An official website of the United States government
Here's how you know
A .mil website belongs to an official U.S. Department of Defense organization in the United States.
A lock (lock ) or https:// means you’ve safely connected to the .mil website. Share sensitive information only on official, secure websites.

How to speedily procure secure software. Really.

  • Published
  • By Brian Brackens and Benjamin Newell
  • 66th Air Base Group Public Affairs

HANSCOM AIR FORCE BASE, Mass. – To design and secure the software combat air forces rely on, the Air Force must alter its approach to acquisition, according to eight Airmen tasked to speed slow military software fielding.

Developed in 2016, the three-month Advanced Tactical Acquisition Corps program selects up-and-coming acquisition professionals across the acquisition community and charges them to develop solutions to the biggest problems in military procurement. Jennifer McBee, Capt. Charneice McKenzie and Capt. Sam Riehn, represented Hanscom Air Force Base, Mass., hailing from three separate program offices. The team tackled how to acquire software using agile methods, while adhering to stringent and necessary cyber security requirements.

“Mr. Wert and General Dennis co-authored this team’s problem statement,” said Jennifer McBee, a program manager for intelligence systems at Hanscom, who served on the ATAC team. She cited two of Hanscom’s three Program Executive Officers, Maj. Gen. Dwyer Dennis, who oversees sustainment of many of the Air Force’s networks and cyber systems, and Steven Wert, who manages platforms and systems that tell combatant commanders what is happening in their theaters.

"Programs have limited resources and virtually no process to assist an organization in continual development that joins the user with the developer,” said McBee. “Instituting a culture change from the current mindset means we have to stop thinking about end products and start thinking about using an agile process that constantly builds, constantly improves and constantly gets feedback from the user. Culture change can take a while, but in the meantime, key areas such as requirements, cybersecurity, test, and so forth, should be baked in from the start and not an afterthought."

The team focused on collecting acquisition data and anecdotes from Air Force, Department of Defense and industry experts who frequently deal with designing and fielding military-use software that meets security requirements. They analyzed that data, and then developed recommendations for senior leadership. 

The team’s work took them to multiple locations around the country including Boston, San Antonio and Austin, Texas, and Washington, D.C. They had the opportunity to meet and gain insight from senior Department of Defense, Air Force, government and industry leaders including Gen. Ellen Pawlikowski, commander, Air Force Materiel Command; Lt. Gen. Arnold Bunch, the military deputy to the Assistant Secretary of the Air Force for Acquisition; and Lt. Gen. Robert McMurry, Air Force Life Cycle Management Center commander. 

“We viewed our problem statement as three different pieces,” said Glen Snorf, program manager for AFLCMC Business and Enterprise Systems Directorate, and a member of the most recent ATAC cohort. “First, in the sense of an agile mindset; finding ways to be more efficient, and finding ways to streamline and accelerate while maintaining speed with discipline. Second, we asked ourselves, how do we adopt agile software development as a framework and technique from an enterprise perspective? Lastly, how do we use some of those tenants of agile development to streamline and accelerate the cybersecurity accreditation process?”

The team’s recommendations focused on urging senior leaders to increase knowledge and awareness of why software should be tested in the field continuously, rather than at the very end of a traditional acquisition process. Additionally, if security requirements are factored into each development step, rather than added at the end, final products will be more likely to clear the military’s high cyber security standards.

“ATAC provides a powerful experiential learning opportunity,” said Lt. Col. Peter Sandness, ATAC program director and one of the team’s mentors. “Leadership skills and personal pride refined through ATAC are directly visible in the recommended solutions offered for the senior leadership-selected project they worked on as a team.”

From 2016 to now, twenty-two personnel have completed the program.

The following individuals are members of ATAC Team 3:

Jennifer McBee, Battle Management Directorate
Capt. Charneice McKenzie, C3I & Networks Directorate
Jessica Ploeger, Air Force Security Assistance and Cooperation Directorate
Josh Richey, Fighters and Bombers Directorate
Capt. Sam Riehn, C3I & Networks Directorate
Glen Snorf, Business and Enterprise Systems Directorate
Capt. Alistair Tolosa, Agile Combat Support Directorate
Capt. Dan Whalen, Air Force Space and Missile Systems Center