Navy to stand up DevSecOps task force

NOTE: This story first appeared on FCW.com.

The Navy is standing up a task force to speed up software delivery.

"Implementation of development, security, and operations (devsecops) in our pursuit of modern software development and delivery is critical to accelerating capability to the fleet and improving the security of our information," Navy CIO Aaron Weis and the Navy's acquisition chief James Geurts wrote in a memo signed Jan. 15 and publicly released Jan. 21.

"The challenge before us is to determine the most effective and efficient implementation across our diverse landscape of operating environments that optimizes limited resources and minimizes impact to innovation and agility."

The task force, which is ordered to be stood up by March, is responsible for delivering "a set of prioritized recommendations" that, once approved, would become the Navy's enterprise wide roadmap for implementing DevSecOps.

The recommendations would tackle a framework for DevSecOps infrastructure, governance and management, cybersecurity assessments for infrastructure, and potential barriers to scaling, according to the document. Policy, contracting, standards, training, and workforce are also to be considered.

The memo comes as the Navy is looking to improve software accessibility and networking in its fleet.

Rear Adm. Kathy Creighton, the director for Information Warfare Integration, N2/N6F, Office of the Chief of Naval Operations, said the Navy has been considering how to do DevSecOps on its fleet, thinking of innovative ways to collaborate amongst the program executive offices.

"On a ship, PEO [Command, Control, Communications, Computers and Intelligence and Space Systems] delivers a C4I network and PEO [Integrated Warfare Systems] delivers the combat system," Creighton said during an AFCEA virtual event on innovative technology Jan. 19.

"We've looked at how we're going to do DevSecOps on ships, how we are going to deliver software in an agile, rapid manner [and] we've realized we've got two networks...do they both need to buy capability to get software brought on the ship and pay twice? Or could they work together...on one path and be able to share?"

The Navy is also ready to implement the Defense Information Systems Agency's cloud-based internet browsing technology created to enhance network cybersecurity this year, Creighton said, after pilots of the technology that creates a gap between the Defense Department's network and internet traffic were successful.

"It was clear that that would be great on the enterprise network but the concern is will that work at the tactical edge: how will that work on ships? And so [U.S. Pacific Fleet] leaned forward and said, yeah, I want to demo that right away on ships," Creighton said.

CBII was developed by the Defense Information Systems Agency using a $200 million other transaction agreement and went into production in 2020. DISA announced in September that it was planning to roll out the tech solution to 1.5 million users over the next year starting with the agency.