Analysis
Attacks and Vulnerabilities
Critical infrastructure
News
Regulation, Standards and Compliance
System Design & Architecture
Technology & Solutions
Threat Landscape
Vulnerabilities

DoD approves Software Modernization Implementation Plan to simplify mechanics of software delivery

April 12, 2023
DoD approves Software Modernization Implementation Plan to simplify mechanics of software delivery

The U.S. Department of Defense (DoD) announced Tuesday that its Software Modernization Implementation Plan (I-Plan) was approved on Mar. 30 by the DoD CIO. The plan recognizes that software is essential to modern military operations. From business systems to weapons systems, software defines military capabilities, enabling the detection and tracking of adversaries, protecting operations from cyber threats, and improving the accuracy and effectiveness of decisions and actions. Software agility postures DoD to fight and win on the future battlefield and will require department-wide engagement.

The I-Plan identifies an initial set of high-priority tasks primarily focused on the common infrastructure, capabilities, and process transformations required to enable software modernization. The plan identifies key activities, near-term milestones, and responsibilities for driving the process improvements and capabilities needed to achieve the Department’s software modernization vision.

The plan is a follow-on call to action, aiming to establish capabilities that simplify the mechanics of software delivery, allowing teams to instead focus on creativity. The initial set of tasks aligns with the goals of the strategy, leans heavily on initiatives already underway, and is not meant to be all-inclusive. Task execution will rely heavily on partnerships across DoD Components and cooperation with the industry. 

The DoD Software Modernization Strategy compels DoD to be bold in pursuing the shift of secure software delivery left through modern infrastructure and platforms and enabling this shift through process transformation and workforce development. DoD must review and modernize requirements, budget, acquisition, and security processes to take advantage of new approaches and technologies, ensuring not only speed but better quality and protection.

The DoD Software Modernization I-Plan describes the flexible oversight foundation that will allow for the continuous planning and management of software modernization and the FY23-24 priority tasks. The flexible oversight foundation consists of the Software Modernization Senior Steering Group (SSG), a dynamic task planning and management approach integrated with the DoD CIO budget certification process, and a means to assess progress leveraging the Deputy Secretary of Defense’s Management Action Group Digital Modernization Business Health Metrics. 

The FY23-24 priority tasks are organized by tiers under the goals of the strategy and include descriptions, responsible organizations, and near-term milestones, the plan added. “Ultimately, the DoD Software Modernization Implementation Plan postures DoD to fight and win on the future battlefield – which will depend on DoD’s proficiency to deliver resilient software capabilities rapidly and securely. Success will require bold leadership; a Department-wide, collective effort; and passion to achieve a software-empowered DoD.”

The implementation tasks in this plan align with the three goals of the strategy, including accelerating the DoD enterprise cloud environment; establishing department-wide software factory ecosystems; and transforming processes to enable resilience and speed. These components play a role as the DoD continues to pivot cybersecurity toward the principles of zero trust to include activities associated with securing the cloud and improving performance in alignment with NIST SP 800-207. A balance of protections at the perimeter, data, and application layers must ensure robust security and high-quality performance. 

The I-Plan includes the Software Modernization Senior Steering Group (SSG), as a primary governance body for managing the implementation of the DoD Software Modernization Strategy. The SSG is tri-chaired by the Offices of the DoD Chief Information Officer (CIO), the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)), and the Under Secretary of Defense for Research and Engineering (OUSD(R&E)). 

“It includes representation from across the DoD Components and is responsible for prioritizing and driving software modernization initiatives, leveraging the requirements, budget, and acquisition processes of the Department,” the DoD document identified. “The SSG guides and tracks tasks associated with the I-Plan through the Action Officer Working Group (AOWG). For specific tasks that require additional expertise, the SSG through the AOWG may establish a sub-working group or task force to develop a specific product. Once the product is delivered, the sub-working group or task force is stood down.”

The DoD Software Modernization Strategy establishes the framework for planning. All planned and ongoing software modernization initiatives will align with and forward the progress of the goals and objectives of the strategy. Since implementation occurs at all levels of DoD, the SSG will manage initiatives in tiers with Tier 1 focused on priority tasks, Tier 2 on the supporting tasks of the priorities, and Tier 3 on those tasks managed at the DoD Component level. 

The DOD said that the SSG will manage tasks through continuous collaboration and dynamic reporting via dashboards connected to the right data sources and metrics. The SSG will provide visibility of activities to the broadest audience for full transparency and participation.  

Last month, the DoD released the 2023-2027 DoD Cyber Workforce (CWF) Strategy, which sets the foundation for how the DoD will foster a cyber workforce capable of executing the Department’s complex and varied cyber missions. The DoD CWF Strategy will enable the DoD to close workforce development gaps, resource workforce management and development initiatives, stay at the forefront of technological advances, securely and rapidly deliver resilient systems, and transform into a data-centric enterprise with optimized workforce analytics.

The latest DoD document identifies that “the development and expansion of the digital workforce aligns with strategic efforts outlined by the Department to include the 2023-2025 DoD Cyber Workforce Strategy. This work is critical as the digital workforce underpins the ability to achieve all aspects of this I-Plan.”

In February, the DoD published the DoD Manual (DoDM) 8140.03 Cyberspace Workforce Qualification & Management Program, the third issuance of the DoD 8140 policy series. The Cyber Workforce Qualification Program modernizes DoD talent management, allowing for more targeted and flexible approaches within the cyber human capital lifecycle.

Anna Ribeiro
Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

Securing cloud, IIoT in Industry 4.0 emerges crucial for protecting industrial operations across OT/ICS environments
Securing cloud, IIoT in Industry 4.0 emerges crucial for protecting industrial operations across OT/ICS environments
Through the Lens of a Case Study: What It Takes to Be a Cyber-Physical Risk Analyst
Through the Lens of a Case Study: What It Takes to Be a Cyber-Physical Risk Analyst
Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
MITRE's CREF Navigator aligns with DoD's CMMC to boost cyber resilience in defense industrial base
MITRE’s CREF Navigator aligns with DoD’s CMMC to boost cyber resilience in defense industrial base
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
ASIS Foundation reports on impact of autonomous vehicles on security and technology
ASIS Foundation reports on impact of autonomous vehicles on security and technology
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights