To confront modern threats, the Pentagon often separately emphasizes two key weapons in America’s arsenal: a network of international partners around the globe and its own advanced tech. But in this op-ed, Enrique Oti, former commander of the Air Force’s Kessel Run software hub and current senior official at a national security software startup, argues that the US is falling behind on combining those two powers and missing out on the great potential of allied software development.
Software is central to modern warfare and the glue that unites coalition forces.
NATO understands this challenge, and their Defence Innovation Accelerator for the North Atlantic (DIANA) is a prime example of the potential for technology innovation in a coalition environment. DIANA offers a roadmap for the US Defense Department to prioritize the adoption of foreign-built software, strengthen software alliances, and drive coalition software interoperability.
But currently, DoD software policies have not kept pace with the evolving tech landscape to forge partnerships and enhance collaboration.
Operating in the age of software-defined warfare requires that we account for allied collaboration from the outset, guided by a vision of coalition cooperation to enable maneuverability and interoperability in the future. That is a national security imperative.
When it comes to building a secure coalition software strategy, here are four distinct opportunities that the US policymakers and defense leaders must address:
Adopt Allied Software
While the US leads the world in software development, it does not have a monopoly.
The DoD must harness the best software for defense, which includes integrating from our allies. Yet the current processes to acquire foreign software is burdensome. DoD must accelerate acquisition, accreditation, and security processes for allied software.
The DoD Chief Information Officer must continue to lead the rest of the DoD through actions such as establishing DevSecOps principles, promoting the use of portable, containerized software and running software in secure cloud environments with continuous monitoring.
RELATED: Air Force, Kessel Run sign new agreement for speedier code
While no software can be proven to be 100 percent secure, the implementation of high-quality, automated security and continuous observability should permit the rapid adoption of allied developed software by lowering the security risk to an acceptable level for mission owners.
Export US Software to Allies
Our partners face similar challenges when buying and adopting US and other foreign-built software, ranging from differing accreditation methodologies to restricted export controls. Similar to Deanna Ryals’ “Allied by Design” approach to space systems architecture for the Space Force, overcoming this regulatory challenge will require a combination of designing tools for export and baking-in security measures, along with building trust among allies.
Achieving this will require a combination of policy reform practiced through security pacts like AUKUS and the development of a robust approach to aligning methodologies for software and data interoperability, as well as compliance documentation, between nations.
Meeting the policies and laws of each stakeholder will require a coalition security scanning methodology that outputs the needed format of software and security controls for each country to which we are delivering capabilities. The radical transparency of software bill of materials, vulnerability reports and compliance control mapping will build the trust necessary to accelerate adoption of the software.
Develop Software as A Coalition
Intelligence systems, command and control systems, and communication systems will all be part of a coalition software environment, and they must be built to meet the needs of all coalition partners.
To accomplish coalition software development, we need to build development environments that are segmented from any one country’s unique network. However, they should still enable developers from those countries to log in and commit code to the code base in an open-source model, taking advantage of open-source projects, while implementing strong identity validation and automated checks to ensure security.
Similar to intergovernmental software cooperatives seen across the US in local and state governments, this can be accomplished through strong governance structures, clear standards and open sharing, ensuring all code coming from the coalition repository meets appropriate requisites.
Though there are risks associated with using open-source components, they’re not inherently less secure than their proprietary counterparts. By bringing them into a development ecosystem of software developers from coalition nations, we can mitigate risks through multiple trusted nations freely examining the code.
Additionally, this approach creates feedback loops that allow continuous development and deployment of software updates according to the needs of those on the frontlines like we’re seeing with Ukraine’s software warrior brigade.
In fact, our partners may have the best insights into warfare from Asia to Europe because they are on the frontlines every day against countries like China and Russia. Allowing their ideas to rise to the surface and providing an avenue for implementation will result in enhanced feedback loops and dynamic maneuvering in the face of evolving threats.
Fight On Coalition Networks
In modern warfare, not all our allies and partners will have security clearances. Warfare alongside partners that aren’t cleared will require us to fight in an unclassified environment, making use of the open internet.
We can achieve this if we can build out a secure unclassified environment with strict access controls and zero trust network security. This will allow us to cultivate a federated ecosystem among our partners with specific access controls enabling secure access to the critical data.
The Intelligence Community has already started developing ways to share intelligence with coalition partners using Mission Partner Environments (MPE). These networks provide greater ease of access and resilience, allowing coalition networks to be easily expanded or contracted, while also adding and removing nodes as necessary.
The future of warfare will be software defined. We fight with a coalition of allies. This requires seamless interoperability for rapid decision making and action. We must tap the global software ecosystem to provide our warfighters with the best software for defense. This includes the DoD acquiring allied software, exporting US software to allies, co-developing defense software, and operating on resilient coalition networks.
These are not technical challenges, and small changes to policy and process can change the outcome of a future fight.
Enrique Oti is the co-founder and former Commander of Kessel Run, the Air Force’s sandbox for software development programs, and the CTO of Second Front Systems (2F), a national security-focused startup.