Modernizing DoD Software Production Jeff Boleng, OUSD(A&S), - PowerPoint PPT Presentation

Modernizing DoD Software Production Jeff Boleng, OUSD(A&S), Special Assistant for Software Acquisition

Guidance and Advice “We have to get a lot better, “We want to develop contracts to support Agile DevOps software faster, more agile” development. Our systems need to be hardware-enabled and software-defined. Software “Implementation of some of the study's development processes are recommendations, such as the creation of different than traditional new acquisition pathways for software and production, development and HON Ellen Lord, USD(A&S) sustainment processes for a new mechanism for authorization to weapons systems. We need a operate reciprocity, are already under way.” software color of money.” “I am committed to creating a culture of creative compliance, “Security is a first order consideration. We need to create a scaling innovation from pockets of secure environment that supports DevSecOps for big defense excellence, and mainstreaming contractors and small innovative companies.” authorities provided by Congress.” “Defense technological advantage today is enabled by “Software development requires different skill sets. We hardware, but its capability is defined by software. There is an need to change how we train and maintain talent. We undeniable urgency to develop and deploy software faster, need to develop centers of excellence with broad reach faster than our adversaries, in order to maintain strategic and across the acquisition and operational communities.” tactical advantage.”

Guidance and Advice

Advice and Guidance

DIB SWAP FOUR LINES OF EFFORT B. Create and maintain cross-program/ A. Refactor statutes, regulations, cross-service digital infrastructure and processes for software C. Create new paths for digital D. Change the practice of how talent (especially internal talent) software is procured and developed

People, Platform, Process People LOE C Platform LOE B  Process LOE A  LOE D Identify Create Deploy Scale Optimize

LOE Executive Champions Process People Platform JOSE M. GONZALEZ Stacy Cummings Executive Director, Principal Deputy Assistant Secretary of Peter T. Ranks Human Capital Initiatives Defense, Acquisition Enablers at United Deputy Chief Information Officer for States Department of Defense Information Enterprise (DCIO(IE))

People Kessel Run in Massachusetts Space Camp in Colorado BESPIN in Alabama Rogue Blue in Nebraska Kobyashi Maru and Section 31 in California LevelUP in Texas Identify high performing SW development ● activities across Services and 4 th estate Create a forum for sharing of best practices ● Railgun Contracting ○ Catapult Recruiting, hiring, retaining ○ Training and education ○ Estimating ○ Project management C2C24 ○ A-RCI NDAA-18 873/874 Agile Pilots ●

People Education and Training ● Surveying available courses ○ Modernizing content ○ In search of vignettes, lessons ○ learned and best practices

Platform Enterprise DevSecOps

Dev OpsSec Sec Ops SecDev ? [SecDevOps | DevSecOps | DevOpsSec] ?

DoD Enterprise DevSecOps Technology Stack PLAN (Exemplar) & DEPLOY DEVELOP & OPERATE BUILD “Continuous Integration & Continuous Delivery” MONITOR TEST Orchestration SECURE Container and Container SCALE Management STORE ARTIFACTS

DoD Enterprise DevSecOps Architecture* Centralized DoD Enterprise DevSecOps Application / Microservices Artifacts Repository Program pulls built by DoD Programs. Continuously pulls Source code Hardens Docker Public repository DoD Enterprise DevSecOps Platform** Artifacts Images and Assesses Open pulls Source Libraries Repository** Microservices Architecture (ISTIO) DevSecOps DoD OCIO/DISA Security Side Centralized CI/CD Car pulls Logs/Telemetry**** Container** pipeline** Fluentd Real- Elasticsearch time pushes pulls Per DoD Service for Kubernetes Service-wide Visibility *each DoD Program can have its own Optional Abstraction Layer with Logs/Telemetry**** instantiation of the DoD Enterprise DevSecOps Red Hat OpenShift or Pivotal Container Platform on any Cloud. Service ** can be installed with single command and deployed on any Cloud. Bare-metal, GovCloud, AWS Secret, Azure Secret, *** could be deployed inside an enclave or on- mil Cloud, C2S, Jedi…*** premises **** gives complete visibilities of assets, security/vulnerability state etc. can be integrated to existing cybersecurity shared services. 13

Why is this so hard?

