More
    HomeMilitaryPentagon's Push for Swift Cybersecurity Approvals to Uplift Military Software Modernization

    Pentagon’s Push for Swift Cybersecurity Approvals to Uplift Military Software Modernization

    Published on

    spot_img

    Recently, both Pentagon CIO John Sherman and the House Armed Services Committee (HASC) have advocated for new policies to expedite the Department of Defense’s (DoD) adoption of commercial software.

    020206-D-0000G-004 Reconstruction of the Pentagon continues nearly around-the-clock as construction crews pour cement for floors and walls on Feb. 6, 2001, to replace those damaged in the Sept. 11, 2002, terrorist attack on the building. DoD photo by Grant Greenwalt. (Released)

    While these efforts are commendable, DoD and industry officials emphasized at a recent conference that cutting red tape alone is insufficient.

    Officials responsible for certifying commercial software as cybersecure and safe for government networks also need advanced technical tools and computing environments to properly test the software. The critical bottleneck in this process is known as Authorization To Operate (ATO).

    When the Pentagon wants to use commercial software, a government Authorizing Official (AO) must formally approve it as secure enough to be used on government networks. This process is often hindered by bureaucratic challenges.

    Sherman’s new policy and HASC’s draft legislation aim to reduce these hurdles by requiring authorizing officials across different DoD networks to accept each other’s ATOs—a principle called “reciprocity.”

    This would eliminate redundant checks on the same software, although exceptions exist for software moving from unclassified to classified networks.

    However, ATO is not just a bureaucratic task but a highly technical one that requires verifying the software’s functionality and security.

    Experts suggest stress-testing software in realistic, isolated computing environments—“sandboxes”—that mimic actual DoD networks but aren’t connected to sensitive data.

    A squad of soldiers learn communication and decision-making skills during virtual missions at the Grafenwoehr Training Area as part of the 7th Army NCO Academy Warrior Leaders Course.

    These environments allow developers to experiment with new code, get user feedback, and refine the software quickly.

    U.S. Navy divers with the U.S. Navy SEAL Delivery Vehicle Team 1, Naval Special Warfare Group 3, secure themselves to the Special Patrol Insertion and Extraction (SPIE) rope during SPIE training with Army flight crews assigned to the 25th Combat Aviation Brigade at Marine Corps Air Station Kaneohe Bay, Hawaii, June 18, 2013. (U.S. Army photo by Sgt. Daniel Schroeder/Released)

    Setting up such infrastructure requires time, money, and expertise, creating another potential bottleneck.

    At the Offset Symposium, Donald “Chee” Gansberger from AFWERX highlighted the progress in software modernization but noted that the ATO process remains challenging.

    He mentioned recent policy changes aimed at improving this, including more agile software development methodologies and advanced testing systems like Second Front’s Game Warden.

    An Indian army soldier explains how Improvised Explosive Device (IED) detection equipment works for 2nd squadron, 14th Cavalry Regiment, “Strykehorse,” 2nd Stryker Brigade Combat Team, 25th Infantry Division’s personnel at an IED static display during Exercise Yudh Abhyas here Oct. 19.

    Steve Escaravage of Booz Allen Hamilton concurred, noting that access to accredited testing environments, data, and operational feedback has historically impeded the adoption of emerging technology. He expressed optimism about recent advancements but acknowledged ongoing hurdles.

    Four military training instructors keep a close eye on a formation of new recruits at Lackland Air Force Base, Texas. Military training instructors now conduct an extended basic training program that runs eight-and-a-half weeks, two weeks longer than the previous program. (U.S. Air Force photo/Michael Tolzmann)

    Despite these improvements, not all AOs have access to high-tech tools, according to Derek Strausbaugh from Microsoft.

    He criticized the reliance on outdated methods like Excel spreadsheets and Word documents for system authorization, emphasizing the need for better infrastructure and support.

    Relevant articles:
    Pentagon should streamline software adoption with more testing enclaves, experts urge, Breaking Defense
    Pentagon announces new reciprocity guidance to streamline software adaptation, Breaking Defense
    Proposed legislation would push Pentagon to streamline ATO process for cloud-based capabilities, DefenseScoop
    Atlantic Council Commission on Defense Innovation Adoption: Final report, Atlantic Council

    Latest articles

    F-15 Eagle’s Dominance: The Untold Story of Its First Combat Triumph

    In the annals of military aviation history, few aircraft have earned a reputation quite...

    Uncovering WWII Bombs: Germany’s Continuing Battle with Hidden Threats

    Every year, German land produces a chilling crop: roughly 2,000 tons of unexploded World...

    Clacton Spear Discovery Reshapes Early Hominid Hunting and Cognition Understanding

    The recent focus on the Clacton Spear, an old wooden object discovered in Clacton-on-Sea,...

    FN Five-seveN MRD: A New Era in Precision Handguns

    The FN Five-seveN has stood out in the modern firearms landscape for years, known...

    More like this

    F-15 Eagle’s Dominance: The Untold Story of Its First Combat Triumph

    In the annals of military aviation history, few aircraft have earned a reputation quite...

    Uncovering WWII Bombs: Germany’s Continuing Battle with Hidden Threats

    Every year, German land produces a chilling crop: roughly 2,000 tons of unexploded World...

    Clacton Spear Discovery Reshapes Early Hominid Hunting and Cognition Understanding

    The recent focus on the Clacton Spear, an old wooden object discovered in Clacton-on-Sea,...