The Chief Software Office of the Air Force is preparing a list of “big questions” for the next CSO.

The Chief Software Office of the Air Force is preparing a list of “big questions” for the next CSO.

Following the angry, public departure of the first Air Force chief software officer, officials in the office where he left are identifying tough problems about effectively delivering software to deliberately face their next head.

During the Roadmap to Modernization Summit, Military Deputy Major Christopher Olsen of the Air Force Office of the Chief Software Officer told Nextgov that the office’s objective “is essentially to make the digital Air Force and Space Force a reality.”

Olsen discussed his office’s recent priorities, as well as ongoing defense programs to develop technical capabilities and boost staff skills, at a panel discussion last week with Defense Logistics Agency Chief Information Officer George Duchak.

According to Olsen, the software office’s tiny but mighty team is seeking to eliminate barriers to DevSecOps adoption and IT innovation across DOD, as well as deliver enterprise services for contemporary software development. However, implementing such forward-thinking strategies is not without its difficulties.

Nic Chaillan, the Air Force’s first CSO, resigned from the federal office he was managing earlier this year. In a forthright LinkedIn post describing his intention to step down, he cited a lack of resources and declining support from DOD leadership, among other reasons.

“I’d want to commend the Air Force’s chief software office. During the panel, DLA’s CIO Duchak stated, “I’m a big supporter of [Chaillan and] what he done.” “He was a visionary and a forerunner, and I believe there was an impedance mismatch between how quickly he wanted to move and how quickly the department could move.”

The Air Force is looking for a new CSO, according to Olsen.

During the panel, he stated, “The Office of the Chief Software Officer is going to survive.” “Whenever a new leader comes into an office, there will be changes, and that person will have a vision and goals that they want to achieve.”

The small team is “looking at pretty broad, meaty questions” the force needs to answer about how to better develop and deploy software, according to Olsen. Their plans may change with a new chief, but in the meantime, the small team is “looking at pretty broad, meaty questions” the force needs to answer about how to better develop and deploy software, according to Olsen.

“And some of it speaks to some of the issues raised by Mr. Chaillan in his LinkedIn articles,” he added. “As a result, we’d like to try to build the groundwork, if you will, on those issues.” It’s difficult to respond to them at the action officer level. But we’d like to prepare them so that when the new CSO arrives, they’ll be ready to go—and we’ll have some plans in place and they’ll be able to make decisions.”

Olsen went into greater detail on a few of the “major” topics, pointing out that the first is about the “relatively new concept of Air Force software factories.” Currently, there are about 18 of those small units deployed in the field for supplying specialised and specific software capabilities. The factories they use, as well as the DevSecOps technologies they use, represent a new domain in cyber protection that does not fit inside existing regulatory frameworks.

“How do we adjust to that in order to ensure that we’re allowing innovation while also ensuring that it’s done safely?” According to Olsen. “That is a significant question.”

Ones that are preventing software factories from completely innovating, which the office may assist ease, are among the other questions.

According to Olsen, open source software has become a valuable asset for the commercial sector, but it comes with its own set of concerns. Platform One, an open source initiative and capability that enables internal software deployments, is managed by his office. Olsen went on to say that the Defense Department needs to have a “unique bar” for software security in order to secure the country.

“What we want to look at is how can we use open source software with confidence that it will do exactly what we want it to do and nothing we don’t.” he stated

The service wants to be able to implement tools, processes, and procedures that ensure the safety of the code used in their weapon systems. Prior to the disclosure of the ‘Log4j’ vulnerability—the latest, but certainly not the first, cybersecurity incident using open-source tools—remarks Olsen’s were made and the panel was recorded.

Officials are also debating how to update the Air Force’s response to other cybersecurity threats, according to Olsen, with the goal of eventually producing dashboards that reflect systems’ cyber risk posture in real time.

The Air Force’s CSO office is also a key player in the Department of Defense’s enterprise-wide DevSecOps project. Many projects are underway as part of the agency’s larger endeavor to make best practices and reference designs available across its vast software ecosystem. Officials are seeking to standardize and streamline how various military branches define and employ continuous authorities, according to Olsen.

Aside from those and other endeavors, the Air Force’s software-push arm is leading a pilot initiative dubbed Digital DNA, which is intended to “create a digital foundation for the workforce, and teach them how to apply those concepts inside the Defense Acquisition System,” according to him.

The course is currently self-paced but must be done in groups. It’s broken down into four sections and is meant to help authorities better understand DevSecOps, develop agile acquisition methods, and more. So far, the results have been positive.

“This is a pilot course that we conducted with a few cohorts—I’m actually doing it right now and love it,” Olsen added. “We really want to attempt to start expanding it up next year, making it open enrollment and trying to make it available to the greater DOD community,” she says.

He also outlined a number of other priorities for 2022, including capturing bottlenecks and codifying the Air Force’s ground-based strategic deterrent, or GBSD, program’s success. This early-stage endeavor is paving the way for the development of a future US-based intercontinental ballistic system to replace the Minuteman III missiles. The flagship project, according to Olsen, is “doing a fantastic job” and has become a model program for demonstrating how agile methodologies can enable modern software development within a big defense procurement program.

“We want to codify that and share it with other program managers, saying, ‘Look, if GBSD can do it—which is, you know, possibly the most significant government program in the history of ever considering the weight of what it’s meant to achieve—then your program can do it,'” Olsen said. “So, we want to gather that data and communicate it, perhaps through a roadshow around the Air Force, to get folks on board with what we’re trying to accomplish.”