Baked-In Security Key to Safely Modernizing ‘Flying IT Systems’

Acquisition officials at the Defense Department, the Air Force and the Navy cited “baked in” security and the middle tier acquisition (MTA) pathway as critical to Agile software development for rapidly addressing technical challenges and empowering warfighters to solve problems as they arise on the battlefield.

There are 86 active MTA programs across DOD since the policy went into effect in 2018. Of those, more than 20 are considered “major capability” and at least 71 are rapid prototyping efforts, noted Assistant Secretary to the Office of the Assistant Secretary of Defense for Acquisition Christopher O’Donnell. One prominent example includes a program to extend the Navy’s Blackwing unmanned air vehicles visibility.

Due to the success of the MTA pathway, O’Donnell hopes DOD can pattern future acquisition strategies after private industry and deploy new technologies faster.

“While the middle tier is intended for programs in five years, the software tier is even faster,” he said during a GovConWire Defense Acquisition Priorities Forum last month. “We must continue to acquire software with greater speed and agility. The software pathway represents a substantial departure from the department’s way of doing business. The software pathway was designed to respond to conditions of uncertainty (threats on the battlefield). The pathway is built on commercial principles like continual innovation and swift delivery.”

The Air Force has about 40 active MTA programs ranging from electronic warfare to re-engineering, according to Air Force Mobilization Assistant for Acquisition Integration Brig. Gen. Scott Martin. The Air Force loves MTAs because they allow the department to innovate with “speed and discipline.”

The Air Force’s new Boeing F-15EX, for example, achieved flight within two years of development approval. The aircraft relies on open systems architecture, which allows for enhanced interoperability and a “plug-in-play of systems” to allow industry and DOD to modernize the aircraft continually, Martin said at the forum.

“Oftentimes technologies are obsolete before they get to production,” he said. “This will allow [us] to update systems as rapidly as possible and meet warfighter needs on the field of battle. It will keep the aircraft viable for many years into the future.”

Other Air Force acquisition priorities include hypersonic weapons and materiel development to protect aircraft and allow secure, reliable communication across systems.

“Advanced control technologies and AI and quantum information science — that’s the major direction where the Air Force [is going],” Martin said.

Bradley Goodrich, deputy director for NavalX, an innovation unit serving the Navy, said NavalX’s goal is to “encourage the Navy to solve its own problems.”

“You have to really hustle the defense acquisition system to perform as directed,” he said during the forum. “We need to train the regular Navy to use the authorities given to us by Congress over the last 20 to 30 years where the Navy can really advance tech quickly.”

“Baking in” security early in the software development process is one of NavalX’s key priorities in this area. Cybersecurity is also critical to Air Force acquisition decisions. Martin said the mission of the Air Force Cyber Resiliency Office for Weapons Systems (CROWS), established in 2016, is to “bake in” cybersecurity early in the acquisition process.

“Our weapons systems are flying IT systems,” Martin said. “They’re all running on software, and they all need to be protected. Strengthening the planning to ensure cybersecurity is built into the system through robust systems engineering early on …getting those into the contract early, so it’s not an afterthought or a fix or a mod to a contract. Cybersecurity is an essential part of keeping the weapons system flying.”