Transitioning to an Agile/DevSecOps Acquisition Environment
In June 2023, a SERC team led by Dr. Michael Orosz (University of Southern California and its Information Sciences Institute (USC/ISI)) completed a research task aimed at improving the space-based systems acquisition process through adoption of agile and DevSecOps (Development Operations Security) methodologies. Over an 18-month period, the research team embedded into the acquisition environment at the U.S. Space Force Space and Missile Systems Center, Production Corps (SMC/PC), participating in daily meetings and events and providing subject matter expertise on systems and software engineering, agile, and DevSecOps processes.
“The advantage of embedding in the Space Force project is that the research team not only collected data, but also experienced the day-to-day operations of the project,” said Dr. Orosz. “Often data doesn’t fully represent the challenges of a project. Living in the day-to-day is a great way to fully understand what is working and what is not.”
The team performed research and systems engineering (SE) analysis to explore the mission engineering methods, analysis, metrics, and workforce training needed to transition from a traditional Department of Defense (DoD) waterfall acquisition environment—largely document-based and planned in linear sequential phases—to an agile/DevSecOps space systems acquisition environment that can integrate emerging technologies. The team completed two projects: Project A, a traditional Waterfall project; and Project B, a hybrid Waterfall/Agile project. In addition, during the final ten months of the project, the team was embedded in another acquisition project (Project C).
Dr. Orosz noted that “although time-consuming, starting with a traditional waterfall project, followed by subsequent projects with increasing levels of agile, provides an ideal opportunity to see the benefits of applying the agile approach to system development. In this case, all three projects have similar command and control environments, similar complexity, and similar size—ideal for doing A-B (and C) comparisons of agile vs. waterfall.”
Based on observations and analysis of data collected over the period of performance, the team developed the following recommendations. While these are focused on software-only developments, many are also relevant to hardware or hybrid hardware/software environments.
- Upfront SE is still needed in agile/DevSecOps environments, at a minimum, to help populate the project backlog. This upfront engineering and planning work is critical for tracking the relationship between near-term detailed plans and performance and higher-level plans for project completion.
- The acquisition of a near-operational (NearOps) environment should be the highest priority task on the project backlog to facilitate continuous integration/continuous deployment (CI/CD) operations. A fully functioning DevSecOps pipeline can’t be implemented without such an environment.
- During feature and story planning, the focus should always be on minimum viable products (MVPs) and minimum marketable products (MMPs), not on meeting feature/story velocity goals. A roadmap should be developed and maintained in sufficient detail to continually identify the impacts on the total project caused by performance in near-term program activities.
- All intellectual property (IP), licensing, and third-party contracting should be completed prior to the start of development. Many needed tools cannot be used due to foreign ownership, licensing, and configuration challenges. Ensuring the availability of appropriate performance measuring/tracking tools is critical to help monitor the development process.
- Add margin to the schedule and budget to allow for the customization of performance tracking tools.
- Government participation in scrums, demonstrations, and other ceremonies is essential for increased situational awareness of the project. This participation needs to be well-managed to ensure personnel don’t become fatigued or overtasked.
Another key recommendation pertained to workforce training. Many members of the government acquisition environment are experts in the waterfall method of systems development. In some cases, they have knowledge of the agile/DevSecOps approach, but few have practical experience working in the agile/DevSecOps environment. Also important is the need for agile “champions” in both the contractor and government environments. This is particularly true when first introducing the agile/DevSecOps method in a traditional waterfall development environment.
“Based on the data collected, it’s clear that applying agile—at least to a software-focused project—is a benefit to the program,” stated Dr. Orosz. “That said, we have only looked at three projects, each similar in size and complexity. In the future, we would like to look at projects that involve different domains, systems sizes, and complexities and also hybrid programs where agile is applied to both hardware and software development. With evolving additive manufacturing and microelectronics development and processing, applying agile in the hardware sector is something we’re very much interested in.”
The recommendations generated by the project can be generalized and applied to other government acquisition projects, allowing the DoD to remain competitive and develop and deliver systems as quickly as possible while ensuring the technologies are relevant. Sharing these insights is a critical step for the broader SE, acquisition, and defense communities. The final report is available online at the project page, and Dr. Orosz presented on findings at events including the 2022 Naval Postgraduate School Acquisition Symposium and the 2022 SERC Annual Research Review.
Follow SERC on LinkedIn for regular updates on systems engineering research.