The Defense Department announced a new software modernization strategy Feb. 8 to organize software development efforts throughout the department in line with current “software factory” efforts, such as Kessel Run, which are based on the DevSecOps philosophy of software development.
DOD’s new approach, which calls for a “department-wide software factory ecosystem,” will not only improve IT efficiency dramatically but also improve accuracy and response times, potentially resulting in more saved lives and less IT bloat and costs.
The announcement comes as Kessel Run, a software factory supporting the U.S. Air Force (USAF), is on the brink of reaching its first minimum viable capability release (MVCR1) for KRADOS, a suite of software applications designed to replace the 609th Air Operations Center’s Theater Battle Core Management Systems (TBCMS).
Kessel Run OpsC2 Product Line Chief Col. James Lotspeich said the goal of the MVCR1 milestone is to shift the 609th AOC’s reliance off of TBCMS and the Master Air Attack Planning Toolkit (MAAP-TK) entirely.
“It’s a big deal. A goal is to fully deprecate TBMCS in time, but for now, the 609th will be trading some inefficiencies for other improvements until we hit our milestone past MVCR1,” Lotspeich said in a statement to GovCIO Media & Research. “Before spring ends in 2022 with MVCR1, 609th will be able to plan, monitor and execute the Air Tasking Order/Air Combat Order (ATO/ACO) using only KRADOS for day-to-day operations with multi-tenant user bases and logically separated data and environments.”
Kessel Run currently has training plans for four KRADOS applications, as relayed by Lotspeich:
- Spacer, "an air space management tool that coordinates and deconflicts air spaces within a set area of responsibility;"
- MaiTai, which allows commanders to see available assets in a secure manner;
- Slapshot, which builds the Master Air Attack Plan (MAAP) and supports global users in the Combat Operations Division (COD); and
- Jigsaw, an interface that helps tank planners "save time, fuel and lives."
According to Lotspeich, the Jigsaw application in KRADOS has saved DOD $500 million in fuel costs and is also used by NATO partners.
DOD’s software modernization strategy will make achievements like Kessel Run’s KRADOS the standard across all military service branches, potentially saving the department billions of dollars in IT costs each year.
“Kessel Run is more than a software factory,” Col. Brian Beachkofski, Kessel Run’s commander and CEO, told GovCIO Media & Research in a statement. “Kessel Run is a DevSecOps unit whose responsibilities are the full scope of DevSecOps. Our model is the right construct to implement the vision for the memo: ‘deliver resilient software capability at the speed of relevance.’ Our support during Operation Allied Refuge and the evacuation of Kabul shows why that full scope leads directly to operating at the speed of relevance.”
DOD’s memo outlining the new software modernization strategy describes a DevSecOps, Agile approach to software delivery that learns and responds to DOD mission needs in real-time.
Beachkofski said one of Kessel Run’s goals is to train airmen to be savvy software engineers to help close the tech talent gap at DOD and help the department shift to a DevSecOps mindset in a sustainable way.
Beachkofski’s vision aligns with comments from Hannah Hunt, Chief Product and Innovation Officer at Army Futures Command, last fall (Army Futures Command is a software factory serving the U.S. Army).
“Kessel Run’s focus on talent acquisition has centered not on recruiting from the private sector, but rather bringing private sector learnings to the Air Force and encouraging servicemen to adopt them,” Beachkofski said. “This has been designed with the intent of building a skill and knowledge base within the Air Force itself.”
DOD also emphasizes the need for improved software supply chain security in the memo describing the new strategy.
Kessel Run Chief Security Officer Brandon Johns said Kessel Run "applauds” recent moves within DOD toward adopting “Software Bills of Materials” (SBOMs) to document every line of code in the software supply chain, but believes DOD should still prepare for breaches despite best efforts to prevent them.
A DevSecOps approach can help with that.
“We build a system that provides us with telemetry and visibility so that we can detect the anomalies that indicate when a product, service, or user isn’t behaving as expected,” Johns told GovCIO Media & Research in a statement. “This allows us early and vital alerting so that we can respond and ensure mission completion.”
DOD’s software modernization strategy positions the department to follow in Kessel Run’s footsteps, but Beachofski said DOD’s definition of a software factory “is slightly out of step” with their definition of DevSecOps. Instead of launching new software factories to release software, Beachofski believes DOD should focus on deploying more DevSecOps units throughout the department to foster Agile culture.
“We need more DevSecOps units and not software factories,” he said. “Kessel Run was founded as a pathfinder to see what works and allow the wider community to benefit from our lessons learned. This is the chance to realize that our differential impact to fielded users at the 609th AOC is directly related to our implementation of DevSecOps and our structure mirroring our strategy. There is an opportunity to use the current focus on DevSecOps to do what we did for cyber operations and combine the required authorities into a single organization that is responsible for all of DevSecOps.”