Program Manager Contract and Incentives Developer Image source: https://psiloveyou.xyz/man-or-marionette-pinocchio-and-the-metamorphosis-of-manhood-f92ff2bf099c

PEO Program Manager Contract and Incentives Developer Image source: https://psiloveyou.xyz/man-or-marionette-pinocchio-and-the-metamorphosis-of-manhood-f92ff2bf099c

Service Acquisition Executive PEO Program Manager Contract and Incentives Developer Image source: https://psiloveyou.xyz/man-or-marionette-pinocchio-and-the-metamorphosis-of-manhood-f92ff2bf099c

Congress FAR, NDAA, Appropriations Bill, Statute OSD DFAR, 5000 series Service Acquisition Executive Service Acquisition Regulations PEO Program Manager Contract and Incentives Developer Image source: https://psiloveyou.xyz/man-or-marionette-pinocchio-and-the-metamorphosis-of-manhood-f92ff2bf099c

Congress FAR, NDAA, Appropriations Bill, Statute OSD DFAR, 5000 series Where is the Service Acquisition Executive Operational Service Acquisition Regulations User? PEO Program Manager Contract and Incentives Developer Image source: https://psiloveyou.xyz/man-or-marionette-pinocchio-and-the-metamorphosis-of-manhood-f92ff2bf099c

Congress FAR, NDAA, Appropriations Bill, Statute OSD DFAR, 5000 series And the Service Acquisition Executive Feedback Service Acquisition Regulations Loops? PEO Program Manager Contract and Incentives Developer Image source: https://psiloveyou.xyz/man-or-marionette-pinocchio-and-the-metamorphosis-of-manhood-f92ff2bf099c

Process Adaptive Acquisition Framework

DoD 5000 Series Policy Development Process 19/1540 Jul 19 Revised DoD Instruction 5000.02, Operation of the Adaptive Acquisition Framework Current DoDI 5000.02 DAU Website Revised • DoD Directive DoD Directive 5000.01  CORE A&S ACQUISITION A&S • DoD Instruction 5000.02 5000.01 POLICY • DoD Instructions 5000.xx, (ea. Pathway) - Policy • Functional Policy Documents - Responsibilities • Tables (Milestone Documentation - Procedures Identification Tool) - Decision Points and Phases • Defense Acquisition Guidebook • Other Tools  FUNCTIONAL ENCLOSURES Acquisition Categories and A&S Compliance Requirements Program Management A&S Systems Engineering R&E Developmental T&E R&E Operational & Live Fire T&E DOT&E Life-Cycle Sustainment A&S Human Systems Integration P&R Separately Published Functional Policies Affordability Analysis and A&S Investment Constraints Intellectual Analysis of Alternatives CAPE Intelligence Property Cost Estimating and Reporting CAPE USD(A&S) USD(A&S) Information Technology CIO Human Systems Cost Information OT&E DT&E Systems AoAs Urgent Capability Acquisition JRAC Engineering Estimating Technology Integration Cybersecurity R&E DoD DOT&E USD(R&E) USD(R&E) USD(P&R) DCAPE DCAPE Cybersecurity Urgent CIO USD(A&S) et.al. USD(A&S) USD(A&S) Initiates Comment Adjudication A&S Draft Approved Document Published Formal Coordination Complete 12 USD(A&S) Signature Begin A&S Coordination 19 2 22 19 30 APR MAY JUN JUL AUG SEP OCT NOV DEC Outreach to Industry / Recurring Meetings with Staff/Services WHS Pre-Coordination Formal DoD Coordination, A&S Development, Internal A&S Coordination, Finalize Pre-Signature Review, Final Legal Review, Finalize Document for Signature Draft Review, Revisions, 1st Legal Review Security Release

Software Acquisition Pathway – draft/pre-decisional

Software Acquisition Pathway – draft/pre-decisional

Software Acquisition Pathway – draft/pre-decisional

Notional Software Development Effort (contractor and organic), Defects, and Capabilities Capability Cumulative Defects Cumulative Organic Personnel MVCR Contractor Personnel Testing Personnel MVP

Engagement and feedback • Engagement • May – US Chamber of Commerce • May - 16 th Annual Acquisition Research Symposium • July - feedback session hosted by NDIA, AIA event, quarterly industry association round table • August – PEO forum, SW Acq Pathway wargame • Feedback • Need to better describe linkage to system’s engineering process • How does this map to embedded software? • Where does developmental and operational testing fit in? • This will be hard to estimate cost