Doctor subcommittee will come to order at ask unanimous consent the chair could declare recess in a timer that objections order. Good morning everyone thank you for we are here today to discuss one of the most with the u. S. Arsenal. That is software. It is crucial to our ability very in the air, the sea come , onlinein space anderspace. Aircraft carriers will be able to leave our pier they can deliver a payload over its target we expect the system and code we rely on work when■j needed. Despite this was seo dartmenterg and prioritizing software. Congress do know when something is wrong and something is right or in something is working or w. We read the studies repeatedly noting the department struggles with software findings that are remarkably consistent the 1980s untilin today. Its fundamentally amiss. My hope is for the witnesses to not only describe the problem but contextualize where possible what is being done to date with the largest barriers have been to address these issues in a ma. I cannot think of a better set of witnesses in front of us today to help with thatm task r undersecretary for defensive acquisition and sustainment. Doctor Richard Murray professor of controlling and systems and bioengineering at caltech, and cochair of the 2019 Defense Innovation boards of Software Acquisition and senior fellow at the hudson institute. Today. You all for been with us i will not recognize the Ranking Member for his remarks. Thank you mr. Chair thank you Shalanda Young excellent witnesses. Looking forward to hearing from you. The department of defense and u. S. Government has been critical in the development of software and technology in this country. Representative of Silicon Valley i remember is our mission to the moon to the acquisition of semi conductors. We had not had the u. S. Government by semi conductors in the skill they did he would never seen the development of Silicon Valley and the technology. Now the innovation is happening in my district and in the private sector. To strengthen the collaboration betwee our department and defense and private sector in pr recognizing the dynamic nature of software and how softly it chgee need that innovation to keep us the Strongest Military country in the world. I am looking forward to your comments and your suggestions. Thank you, mr. Chairman. Thank you. Ill start the witnesses miss lord you are recognize her five minutes for opening thank youyo very much congressman for chairing this hearing and thank you for members of the subcommittee to in sockos on my former colleagues and now current colleagues. In ann era of strategic Competition Among technologically advanced powers software were shape the nation of deterrence and define a National Security advantage. The urgency to empower our defense and National Security both the best existing andain emerging technology is critical not only to preserve our freedom but also those of our partners and allies. Our nation has developed and operationalized Technology Solutions that have transformed our commercial sector. An intern, our everyday lives. Now we must harness and apply bolster superiority in theion to digital age. Given current geopolitical the stakes cannot be implementation in support a child of the moment to fall short now would not be just a bureaucratic come but a source of imminent risk to our ability to deter fight and win. The ability to quickly develop and deliver close the gap between information discovery and Mission Response is a defining differentiator in the global competition defense and intelligence agencies must develop, acquire, execute and maintain software to meet Current Mission needs while also having the agility to quickly respond to future threat environments the statutory regulatory and budgetary framework for these agencies are ripe for streamlining to build and maintain the Nation Software advantage. The department of defense procurement process is one of the greatest challenges and opportunities to Software Acquisition. Often software is purchased using the same approach that is traditionally employed for major hardware systems purchases. Typically this entails setting rigid requirements conducting a lengthy solicitation and ultimately years later facing costly sustainment contract to adapt software that is often obsolete upon delivery. Although alternative acquisition pathways exist there only as effective as an acquisition professionals ability to implement them. Funding professional training and development for acquisitiony have key skills for implementing the full spectrum of acquisition approaches will enable the best and most Innovative Software and technology to be quickly provided for our National Security workforce. Policies andmo procedures modern Software Development and delivery practices Software Development lifecycle, software as a service delivery, human centered design, and modern technology. Training the Acquisition Workforce is necessary but not sufficient to modernize Software Development and deployment. Resourcing must be available to, rapid and continuousde authority to operate and leadership must demand all relevant authorities procedures and processes are employed. My submitted testimony goes into more details on these items. I would like to close by acknowledging three efforts producg ommendations that might be useful to the gosubcommittee. One is the commission on planning programming budgeting and just last week produce our final report. Chairman rogers Ranking Member smith held a hearing in which we