. But that's not just something that is available to any program today. If we could do it for the entire enterprise, and we are partnering with Cloud One and the Cloud-Based Command and Control (CBC2), Advance Battle Management System-related mission on that, we would greatly simplify that for folks.”
That process would involve adroit decision-making about classification levels, especially since Platform One hosts about 1,300 containers through its Iron Bank environment, which is its hardened container image repository that supports the end-to-end life cycle in modern software development.
“What we're trying to do is saying, ‘Let's make smart decisions on what information needs to get pushed up from the unclassified to the classified level, and then make it available for them very, very rapidly at that level,” the colonel said. “We are looking to push at least once a day, but potentially twice a day. We run all of our scans typically twice a day on the low side. But we don't want to push the entire dumpster up there. So, part of this framework as well is likely going to involve a ‘tiering’ of Iron Banks.”
We think that is really important. For weapon systems that operate in secret and TS levels, to get that secure supply chain to them, you have to make it easy. And today, they're having to do all these moves themselves.
Organizations that meet baseline criteria will be pushed up automatically to the classified level. If an approved organization falls short of that criteria, Platform One officials will work with the organization to make sure their digital assets are more secure and hardened to enter classified environments.
Platform One is also looking to further its relationships in the open-source community, such as with the Linux Foundation and vendors to improve containerization.
As for the evolution of cloud and Air Force use of the Defense Department’s Joint Warfighting Cloud Capability, called JWCC, in addition to the service’s own Cloud One environment, the colonel noted that the goal for Platform One would be flexibility.
“We want to be able to be infrastructure agnostic because we know that some of those cloud environments might be tailored for one mission over the other,” Col. Viola stated. “And in those particular cases, we still want to provide them a platform that they can operate on and hopefully drive parody across various environments. Additionally, from an enterprise standpoint, we want to be able to accelerate the instantiation and deployment of those environments.”
In addition, the Platform One leaders are partnering with the Department of Homeland Security, the National Security Agency (NSA) and other organizations to enrich containerization technologies—including commercial and open-source containers—with additional classified information. “So, when those weapons systems at that level look at the risk associated to their mission, they're getting the full picture beyond just what's at the unclassified level. That is one of our big initiatives,” Col. Viola noted.
For Platform One’s development security operations (DevSecOps) platform called Big Bang, the organization is working to deliver that infrastructure and configuration-as-code environment more and more to warfighters at the tactical edge, so that they can harness ongoing integration and continuous delivery software pipeline features. “Really, the focus there is two-fold,” the colonel explained. “One is getting it more to the edge, and then also at the edge—whether it's in the cloud, enterprise or tactical—to be able to streamline the deployment of that particular environment. Another focus area is ease of use.”
The organization continues to advance its managed service offering Party Bus, which provides everything needed for the development and delivery of software, including cloud-native access points, zero-trust architecture, containerization, agile project management, open-source collaboration tools, extended service mesh for Kubernetes for more complex deployments and other tools.
“With Party Bus, it is really about empowering the developer,” Col. Viola said. “Again, it is ease of use and how can we automate solutions.”
In the future, the organization hopes to provide a downloadable, lightweight, pre-configured pipeline version of Party Bus that they are calling Fiesta Wagon, as well as a beta version of the enterprise collaboration tool Parabol, a cost-comparison tool and a DevSecOps research and assessment, or DORA, solution, explained Maj. Camdon Cady, chief of operations and chief technology leader, Platform One.
“If you look across the DoD, most people are not in a DevSecOps paradigm, and by kind of ruthlessly automating and scaling things, we can make that the default so that you don't have to fall into some special category to get to use Platform One,” said Maj. Cady.
Another priority is improving the user experience, said Eileen Avlonitis, Platform One’s chief of customer experience.
With the addition last July of that chief of customer experience role, the organization is placing an increased emphasis on expanding communications with their airmen and military coder community, Col. Viola explained. “We are going to be focusing on better strategic comms [communications], getting what we are doing out to the community and then listening back from them from a requirement standpoint to understand what are we doing right and how can we do other things better,” he noted. “Eileen is heading up that effort.”
“One of the things over the years that I've learned is that engineers [have] built things for customers and users for engineering's sake, not really taking into account what the user needs,” Eileen noted. “And so now, Platform one is listening to the customer more, to ensure that we are being transformational for the users’ needs, instead of delivering some of them something that we think that they want, and it's not meeting their expectations.”
The organization will also continue to provide custom development services for organizations that are looking for that level of service.
“It runs the gamut on what we can provide,” Maj. Cady said. “Sometimes we get individuals who are like, ‘My boss told me to go to Platform One,’ and they know nothing about what Platform One does, or the capabilities that we bring. And then you'll get the other extreme where you have people who are like, ‘I need this exercise containerized capability.’ And so, Platform One, my team specifically, will hear what the requirements are, and try to build to that and then offer opportunities for additional things that maybe they're not thinking about."
