DOD Strives To Revolutionize Software Acquisition

Department of Defense (DOD) officials are already looking toward the future and next steps regarding their newly established software creation pathway. For fiscal year 2025-2026, personnel associated with the Defense Department and the project aim to achieve a plethora of goals, such as focusing on legacy programs, maturing software factories, establishing a DOD-wide software factory ecosystem, accelerating the DOD enterprise cloud and modernizing relevant procedures, among others. 

This comes after DOD leaders, including Defense Secretary Pete Hegseth, released the “Directing Modern Software Acquisition to Maximize Lethality” document and posted the corresponding implementation plan for FY 2025-26, according to DOD officials, including George Lamb, director of cloud and software modernization, Office of the DOD Chief Information Officer.

At this stage in the process, DOD officials aim to involve more legacy programs with the new software acquisition pathway (SWP). So far, this goal has been challenging, as it has been difficult for officials to convince legacy programs to make the transition, according to Lamb.

“There haven’t been huge successes in [the] legacy space, but I’d like to see a couple more legacy programs adopting this pathway,” Lamb said during an interview with SIGNAL Media. “I mentioned the National Background Investigation Services; they had some issues. They were an early pathway program. They kind of deviated, went down some troubling spaces and now they’re coming back as a software pathway. They’re staying on the same process, but they’re just getting retooled to be successful in the future.” 

Putting more focus and emphasis on addressing legacy programs will ideally allow these platforms to become more advanced and modern. Currently, legacy programs are designed with traditional processes, or “Waterfall,” but DOD officials are working toward pushing them in the direction of the SWP, according to Lamb.

Additionally, crews are striving to apply the development, security and operations process (DevSecOps), along with the SWP, and connect them to legacy programs, Lamb added.

Secondly, crews are working on maturing software factories. These are people, tools and processes that allow teams to constantly deliver value by launching software “to meet the needs of a specific community of end users while enabling continuous rollout and cutting-edge cyber resilience,” according to the DOD officials who authored the Software Modernization Implementation Plan for FY 2025-26. Furthermore, these officials want to make the software factory ecosystem the default option for mission owners, an idea that Lamb agrees with, considering the versatility of software factories.

“[A software factory is] really just a group of people in a domain area that are producing software using this DevSecOps process, and I see more domains being applicable to it, [along with] more sharing,” Lamb said. “A lot of the tooling that everyone uses to develop software, it’s the same at the base level. It’s either some kind of continuous integration/continuous deployment pipeline, GitHub or GitLab or tracking tools like Jenkins, and a lot of these are consistent.”

“So, developing that underlying sort of base knowledge—almost like your platform engineering capability—and then on top of it, taking the different domains and using all that tooling effectively with all the new processes, so that maturation optimization, I think, is happening right now.”

Thirdly, officials aim to accelerate the DOD enterprise cloud in connection with the software acquisition modernization plan. Pentagon leaders can now truly attack this goal after announcing in December 2022 that they were awarding the Joint Warfighting Cloud Capability to Amazon Web Services, Google Support Services, Microsoft and Oracle. With this crucial multi-award contract, cloud services can have direct contracting access, which saves the DOD time and ensures that the soldiers are ready for battle. Despite this considerable development, Pentagon officials are looking to expand this courtesy to small businesses and niche providers. These types of organizations also play a huge role in the innovation space, and they need the same access as the cloud services to maximize innovation opportunities, according to DOD personnel. 

Finally, crews are working to modernize procedures to allow for enhanced resilience and speed. To accomplish this, officials stress the importance of reviewing and updating policies, regulations and standards. As simple as it sounds, removing red tape and barriers surrounding software innovation and delivery would get software into the hands of the warfighter more quickly. Additionally, Pentagon personnel endeavor to create and enforce software security standards. For example, one idea stated in the Software Modernization Implementation Plan FY 2025-26 is to establish a rule mandating that software creators “meet or exceed performance metrics for following secure coding practices.” This rule will ideally protect software against the evolving cyber attacks of today’s technological environment.

The new SWP is a DOD effort to modernize the development and delivery of software-based technologies and capabilities to soldiers in the fight. Pentagon officials are now shifting away from the traditional acquisition strategy of emphasizing hardware-based timelines, which took too long, and moving toward a clearer and quicker way for software acquisition and development, according to DOD officials. This transition coincides with the DOD’s goal of opening doors to the creation of advanced innovations and delivering those products quickly to ensure that warfighters are prepared for the battle. It highlights the significant shift that the modern battlefield is undergoing, including the crucial role of software, as evident in the Russia-Ukraine war. And by observing the battle environment in Europe, officials decided that changes must be made to ensure that U.S. leaders and troops are ready.
 

“If you look at modern warfare, the way that information affects decisions on the battlefield is very different than it’s ever been in the past. New kinds of data, new sensors, new technologies and the evolution of drone technologies from an interesting concept to the leading edge of what’s happening in the Ukraine-Russia battle. The speed of that shocked people, and it’s mostly done with software.”

“We’re trying to align the way that fundamental software and information are applied and leveraged,” Lamb added. “You can’t do it on a long cycle, but you have to be able to get the change, stay ahead of whatever your adversary is doing and modify the software infrastructure.”

DOD personnel are seeing success surrounding the SWP, as over 80 programs are now using it. But looking ahead, the Pentagon is striving to transition every program over to the strategy.

“This is a much better way to operate,” Lamb said. “Now, let’s keep scaling it.”

“In the memo, it says that DevSecOps and the SWP should be the default way going forward,” Lamb added. “So, it’s really telling the department: we proved it, the pilots are successful, this is a much better way and it addresses the needs that we have. So, this is now becoming our standard policy, our standard operating procedure, and I think we’re going to see continued growth from the 82 to 84 programs into all the programs. Or, it’ll be the default, and there’ll be a few that are exceptions, and I think those exceptions will probably trickle down as this becomes a normal procedure.”