Publication

Rapidly advancing threats and technologies have increased the need for the U.S. Department of Defense (DoD) to more quickly develop, field, and upgrade operational capabilities to ensure mission effectiveness and success.

Agile and DevSecOps for Both Hardware and Software. Agile development along with DevSecOps (development, security, and operations) can accelerate acquisition and improve relevance. Industry has successfully applied Agile and DevSecOps to software, hardware, and inter- reliant; hardware/software systems. However, Agile and DevSecOps in the DoD are often applied only to software development.

Issues with Software-Only Use in the DoD. Systems are increasingly reliant on tightly integrated hardware/software systems. Changes in hardware will affect software—and vice versa. Software is often completed ahead of hardware, and system integration and testing require access to developed hardware. This causes delays, late and costly problem discovery, aging software, and disconnects in ownership and sustainment.

DoD Barriers to Address. There are cultural DoD barriers to implementing Agile and DevSecOps for hardware. For example, much DoD software is deployed on special-purpose hardware platforms, so there is a prevailing view that Agile does not apply or is too difficult to implement in weapon systems that are deployed in harm’s way. There is also a gap in general knowledge of how to apply these techniques beyond software, little-to-no organizational support, and little explicit policy directing their use.

Recommendations. To fully leverage the potential of Agile and DevSecOps for both hardware and software, the DoD needs to address both functional applications and non-technical challenges to their application. Specific steps forward include the following:

• Develop a Center of Enablement (COE) for Agile and DevSecOps to provide practical advice to programs in applying these techniques to both hardware and software elements of acquired systems while facilitating workforce training and improvement in these areas.
• Integrate Agile and DevSecOps initiatives with Digital Transformation to improve management through the collection and sharing of program performance, share best practices and lessons learned, and improve workforce skills and insight.
• Continue pursuing agility in contracting, requirements, and funding to instill agility in the key inputs and support functions necessary to conduct system design, development, production, and deployment.
• Address cultural and risk barriers through leadership and incentives to support change, ensure proper employment of Agile and DevSecOps, and address workforce concerns.