talked about recommendations that would help our software initiative. Two, the software Defense Coalition that is led by jane lee is producing actionableul recommendations for the subcommittee. And finally the Atlantic Council commission on Software Defined a warfare of which i serve is ctionable recommendation. I urge the committee to follow up on these. Thank you. Thank you, doctor murray you are recognize her five minutes. Undistinguished numbers in the subcommittee. Thank you for inviting me too speak with you this morning on Software Development and t. From 2016 to 22 known as a member of the board and cochaired along with michael that study on Software Acquisition processes. This was established in the 2018 and daa and our report was titled software is never done released in may 2019. The key findings of our report is congress and sabin talk about the importance of software struggling how to make better use of Software Support the National Security for decades. In many ways the report of 2019 was a rephrasing of the 1987 Defense Science Board Task force on military software with 32 years earlier. Which identified itself over 30 previous studies in the same topic. We described in our report Chapter Three we need to do we just need to figure how to actually do it to get to it. In our 2019 report we identify three thater important points to make. The first is speed and cycle time of the most important metrics for software. Being able to develop and deploy faster than adversaries means we can provide more advanced capabilities, respond to your adversaries be more responsive to endusers. Reduces risk reduces in reliability gives us a Tactical Advantage on the battlefield by allowing operation response inside our adversaries to observe. Second, software is made by people and for people so Digital Talent matters for dod resource policies a not conducive to attracting and retaining and promoting Digital Talent. Talented Software Developers and acquisition Personnel Software experience are often put in job which does not allow them to make use of those towns particular in the military working job may not recognize Software Develop an experiee dof the necessary skills exists and scenting advantage we put them in an environment wherets difficult to be effective. Third not all software is the same. Statutes regulations that govern the developed procurement develt sustainment of different systems. Software development is hardwar. Software should be developed deployed contested continues to improve using much different cycle time support infrastructure and maintenance strategies. Stop was never done must be managed as enduring capability y that treated differently. Inso preparing the recent repors on the implementation of some of the recommendations from the study about which we partnered with us see theyve made substantial progress in implementing many of our recommendations including establishing acquisition pathways for software, exploit appropriation categories allow software to be funded as a single budget item. These important steps and should be in addition to these actions on the process dod implemented actions on other primary and secondary recommendations from and continuous ato which dideli. As of april 2023 it appears the guidance foror containers is not yet been published. I would encourage dod to do so if it hasf÷ already. Another area of high importance is recruiting Digital Talent. Dod progress mind personnel for specialized teams and career track for Software Developer something we recommend. A correct Service Members allow dod to train retain the Skilled Workforce necessary to design build and test modn software systems. Finally an error thats completely different todaycl thn it was five years ago is the role of Artificial Intelligence and military system. The implication will be profound across all areas of society in the field is changing so rapidly its impossible to predict how a i will predict over the next three years. Moderate l■ models are writing code based on descriptions of the desired function and are being used in industry to speed development. In the future integral to testing deployment production of software as well. And for adversaries. Software for systems is too critical to fail we must find ways to harness those tools that fihe increased levels required in safety and missioncriticalal systems dod mustang top of the developments and of current u. S. Leadership being developed in the commercial sector. Congressmen with dod plays in the central moving forward thank you for your attention and i look forward to our discussion bro. Thank you doctor murray doctor pratt your recognize her thank you for inviting me here to speak. On such an important topic. Re an individual capacity by serve diverse roles offering the perspective on cutting edge of National Security technology and threats. Rod Techno Economic shifts which are reshaping the globall order in the vibrant commercial tech ecosystem. As you all know itus powerful is for economic productivity for government effective dues eric of our time strategic competition peoples republic of china. It is this. Competition advantage ultimately depends on the ability of one side to adapt mo by year mitigating weaknesses and building advantage. The kinds of questions we end up with in the military dimension of competition or things lik are our weapons systemsmi relevt against a relentless pace of new threats can commanders accessri. Can we invent new ways of fighting but the prc on back foot and