DOD looking to release enterprise-wide guidance on software modernization
The Pentagon’s Chief Information Office is planning to publish new guidance and instruction for the department’s military services and components on accelerating software modernization efforts, according to a senior official.
The new document will be released “fairly shortly,” Kevin Mulvihill, acting principal deputy CIO, said Monday during the Defense Information Systems Agency’s annual forecast to industry. The directives will build upon the Pentagon’s Software Modernization Strategy published in 2022, as well as the follow-on implementation plan published in 2023, he said at the event.
“We’re in the process right now across the various services and components to update their implementation plans in [fiscal ’25 and ’26], with the focus to accelerate those strategic goals, to adopting the enterprise cloud, really looking at the department-wide software factory ecosystem there,” Mulvihill said.
Along with the Pentagon’s enterprise-wide modernization plan, several of the military departments and other DOD components have been moving in recent years to update how they buy, develop and deploy software for their systems. Some of the services — such as the Army — have published their own software modernization strategies, and others have stood up and bolstered their respective software factories.
Mulvihill said there’s been significant progress among the individual services and components, and that all of the key initiatives outlined in the Pentagon’s implementation plan for software modernization were accomplished by their deadlines.
“Hopefully in a helpful way, we’re trying to bound that with the right level of department-wide guidance and instruction that we’ll have out here fairly shortly from the CIO’s office,” he said. “That helps with the instruction, to really try to advance those software factories but do it in such a way that we protect the software development and make it safer and secure.”
A key element to the Pentagon’s software modernization goals is the proliferation of DevSecOps principles and tools across the enterprise. DISA is in the process of bringing two of its major DevSecOps pipelines — the Command and Control Software Factory (C2SF) and Vulcan — together so that they can “combine forces” and offer more tools to users, DISA Deputy Director Christopher Barnhurst said at Monday’s event.
But more work must be done to change the culture around software development and deployment, Barnhurst added.
“Part of the challenge I see is getting folks to buy into that. And not just buy into it but to understand DevSecOps mentality and processes more in the agile development kind of way of thinking,” Barnhurst added. “Along with all of the policy and the tool sets, it’s more of a cultural shift as well that just takes time to get people in a frame of mind.”