Pentagon’s Software Modernization Plan Targets Speed

The Defense Department’s new software modernization plan builds on efficiency, warfighter feedback and adapting to rapidly evolving threats, according to DOD CIO for Information Enterprise, Cloud and Software Modernization Directorate, Software Modernization Lead Ana Kreiensieck. 

“The strategy really sets the path right for technology and process transformation, and we focus on delivering resilient software capabilities at the speed of relevance,” said Kreiensieck in an interview with GovCIO Media & Research. “Software modernization really is good for delivering what you need and reducing waste.” 

New Memo Targets Speed

Defense Secretary Pete Hegseth unveiled the department’s software acquisition pathway memo on March 6. The directive, titled, “Directing Modern Software Acquisition to Maximize Lethality,” outlines a comprehensive strategy to shift the Pentagon’s focus from traditional hardware-centric acquisition models to a more agile, software-centric approach.

The initiative, according to the Hegseth, seeks to address longstanding inefficiencies in the department’s procurement processes, ensuring that the Pentagon delivers cutting-edge software solutions to warfighters faster and more effectively. 

“DOD must maximize the use of its existing authorities, contracting strategies and processes for software acquisition,” Hegseth wrote. “This will enable us to immediately shift to a construct designed to keep pace with commercial technology advancements, leverage the entire commercial ecosystem for defense systems, rapidly deliver scaled digital capabilities and evolve our systems faster than adversaries can adapt on the battlefield.” 

Kreiensieck said that the modernization plan builds on the foundation laid by the 2022 strategy and the initial 2023 to 2024 implementation.

“We’re working on software now in small chunks iteratively getting continuous feedback loops right from our warfighters,” Kreiensieck added. This approach, she emphasized, minimizes waste by allowing for quick identification and correction of errors, a stark contrast to the inefficiencies of waterfall-style development. 

Kreiensieck explained agile software modernization efforts at DOD provide for quicker, more efficient and more effective development results for warfighters and taxpayers. This approach, she said, aligns with Hegseth’s embrace of efficiency. 

“It’s much more efficient to fix a system when defects are identified quickly rather than waiting until one big delivery at the end of waterfall development,” said Kreiensieck. 

Focusing on the Software Acquisition Pathway 

In the memo, Hegseth calls for defense units to orient its software contracting toward the Defense Acquisition University’s Software Acquisition Pathway. According to a 2023 Government Accountability report, the department has been slow to follow the pathway and “has not incorporated these principles across all of its acquisition paths.” 

The Defense Innovation Unit (DIU) serves as the “front door” for commercial technology firms to engage with DOD within the modernization plans. DIU director Doug Beck said the Pentagon can streamline the adoption of cutting-edge commercial technologies through the commercial solutions opening (CSO) process and other transaction authorities (OTA).

“The Software Acquisition Pathway demonstrates how the department is building new muscle to break down barriers to adopt the very best tech with the focus, speed and scale required to deter major conflict or win if forced to fight,” said Beck in a March 7 statement. “We look forward to working with partners across the Department to help scale DIU’s proven CSO solicitation process, combined with other transaction authority, to software acquisition across the force. This will make it easier for our teammates everywhere in the department to dramatically accelerate the best technology to the warfighter, at the speed the mission requires.” 

Innovation, speed and modernization work together to support DOD’s mission, Kreiensieck said. 

“DOD is focused on increasing innovation and accelerating the delivery of secure capability to our warfighters,” said Kreiensieck. “Measuring speed of delivery, non-traditional contractor participation and speed to resolve vulnerabilities are some of the measures for effectiveness as well SWP adoption across DOD.“ 

The new guidance will incorporate advancements in legacy modernization and the use of artificial intelligence and machine learning. 

“[Developers] want to use [AI] and so that they can use it in a in a responsible way that helps the department,” she added.

DevSecOps, Feedback and Modernization 

The Pentagon’s approach balances rapid software delivery and robust cybersecurity measures, Kreiensieck said. DOD integrates security practices throughout the entire software development lifecycle, she added, and integrates feedback.

“Speed is security. We actually can do both. That is what is so great about software modernization,” she said. “You’re bringing those cybersecurity people, you’re bringing the testers into be part of the software product team. They say, ‘these are the requirements I have for cybersecurity. These are the requirements I have for testing anything that can be automated goes becomes a part of the continuous integration/continuous deployment (CI/CD) pipeline.'”

“You’re building security and functional testing throughout that process,” she added. You get both. You get something that’s usable and you get something that’s more secure. “

Kreiensieck said feedback is critical to the modernization process at DOD, with constant collaboration between software developers and users. 

“The strategy really sets the path right for technology and process transformation,” Kreiensieck said. “We focus on delivering resilient software capabilities at the speed of relevance… getting continuous feedback loops right from our warfighters.”

“There are definitely success stories of when software developers are able to go literally sit next to the person using the software,” Kreiensieck said, emphasizing the importance of empathy in delivering effective solutions. 

The Hegseth memo builds on ongoing efforts at DOD to speed software development and acquisition across the national security ecosystem, but Kreiensieck said that the work is ongoing. 

“Acquisition reform is wonderful, and it’s the very important start of the process to deliver software at DOD. The challenges after acquisition reform will be the same challenges that we currently have,” Kreiensieck said.”We need to speed up how we authorize our systems when development is complete. We can develop software quickly, but with processes like continuous ATO, we can ensure cybersecurity is baked in from the beginning and operational deployment is streamlined. The authorization process is changing from legacy processes that validate security at the end to using data from the CI/CD pipelines to see real-time security posture on dashboards and to provide compliance artifacts.”

Kreiensieck emphasized that the modernization effort is a “huge cultural shift” for the department, impacting numerous processes beyond technology. The memo is a move in the right direction, she said. 

“It’s hard to shift an organization as large as DOD, but people are seeing the benefits, and that helps,” she said. “That change is happening.”