On cspan2. Next we hear from policy experts on the role of software in defense deptment systems and its use for innovation they also talk about the defense departments culture to enhance modernization and attract talent. This is held by the House Armed Services committee. The subcommittee will come to order. I ask unanimous consent that the chair be authorized to declare recess at any time. Without objection, ordered. Good morning, everyone, thank you for attending. We are here today to discuss one of the most critical enablers within the u. S. Arsenal, software. Software that the war fighter uses is krucial to our ability to conduct operations in the air, in the sea, on land, in spice and in cyberspace. Aircraft carriers will be able to leave you are pier, we expect that the systems and code that we rye rely on will work when needed. Despite this criticality we see a department that collectively struggles in procuring, operating, and prioritizing software. Congress do know when something is wrong and something is right or when something we see the reports. We read the studies repeatedly noting that the department struggles with software, findings remarkably consistent from the 1980s to today. We know some things are fundamentally amiss. My hope today is for the witnesses to not only describe the problem but contextulize where possible whats being done to date and what the largest barriers have been for addressing these issues in a truly meaningful manner. I cant think of a better set of witnesses in front of us today to help with that task than the three im abt to introduce. Ms. Ellen lord, former undersecretary for defense for acquisitions and sustainment. Dr. Richard murray, professor of co and Dynamic Systems at call tech and cochair of the 2019 Defense Innovation board of Software Acquisition and practices study. And dr. Dan pratt, senior fellow at the hudson institute. Thank you all for being with us today. I will now recognize the Ranking Member for his opening remarks. Institute. Thank you for being with us toy. Now recognize the Ranking Member for his opening remarks. Thank you, mr. Air. Looking forward to hearing from you. The department of defense and u. S. Government has been critical in the development of software and technology in this country as a representation of con valley. I remember that it was our mission to the moon that led to the acquisition of semiconductors. That is what spawned Silicon Valley. Rs, you never would have seen the development of Silicon Valley and the technology. The innovation is happening in my district and the private sector, we need to figure out how we continue and strengthen and private sector recognizing the dynamic nature of software, how quickly it changes, how we need that innovation to keep us the Strongest Military and country in the world. I am looking forward to your comments and your suggestions. Thank you, mr. Chairman. We will now start with the witnesses. Misses lord, you are recognized for five minutes. Thank you very much for chairing this hearing of the in an era of strategic Competition Among technologically advanced powers, software shaped the nature of deterrent and defined National Security advantage. The urgency to empower our defense and apparatus across th existing and emerging technology is critical to not only prefers our ■9freedoms but those of our partners and allies. Transformed our commercial sectors. In turn our everyday lives. Now, we must harness and apply to bolster u. S. Military superiority in the digital age. Given current opnot be hardier. Software development and support of our country support and infrastructure needs to meet the challenge of the moment. To fall short now would not just be a but a source of imminent risk to our ability to ility to quic and deliver capability to close the gap between information discovery and Mission Response is a defining differentiator and emerging global competition. Defense and intelligent agencies must develop, acquire, execute d maintain software to meet Current Mission needs while also having the agility to quickly respond to future threat environments. The statutory, regulatory and budgetary framework for these agencies are right for streamlining to build and maintain the Nations Software advantage. The department of defense, procurement process, is one of the greatest challenges and opportunities to Software Acquisition. Often software is purchased using the same approach that is traditionally employed for major hardware systems. Typically this entails setting rigid requirements, lengthy solicitation processes and ultimately coming years later, to adapt software that is often obsolete upon delivery. Although alternative pathways exist, they an acquisition professionals implement them. Funding professional training and development for acquisition professionals to ensure they have key skills for implementing the full spectrum of geacquisition approaches wil enable the best and most Innovative Technology to be quickly provided for our National Security workforce. Dod must operationalize policies and procedures to suppt agile Lifestyle Software and service delivery, human centered degn, and modern technology stats. Training the Acquisition Workforce is necessary but not sufficient to modernized development and deployment. Resourcing must be available to provide flexible anleadership must demand that all relevant procedures and processes employed. My submitted testimony goes into more details on these items. I would like to close by acknowledging three efforts producing actionable recommendations that might be useful to the one is the commission on planning, programming and execution. We just last week produced our final report. We talked about recommendations that could be employed. Many would he the software defe coalition that is led by jane lee is producing actionable recommendations for