Defense Software for a Contested Future: Agility, Assurance, and Incentives (2025)
Chapter: Appendix A: Statement of Task
A
Statement of Task
A National Academies of Sciences, Engineering, and Medicine consensus study will consider how to significantly enhance the security and nimbleness of large-scale integrated software-based systems, which are critical to national security, civil infrastructure, and key societal and business functions. It would consider (1) how to engineer and manage these systems in ways not only to reduce cyber risk but also to facilitate rapid and confident risk assessments to enable rapid system evolution when there are changing mission needs; (2) how to enable such systems to evolve more rapidly without compromising assurance; (3) the benefits of earlier test and evaluation engagement in acquisition and engineering; and (4) the constraints imposed by the technological state of art and practice, defense acquisition system, and commercial incentives.
In doing so, the study will consider several hypotheses about possible enablers of these goals:
- Direct technical evidence (such as models, analyses, and tests, and including both formal methods and such informal evidence as inspection reports and design documents) is both feasible to create and sustain and can better support assurance and nimbleness goals than purely indirect and proxy evidence (such as assertions of process compliance or supplier reputation);
- Explicitly designed and managed technical architectures allow for higher levels of assurance and better support of ongoing system evolution than unman-aged and emergent architectures; and
- Test and evaluation can be enhanced through technical advances in such areas as semantically sound modeling and simulation infrastructure and their
- employment earlier in system development and throughout system evolution to provide higher levels of assurance.
The study will also consider lessons learned from such developments as commercial use of formal methods; organic engineering (i.e., industry platforms that avoid using code from outside sources and open-source projects that aim to use open-source code and toolchains); innovative acquisition teams in the Department of Defense (DoD) such as Kessel Run; DoD use of alternative contracting mechanisms; and the evolution of approaches to high assurance for civil flight controls, cryptographic systems, and embedded medical devices.
The study report will provide recommendations for research and development as well as sustainable acquisition practices that would accelerate progress toward achieving assurance goals while supporting rapid operational and technological change.
