The Air Force is readying an announcement it has completed a new initiative to automate the process of approving commercial software, as officials look to speed up the deployment of new capabilities and automate more of the force’s information technology (IT) workload.
Lauren Knausenberger, the Air Force’s director of cyberspace innovation, told attendees at an April 20 AFCEA IT conference that the service is ready to begin implementing a new system for granting automated Authorization to Operate certifications for approved agile software products.
“One of the major roadblocks that I’ve been focused on, especially over the last six months, is the way that we accredit software in systems within the Air Force. I was just scratching my head as to how we can spend so much time producing thick piles of paperwork that don’t actually make our system more secure,” Knausenberger said. “A victory that we can hopefully declare in the coming days is the process of automatically granting ATO for products that are developed internally in an agile way using security standards that are backed in.”
The new initiative, called Kessel Run, automates the process of testing and new agile software for warfighters while reducing the amount of documentation needed for approval.
“This team is smuggling agile software development into the Air Force, and has done some really wonderful work,” Knausenberger said. “Within the next week, we’ll be able to announce that the project has the ability to produce any number of products with automatic security accreditation.
Cutting down the time needed to approve new software will allow the Air Force to deploy capabilities to warfighters more rapidly, while opening up opportunities for areas such as artificial intelligence and offensive cyber, according to Knausenberger.
Air Force officials are also looking to move automation into routine IT processes to free up much of its workforce from routine tasks while allowing for improved security standards.
“There’s a tool called SD Elements, which pulls all the relevant NIST controls that you need and automatically pushes it into your software stories. We have teams of people that are going through the NIST controls and doing that manually. That’s another huge place where people just shouldn’t be doing it,” Knausenberger said.
Knausenberger said there has been discussion of the AFweRX, the Air Force’s innovation unit, organizing a challenge for industry participants to demonstrate capabilities to meet the service’s AI and automation-first policy.
“It’s kind of tongue in cheek, but doing a ‘Dear robot, please come take my job’ challenge,” Knausenberger said.
Air Force leadership would focus on re-purposing the workforce currently handling these IT processes and potentially look to move the personnel into more cyber-specific roles.
“There’s probably some policy somewhere that says we can’t send the whole unit on a cruise with their family for three months, because we don’t need them anymore. And, of course, we would repurpose folks,” Knausenberger said. “But what we need to figure out what the incentive is to help people say please replace me with a shell script because this part of my job is just awful.”