the that topic. Subcommittee. And finally, the Atlantic Council commission on Software Defined warfare on which i serve, is again producing chapter three, been there, said actionable recommendations. I urge the committee to follow that, we know what we need to up on these. Thank you. Thank you, ms. Lord. Do. We need to figure out how to are recognized for actually do it and get to it. Our 2019 report, i believe we are still the most important minutes. Mr. Luttrell and distinguished members. Thank you for inviting me to speak on the topic of software points. Development. From 2016 to 2021, i was a the first is that speed and member of the board and co chairealong to do software. Cycle time are the most important metrics for software. Being able to deploy than our adversaries means that we can provide more advanced this was established in 2018. And be more responsive to end our report was never done. Users. And gives us a tactical the key findings of our report advantage on the battlefield by allowing operation and response inside our adversaries. Second, software is by people and for people. Dod resource policies are not conducive to attracting and promoting digital towns. Talented developers and acquisition personnel are often put in jobs that do not allow them to make use of their talents. Particularly inthments may not recognize the importance. Today and dod, the people with the necessary skills exist but instead of taking advantage of the skills, we often put them in thomas and dod have established instructions that govern the development, procurement and sustainment of Defense Systems. Software development is fundamentally different. Software should be developed and continuously improved using much different cycle times and maintenance strategies. Software is never done and mostly managed treated differently than hardware. I took the opportunity to read reports on the implementation of some of the recommendations for the study we have papartner with. I was pleased to see that congress and dod have made progress in implementing many of our recommendations including establishing pathwayse for software and exploring new procreation categories. These are important steps and they should be continued and accelerated. In addition tothese imrtant actions focused on the acquisition process, dod implemented many actions on primary and secondary recommendations. Some of the most important providing guidance including reciprocity and continuous adls. As of april 2023, guidance for continuous adls has not been processed. Dod reports progress but appears they have let to establish. A welldefined Software Developer including Service Members will out dod wto retain to design, build software systems. Finally, an area that is completely different when we did the study is the role of Artificial Intelligence and military systems. The implications of ai will be profound across all areas of society. Th changing so rapidly its impossible to predict how ai is working progress. Ai is poised to revolutionize the way we right, test and deploy. Already riding code based on the speed development. In the future, it will be integral. These developments will democratize development and ways to do it drastically reduced time. At the same time, software is using for military systems is critical to fail so we must find ways to harness those. Dod must stay on top of these developments and take advantage of the current u. S. Being development. Congress working with dod plays an essential role in breaking us out of the cycle. Thank you for your attention and i look forward to the session. Thank you, dr. Murray. Dr. Pratt. Five minutes. Thank you for inviting me here to speak on such an important topic. Im here an individual capacity. I serve in diverse roles offering perspective on technology and threats. Broad technoeconomic shifts and the vibrant ecosystem. As you all know, software is ubiquitous. Powerful implications for economic productivity and government effectiveness for cybersecurity and the character of National Security. These Technology Goal changes are overlaid on the context of our time. Strategic consultation. In the crux of the problem for National Security is this. And a sustained competition and the longterm competition, ultimately depends on the ability for one side to adapt. Yearbyyear mitigating weaknesses and advantage. The kind of questions we ended up with are things like our weapons against a relentless pace of threats. Can we invent new ways of fighting that put the prc on the back foot. These are the issues that the department tackle if it wants to compete. Everyone of these issues now depends on software. Ev military units tactic. We need look no further than the battlefields of ukraine to find evidence that units which are more quickly see better outcomes. We face a choice. We can be victims of software, cursing its bugs and overruns. Or we can harness it for competitive advantage by leveraging american ingenuity, technology. That is our question. Can we create a Defense System il adaptation . My central message is this and it will echo those of my fellow witnesses here. The process of getting code fr a programmer to an operational system is critical. We blur the lines between what is development, building something. And what is operations that same thing. Making this quick and robust is a necessary for competition. They remain in the minority and they faced daily struggles against organizations and processes built for another i call your attention to two axonal items. As ■ where adls how the department decides software is safe to deploy and use. The second item, towns. Attacking■1 on the first topic will introduce an analogy. In many ways, making software resembles molding wet clay. Forming it into some finished piece. When an Engineering Team works with source code, they can quickly adjusted, make fixes. Once the