Army software directive aims to improve speed, agility against modern threats
The Army’s new policy on software will better posture it for success on a highly dynamic battlefield, officials say.
The directive on enabling modern software development and acquisition practices, released in March, aims to make sweeping changes to how the service approaches software from requirements, testing, procurement, sustainment and personnel.
“Software more than ever before is becoming or is already a national security imperative,” Margaret Boatner, deputy assistant secretary of the Army for strategy and acquisition reform, said Friday at an event hosted by the Center for Strategic and International Studies. “If you look at the past, software has been an enabler of a lot of our hardware-based capabilities. And now it’s really the main driver of those capabilities. Everything from the goggles we put on our soldiers these days to our radars and our missiles … all the way to our tanks and our helicopters.”
The service wants to be able to go faster — be it buying new systems or making tweaks to existing ones — in this new digital world where the legacy hardware- and platform-centric model is outdated.
With modern software updates occurring on more frequent timelines than hardware, and as the Army faces sophisticated threats that aim to exploit software vulnerabilities, the service wants to be capable of staying ahead of the curve in combat.
“The ability to rapidly develop and deploy and, importantly, enhance those software capabilities over time is really going to make a difference on the battlefield. That’s really what we’re trying to get after with this new policy,” Boatner said. “Those modern and agile and iterative approaches are what’s going to enable us to rapidly upgrade all of our capabilities. That’s why we wanted to do it now.”
In some instances, officials are seeing changes in a matter of weeks.
“We’re seeing instances now … coming out of the European theater where we’re having to adjust to, in certain portions of the fight, we’re on a two-week cycle where we’re updating things and making sure that we’re accounting for new and emerging threats,” Brig. Gen. Wayne “Ed” Barker, program executive officer for intelligence, electronic warfare and sensors, said.
“We also have examples within the CENTCOM [area of responsibility] where some of our programs of records that are operating on an IT Box and have had this kind of ability to adjust quickly. Sometimes it’s days. I mean, we’ve even seen 24-hour turnarounds on the ability to adjust to a threat technique, a change in the threat’s TTPs,” he added, using an acronym to refer to tactics, techniques and procedures. “It depends on where you sit and depends on what tools you have in place from an agile standpoint. And if you have all that in place, that’s what really lends you to be able to have that type of agility.”
Notably, the policy exempts cyber operations conducted by Army Cyber Command.
Reforming the institution
Aside from moving faster on the battlefield, the directive is also aimed at improving how software is developed, delivered, acquired and dealt with across the entire service.
“The goal of the policy is to really just broaden that scope so that everybody can move with agility,” Boatner said. “The bulk of what the policy does is it actually seeks to reform a number of institutional and legacy Army processes that are in place right now so that we can actually do modern software development … The challenge is really in adjusting our own legacy system to accommodate for modern software development.”
One of those key improvements the Army is looking to make is changing the requirements process for software to make it less prescriptive.
“We’re trying to shift away from these very, very detailed and prescriptive requirements documents to much higher-level concise needs statements,” Boatner said. “By making that shift and writing our requirements at a much higher level, I think that it will open the door to more vendors to propose commercial solutions that meet that higher need, as opposed to a 600-page requirement document that is so prescriptive that it almost inherently drives you to a custom solution.”
The Army is also looking at evolving how it tests software capabilities, moving away from clunky singular test events to more regular occurrences.
“What we’re implementing — and it’s really a series of smaller test events, and when we see the opportunity now to use vendor data to fill in the gaps, that’s what we’re going to do. Think of it in terms of a test, fix, test, aspect of things — and you iterate,” Barker said.