U.S. Army Gets Aggressive on Software Reforms
Army officials expect significant progress in the coming months on modernizing software acquisition practices to develop, deploy and update technology more quickly while also ensuring software cybersecurity.
Service leaders recently approved a new policy directive, Army Directive 2024-02: Enabling Modern Software Development and Acquisition Practices, with two policy goals. First, the service wants to institutionalize modern software development approaches including DevSecOps, or development, security and operations. DevSecOps is a software development approach that focuses on security early in the process. It has become common practice with industry and is being adopted across the military and government.
Second, the policy seeks to accelerate adoption of modern approaches through a dramatic overhaul of the institutional processes underpinning the software development life cycle. This includes requirements, acquisition, contracting, test and evaluation, cybersecurity, cost estimation, data management and talent management processes.
Service officials are engaging in an information blitz to spread word on the changes. For example, Margaret Boatner, deputy assistant secretary of the Army for strategy and acquisition reform, recently engaged in a SIGNAL Media interview. Then, Boatner and Jennifer Swanson, deputy assistant secretary of the Army for data, engineering and software, both discussed the top during separate presentations May 13 at the AFCEA Belvoir Chapter Industry Days event in Alexandria, Virginia. Both Boatner and Swanson then joined Leonel Garciga, Army chief information officer (CIO), the next day with a live and virtual roundtable with reporters.
The policy includes a total of 12 initiatives, all with different but ambitious timelines, Boatner told the Belvoir Industry Days audience. “They’re all aggressive, I’ll say. Most of them are due within the next three to five months. We really have to have these changes implemented.”
While some, such as workforce-related reforms, will take longer, the service already is making significant progress, Boatner added. “We already have programs that are using the new kind of requirements documents templates. We leaned forward and created those. We have programs that are already releasing things. Capability releases used to be every three to four years, frankly. We have programs that are doing it in 12 months, in six months, in two months.”
We’re ditching that old approach of very, very detailed documents. Some of our programs that have already leaned forward in this space have come up with need statements that are no more than 10 pages.
Those requirements documents are now in the form of high-level capability needs statements rather than pages and pages—up to 600 in some cases, Boatner told SIGNAL Media—of meticulously defined requirements. “We’re ditching that old approach of very, very detailed documents. Some of our programs that have already leaned forward in this space have come up with need statements that are no more than 10 pages.”
The software reforms also will influence the service’s processes for adopting artificial intelligence (AI) technologies, Swanson indicated. The service has multiple 100-day implementation plans in play, including one for AI. Those plans will be followed by 500-day plans.
The service is about halfway through that 100-day AI plan, which will end June 30th. It includes five so-called lines of effort: establish an AI foundation to enable the Army’s AI ecosystem; identify data for AI pipeline operations; codify processes and policies to improve performance and cost of ownership over the life cycle of AI solutions; build the workforce to enable AI operations; and build partnerships to accelerate innovation, proof of concept and modernization.
The 100-day plan largely focuses on determining how many AI-related efforts exist across the service, such as within the Army Futures Command, the Office of the Assistant Secretary of the Army for Acquisition, Logistics and Technology, and other parts of the Army. Collecting the information on the number of projects and programs will allow officials to “align them to the lines of effort so that we can see where we are,” Swanson said.
The 500-day plan will likely begin in July and will be more comprehensive. “The 500 days is going to narrow the scope. We’re going to go a lot deeper in the areas that we think are the top priorities that we need to solve,” Swanson said.
Officials also intend to soon release an AI risk framework, which officials say will be called something else to avoid confusion with the existing risk management framework, a process intended to integrate security, privacy, and cyber supply chain risk management into development.
The Army also is creating a software management and response team (SMART) within the CIO’s office to “parachute out and help the field as we implement these new software development approaches,” Boatner told SIGNAL Media.
The new policy gives the CIO about four to six months to establish the team. Two people already have been selected, Boatner said, but the service will continue build the team and to determine where their expertise will be most needed. “They do actually already have a number of efforts that have been identified that they are assisting in real time.”
Garciga added that at least twice a week, his team receives a call for help from a command, division, corps or program manager. “We are living that dream every single day.”
Under another new effort, the Army is establishing the Contracting Center of Excellence for Digital Capabilities at Aberdeen Proving Ground, Maryland, to improve contracting for software. Boatner said the service would take “a handful of months” for the center to reach initial operating capability and that it would be fully operational by year’s end.
Swanson noted that “software drives everything,” including major weapon systems, and added, “We can’t modernize without digital transformation.”
