Software factories across the Defense Department have secured buy-in from defense leadership even as these factories test the military's ability to bend its culture to adapt to the needs of software development.
The factories achieved buy-in when military leadership witnessed success in recent test cases and the necessity to make changes to keep up with the needs of a digital battlefield. “The arena for this war exists in cyberspace,” said Anjana Rajan, Assistant National Cyber Director for Technology Security, at GovCIO Media & Research’s CyberScape event.
Key to these efforts is an increased focus on workforce development and cultural transformation, Kessel Run Warfighting Architect Bill Torson told GovCIO Media & Research in a recent interview.
“One of the truisms that we see in business now is that every company is a software company,” he said. “Doesn't matter whether you're a manufacturer or a health insurance company or anything, every business is a software company because they have to be. Software is really the core of so much business now, and we're finding that to be true in warfare.”
To develop a tech-savvy, agile, warfighting workforce, culture change starts with the idea that ideas themselves are testing the priorities placed on rank.
“I think the baseline that we've created where if somebody was to start a new software factory today …I think culture is a really interesting baseline from a government perspective,” Torson said. “We have these core values that that we really attached ourselves to early on, which are, continuous evolution, just always iterating, iterating, iterating, not waiting until the end to decide if we've done the right thing, but just continuously iterating this idea of psychological safety, this intense customer focus, and the idea that ideas themselves are more important than rank.”
This philosophy, which can be found across DOD’s software factory ecosystem, directly impacts command-and-control and combat operations in theater.
“To talk about open source [software], we have to talk about the ethos of the system. It’s a beautiful concept — the idea that the ideas of one combines the ideas of another [and] makes us greater as whole, that’s a fundamentally democratic concept,” Rajan said during the closing fireside chat of the CyberScape event. “We’re seeing that in Ukraine. We’re seeing the open-source community come together to build cryptographic libraries that can help defend against Russian cyberwarfare. We’re also seeing it on the data side … changing the way the intelligence game is played. Open-source satellite imagery, geospatial data [are] becoming mission-critical in the way the war is fought.”
Adopting an Agile mindset
The Kessel Run software factory, which supports the operational level of command-and-control for the Department of the Air Force (DAF), sees human workflows and processes as foundational to good software development.
“What we're really doing is taking a model-based systems engineering approach to the human workflows of sense, make sense, and respond,” Torson said.
During the evacuation of Afghanistan in August 2021, the Air Force’s 690th Air Operations Center (AOC) within U.S. Central Command (CENTCOM) needed an update to Slapshot -- an application developed by Kessel Run -- to process evacuees.
“We're doing this mass evacuation of Afghanistan, [and] software Slapshot was taking a long time to load, like a significant period of time to load, because the missions had gone from, you know, 'X' number to a [larger] order of magnitude,” Torson said. “Because we deliver directly to production, because we continuously iterate and because our teams are able to monitor and support our applications 24 hours a day, seven days a week, we were able to respond and fix that problem and upgrade. We're able to do that in hours as opposed to days and got that team running again.”
For Leah Peterson, Kessel Run’s Chief People Officer, success stories like these come down to the people and workforce development.
“The emphasis is, from the DOD level to make sure that our mission is executed in the most timely and effective manner really starts and ends with people management,” she said in an interview with GovCIO Media & Research. “At the beginning and the end of command-and-control are humans. The point of command-and-control is to organize assets. At the beginning and end of software are people again, and at the beginning and ending of war are people. So I try to use that as an analogy like, we have cracked the code on user-centered design for the purpose of technology, and how does my team take that concept and employ it [across mission areas].”
Building recruitment and retention efforts
Given the importance of developing a strong tech and cyber workforce to win future conflicts, DOD is drilling down on recruitment and retention challenges in these areas. The DOD Office of the CIO (OCIO) recently released a cyber workforce strategy, led by DOD Principal Director for Resources & Analysis Mark Gorak.
DOD’s advantage in the workforce race is emphasis on the national security mission, Gorak said in a CyberCast interview with GovCIO Media & Research at TechNet Cyber 2023 hosted by AFCEA International.
“If you look at some Gartner surveys and whatnot, Generation Z is willing to take a 20-25% pay cut if you can articulate what mission they're doing [and] if they're interested in doing that mission, so pay is not necessarily the number one priority for them it's what are they going to do and how can they contribute,” he said.
Gorak wants to increase “permeability” between DOD and industry to allow tech and cyber talent to rotate back and forth between public and private sector positions. This approach, he said, allows talent to advance and excel more quickly in their careers while being available to help DOD solve pressing tech and cyber challenges.
“Let's say a young person comes in to a military department, they serve four or six years there as a cyber analyst, they leave and go to industry. We need to be able to track that person and say, hey, we have this hot cyber topic problem pipeline hack whatever it is, can you come back and work with us for three months or six months or two weeks even, and in that agreement what our plan is we'll maintain your [security] clearance, so that way they get something out of it,” Gorak said. “They get their security clearance maintained and then if we need them, we can contact them. The issues to overcome here are, who's going to do this, who's going to track them, who's going to know to call them when they have a problem.”
Despite shifting attitudes around pay, federal government salary caps still hinder Kessel Run from acquiring best-in-class talent, so Peterson is exploring ways to develop curriculum to upskill workers to better meet mission needs.
“I really strongly advocate that we need to rely upon subject matter experts that are tried and true to develop curriculum, whether that's within government or outside of government for the entire software ecosystem,” she said. “Not just necessarily the cyber workforce, but the software ecosystem in Agile practices, in user-centered design. Design is, I think, really ignored but it is so important when you're talking about that end person. You know, the start person for software is us, and the end person is the user, it's the warfighter. And they need to have a great experience and I think the way that the system is built now could use a lot of help. So where we have the opportunity to advocate for that, we absolutely do, but I think it's something that the DOD needs immediate attention on.”