code is compiled, fixed and brittle. The code only works on one particular type of processor. What we find is modern software so complex, you need to feed the results back to the Engineering Team. Unfortunately, our 312 process makes this quite difficult. On the second topic, technical talent come a software is a complex and technical subject matter. Details matter. We hear this quick big headline sometimes. One simple trick can solve dod software. One Software Factory to rule them all. Its all about agile. Those are useful things. But navigating that complexity requires judgment and organic technical talent on the part of the department. The needs leaders driven by mission. It doesnt need armies of coders. They can attract this talent if given the right tools using i6 things like appointments and giving these people autonomy to make a mission impact. Thank you. Thank you, dr. Patt. I will move it to questioning. Authority coming all three had on that. I hate to say it, it seems, you guys shouldnt e. Av you want to hang out. Yuck. Totally cool. Sit back down. The authority i dont it seems like its the improper medium for software innovation. Software is updated every half second of every second of every minute of every day. It moves so fluidly. For the past 40 years, the authority seems to be bogging the system down. Im asking three subject matter experts. Well start with you mr. Patt, or ms. Lord, we will start with you. Ladies first. What is the fixed . I dont want to report that we will never read. What is the fix to fix this problem . This is the way we lean in fris failing itself. The challenge is the need for speed. I believere are two things that we need to do. One, moved to continuous adls. Theres been a lot written and a lot discussed. Continuous atos are not yet implemented. This would be a very good thing todod leadership. Secondly, we are repeatedly across even programs, military services, agencies, not allowing reciprocal rights for ato. The same software is being reauthorized again and again. Those are the two key things that i think you should push on. Absolutely not looking at discrete, repetitive, approvals. Right now come in fact, there is only a requirement to approve 12 systems a year, which given the fact that most of our systems went on hardware, software and data is frightening. Murray. I completely agree. We think about in particular. We need to be able to stay, this Software Needs to be updated. The longer we wait by not giving them the code they need to do. How do we get to the industry, right . If a zero day comes out, some attack on my cell phone, there will be an update in the next day or two, right . Theyve already figured out, its going to satisfies our own. We need to find what that is. I think you should be asking on every program, what is the cycle time is going to the software. How much is that is the ato process. If that ato, more than a day, theres a problem, right . There needs to be a continuous ato where we automatically check, does a satisfied . This is important code. We need to be able to get out there kuquickly. Dr. Patt. I agree with those comments. The ato is about the risk of using the software. The schedule along with mission risk. If its buying body armor, you can separate these issues. Is safe to use this on a mission. Does this help support the mission. These lines get blurred. I will say that one of the places where you see progress in the department is where they try to put these risks together. If you look at, in the navy, there are Program Offices and Program Managers which both own the risk of use of the softwareo on the Operational Network and the development of software. When you move those things together, you tend to get these were mission focused outcomes. These are organizations which have been able to use continuous ato is. I would expect that same characteristic to carry us forward. As dr. Murray said, we often focus on adls. We forget the risk of not updating the software, of ihnot we become too focused on compance, checng the boxes of, you know, did we meet the boxes we said we did would . We forget the underlying problems. The most important thing is the cycle time that we keep coming back to. You can keep updating and mitigating problems. If i may have one quick followup on that, i think we need to differentiate in the department between Risk Management and risk elimination. We are never going to eliminate all risk. These tradeoffs are what take human ■ judgment calls. What dr. Patt is talking about. I think its very important for congress to recognize those individuals in the department who are leaning forward and demonstrating, embracing auorie would say who was, has d that admirably. Thank you, ms. Lord. For all the young men and e talking to you. You are the next generation that will keep this country ahead across the globe. I highly recommend you play this takeback because we are counting on you. Do you understand . Outstanding. Your recognized for five minutes. In my district, when you have a software challenge, they dont just go out and buy new software. In fact that the last thing they do. They have a mission and they ive heard that they just buy new software to check off the box that they have complied. This is innovating in the way that the private sector does. Could you comment on how we change that culture other than getting tim cook to run these things . I think it comes down to investing in the human capital. Ifindividuals are not trained to be smart buyers and we cannot attract contemporary coders and so forth, we cannot change that culture. Right now, we have a huge issue. This is mentioned in our final report with modernizing a lot of our business systems. We are pretty good at talking about from a War Technology point of view. We typically do not talk ab■cou innovating business systems. We need to digitize those systems and