The Pentagon’s weapons system program may be looking at more cutting-edge software development and cybersecurity practices than ever before, but its implementation is uneven, according to the latest surveillance agency reports.
Is The Government Board of Audit was discovered in the annual assessment of the weapons systemReleased on June 8th, the Pentagon states that more appropriate monitoring is needed for the development of systems that use multiple acquisition routes. DOD introduced the Adaptive Acquisition Framework in January 2020 to revamp its acquisition model, emphasizing that it will help modernize software acquisitions, implement cybersecurity throughout the system life cycle, and refine its acquisition strategy. I made it possible to adjust.
In the same assessment, GAO found that both major defense procurement programs (MDAP) and middle-tier acquisition (MTA) programs were based on software development factors, including cybersecurity, “for fighter development and field capacity efforts. Reported as “risk”. According to GAO, this is in line with the results of last year’s evaluation.
“The Pentagon has worked to improve these areas, including updating software and cybersecurity directives and providing guidance on agile software development practices,” the evaluation said. “However, most of the programs surveyed continue to face challenges in implementing the latest software development practices, and many of the programs surveyed face challenges in conducting iterative and early cybersecurity assessments. I found out that there is. “
The MDAP told GAO that it was struggling to complete software development in time for testing, but the MTA program had problems with the initial integration of software and hardware. Most programs are part of an important practice in which program personnel are trained in the latest software practices, or the program is recommended by the Defense Science Commission for modernization of software acquisition. He said he did not guarantee that the iterative feedback process would work with the end user.
Despite the focus on rapid deployment of software in many batches, only 6 of 36 programs reported to GAO that they delivered software to users in less than 3 months. did. The agile development framework expects the software to be delivered within a few weeks.
“The MDAP and MTA programs also reported challenges related to the software development workforce,” the assessment said. “For example, more than half of all MDAP and MTA programs hire contractors and government staff on time to perform planned work, and hire contractors and government staff with software development expertise. We are reporting on staffing issues, such as identifying them. “
The image of the cyber side is not so bright. Half of all MDAPs and all MTA programs involved in the evaluation do not consistently implement DOD guidance that outlines the testing and evaluation process that begins at the beginning of the acquisition and continues throughout the program’s life cycle. .. Most programs have created cyber strategies, but many have neglected to incorporate cyber security into their requirements documents.
“We found that the programs under investigation did not consistently perform collaborative vulnerability identification tests designed to identify vulnerabilities and plan measures to mitigate or resolve them.” It is written in the evaluation.
GAO finally made one recommendation, based on an assessment agreed by the Pentagon: Overall planning costs and schedule required to provide the final functionality. “
https://www.nextgov.com/cybersecurity/2021/06/pentagon-weapons-programs-still-struggle-use-modern-software-practices-watchdog-says/174647/ Watchdog says the Pentagon’s weapons program is still struggling to use the latest software practices