dissuade aggression. These are the issues the department of defense must tackle if it wants to compete in every one of these issues now s. Even changing military unit tactics depends on a software update. Not your state whiteboard planni session. We need look no further than the battlefields of ukraine for evidence units which are able to change the software more quickly see better outcomes. So we face a choice. We can be victims of software cursing its bugs, delays and overruns are we can harness it for competitive advantage leveraging American Ingenuity arose talent base, and leading technology. That is our question can we create a Defense System built for evolution and adaptation . System built to compete my central message is this it will echo those of my fellow witnesses here. The process of gettinge from ama programmer into an operatiol system is critical. This is what is so different about software. We blur the line between development and what his what is operations using that same thing. Making this quick andoc robust s a necessary condition for competition. There are a handful of fort leading trailblazers in the department during this well today. But they remain in the minority they face daily struggles against organizations and processes built for another era. I call your attention to two actionable items for oversight. First enad1blingapid Software Deployment and updates through the ato process. Again it refers to the process of how the departm if software is safe to deploy and use. The second item, talentsy qualified Technical Expertise to guide Software Development and procurement. The first topic i will introduce an ways making software it resembles a potter molding wet clay. Forming into some finished pieces. When works with source codes it acts like wet wt clay aiken quickly adjusted, may fix it. Once the code has compiled, but, shipped and becomes fixed and brittle. The executable code only works in one particular type of process as we fix assumptions ab operating. It has so many dependencies need to f t the Engineering Team you need a cycle. And the process often makes is quite difficult. This is addressed in greater detail my written statement. On the second topic, technical Talent Software is a complex ma. Details matter. The bits of matter we hear these headline sometimes like one simple trip can Call Software or get to the cloud went software it rules them all or higher Silicon Valley. Those are great tools. Those are useful things. But navigating the complexity requires judgment and organic technical talent on the part of the department. The dod needs technical leaders driven by mission. It is not meet■ armst can attrat if given the right tools using things like Term Appointments and giving these peoplee autonomy. Thank you. Thank you doctor patsy. We will move into questioning. I will open operate you will hit on that. I hate to say it seems mike you guys should not leave im going to talk to you guys if you want to hang out. Yes, totally cool sit back down. The authority operates it seems like its improper medium fore. Software innovation into the departments. Software is updated every half second of every minutef hour of every day. It moves so fluidly. For the past 40 years the authority operates seem to be in down. Ill start with you ladies first. Whats the i do know and to report we dont never read. What is the actual fix for the pr■oblem . This is the forward lean in front of our adversaries. The system is failing its self. The challenge is the need for speed. And i believe there are two things that wele need to do. One, moved to continuous ato. Aa lot discussed. But continuous atos are not yet implemented. I would suggest drawing posture hearings will be a very good thing to ask dod leadership about two. Secondly, we are repeatedly across event programs, military services, agencies, not allowing reciprocal rights for atos. The samee is being reauthorized again and again. Those of the two key things i think we should push on picnics break down the silosfy between multiple partners . Absolutely. Not looking at discrete repetitive approvals. Right now theres only a requirement to approve 12 systems aso year which given the fact most of our systems run on hardware, software, andrf frightening. I completely agree. You think about continuous ato what do we need toe able to do . We need to be able to say the Software Needs to be updated. Hes be updated now the longer we wait the more risk we put more risk. How to get to the point where industry . My cell phone there will be at update in the next day or two theyve already figured out how to put an update out there thats not going to break all and satisfy their own security we need to do that was in the dod we need to find that that is. I think he should be asking on every program what is a cycle time this going into the software . How much of the cycle time is the ato process . If the ato process is more than a day there is a problem because iteeds to be a continuous ato needs to be something we automatically checked does it satisfy the security requirements . This is important cody got to be careful thatut what needs to get out there quickly are putting our workers at risk. Pat . Lex i agree very much with those comments. The ato is about the risk of using the software. About deploying the software but gets aligned with mission risk. Th p lost. Buying a body armor and you can separate these decisions of dented by the body armor doesnt meet the is it safe to use this on a mission doesnt