Today’s battles happen at the pace of software. The Pentagon needs to hit the accelerator
Experts tell lawmakers where the bottlenecks are.
The right software can dictate a battle’s outcome, and the Pentagon’s not changing fast enough to keep up, a panel of experts told lawmakers Wednesday.
“Can commanders access data to control highly distributed forces? Can we invent new ways of fighting that put the [People’s Republic of China] on the backfoot and dissuade aggression? These are the issues that the Department of Defense must tackle if it wants to compete. And now every one of these issues now depends on software,” Daniel Patt, a senior fellow at the Hudson Institute, told the House Armed Services Subcommittee on Cyber, IT, and Innovation on Wednesday. “Even changing a military unit's tactics now depends on a software update, not just a whiteboard planning session. And we need look no further than the battlefields of Ukraine to find evidence that units which are able to change their software more quickly see better outcomes.”
One of the culprits is the Pentagon’s authority-to-operate, or ATO, process, which is used to make sure software is safe before it’s used, Patt said.
“The ATO is about the risk of using the software, about deploying the software, and this gets aligned with mission risk,” he said. “If it's buying body armor, you can really separate these decisions of…is it safe to use this on a mission? Does this help support the mission? With software, though again, these lines get blurred.”
The idea to reform the authority-to-operate process isn’t new, and is often cited as a barrier to getting new tech ready to use. A recent Defense Innovation Board study took up the issue, recommending the Pentagon’s chief information officer issue policy to allow any approved software bought as a service for one cloud environment carry over to others—in addition to using the continuous ATO process for faster updates.
Additionally, the Pentagon has made progress with a software development strategy and plans to implement modern software practices, while it looks into guidance for continuous ATOs to allow faster updates.
Ellen Lord, the Pentagon’s former acquisitions chief, suggested Congress press defense leadership on why policies like continuous authority to operate haven't been broadly implemented, despite published guidance.
“There's been a lot written and a lot discussed, but continuous ATOs are not yet implemented. And I would suggest that during posture hearings this will be a very good thing to ask DOD leadership about.” Lord said. “Secondly, we are repeatedly across—even programs, military services, agencies—not allowing reciprocal rights for ATOs, so the same software is being reauthorized again and again.”
It’s a process that costs time, money, and outcomes, Patt said.
“Sometimes I think that in peacetime, it's hard to understand how important delivering software updates is,” he said. “But if you just look at the conflict playing out in the Ukraine, one of the things you see: Ukrainian radios only last about three weeks before some countermeasure comes along, and they have to reprogram the radio or change a waveform.”
The same goes for smart munitions, which can be prone to GPS-signal jamming. And as the battlefield becomes more crowded with digital devices that emit electronic signatures—think drones—operators will rely on software, like artificial intelligence, to stay undetected longer.
“We see the Excalibur munition: its targeting system dropped from 70 percent effectiveness to 6 percent effectiveness over a matter of a few months as new EW mechanisms came out,” Patt said. “If we expect our major weapon system programs to follow these waterfall processes, where it's been years planning a tech refresh, how do you ever hope to adapt in competition?”
NEXT STORY: Air Force’s T-7 trainer delayed another year