‘Unified Platform’ Accelerates Air Force DevSecOps
The U.S. military’s embrace of Silicon Valley-style agile software development now extends to quick turn-around programming required to respond to evolving cyber threats.
Among the earliest attempts to break through the byzantine and wasteful Defense Department procurement maze is a U.S. Air Force effort called Unified Platform. The cloud-based, software-defined “code works” is part of a larger Pentagon shift toward a “software factory” model that would underpin an emerging DevSecOps capability.
“DevSecOps is achieved by being closer to your customer and the end-user—the warfighter,” said Neil Patel, a program director for Northrop Grumman’s Cyber and Mission Solutions Division. Northrop Grumman is among several industry partners working with the Air Force code works to hasten development of new cyber tools.
The Air Force opened a code works facility last December in San Antonio. Northrop Grumman serves as coordinator for the Unified Platform.
The DevSecOps initiative attempts to address DoD’s cumbersome code development and certification process that is unable to keep up with cyber threats. Estimates of the number cyberattacks directed at Pentagon systems range from 10 million daily to as high as 36 million when counting malicious emails containing malware, viruses and phishing schemes.
Hence, the military services working with the U.S. Cyber Command are attempting to keep pace with the evolving threat via the Unified Platform approach. The idea is to bring together domain experts from each of the military services who individually use different tactics, code development tools and certification processes.
The goal of joint operations—an area where the Pentagon has long fallen short—would allow cyber forces to work across the “full spectrum of cyber warfare,” Northrop Grumman said, a reference to developing defenses as well as conducting offensive operations.
The initial version of the Unified Platform served as a prototype for an Air Force effort aimed at adopting a software factory model commonly used by enterprise DevOps teams. That commercial approach is driven by the need to quickly develop and deploy distributed applications. The agile approach emphasizes code reuse and so-called low-code development.
The Air Force’s Office of Command, Control, Communications, Intelligence and Networks stood up the new code works last late year, seeking nothing less than a paradigm shift in how the services jointly develop DevSecOps tools.
“A warfighter supporting an ongoing mission should be able to pick up the phone, have a developer make any required changes and roll it out in real time—not weeks or months,” said Emmet Eckman, Northrop Grumman’s program director for the Unified Platform.