Acquisition Competency Targets for Software (ACTS)
The soundbite “software is eating the world” entered the lexicon with Marc Andreessen’s 2011 Wall Street Journal op-ed.57 But the most salient point from the article is often lost in routine conversation. Over 10 years later, the world’s largest bookseller (Amazon), the world’s largest video service (Netflix), the world’s largest taxi company (Uber), and the world’s largest hotel chain (Airbnb) are all still software companies, continuing to invest in their software product development although their businesses manifest offerings in traditional business sectors. Andreessen’s statement that “national defense is increasingly software-based” was not a strong endorsement of software’s impact. Fast-forward 10 years, and this report posits that reframing the discussion around national defense is reasonable: Adaptability and resilience define strategy, and software defines tactics of national security more than bent metal.
Even though physical sciences and bent metal keep the F-35 in the air, software and digital systems give it a combat edge over adversary systems.
PEOs need to learn how to skillfully think about and guide the development of their programs as though they are a software company seeking to deliver a weapons system, similar to how executives at Amazon, Netflix, Airbnb, and Uber have harnessed software to deliver market advantage in what were considered traditional industries. Even Congress, not always regarded as the most forward-leaning body, reinforced this shift in the draft NDAA for fiscal year 2023, which sought to create an environment that “enhances incentives for acquisition professionals [to] learn more about the business models of software-first commercial, start-up, and nontraditional companies that may be able to offer solutions to the Department.”58
What follows is a concrete set of acquisition competency targets for software, or ACTS, that PEOs and program managers can use to manage development like a software company, even in the heavily regulated environment of defense procurement.
It is important to note that this report does not suggest that the DoD run the military as a commercial software company. The needs of the DoD are far too diverse to roll up to simple metrics like profit, and its equities are too varied to house in a single monolithic code repository. Beyond this, the tremendous responsibility of preparing for conflict does not become lighter with the introduction of beanbag chairs and hoodies. An acquisition professional bears moral responsibility as well as substantial statutory obligations.
But just as the relative combat advantage is moving to sources in software, the relative emphasis in acquisition has to shift to software delivery.
We have designed these ACTS around the key ideas that PEOs and program managers should realize, and should institutionalize, to guide their acquisitions to embrace the three goals of this report:
- Embrace the heterogeneity of software ߪ
- Recognize that software, not legacy warfighting platforms ߪ controls the speed and efficacy of modern kill chains.
- Preserve the balance across the digital triad of software ߪ data, and AI/ML as equal peers.
Our premise is that when PEOs actively implement these ACTS, they better position their programs to produce weapon systems capable of not just operating downrange, but adapting at the speed of relevance when software defines tactics.
Each of these ACTS could stand on their own, but the sum is greater than the parts. We intentionally discuss and present them as principles to avoid making them overly prescriptive. PEOs should view, interpret, and define the ACTS collectively for each individual weapons program because of the inherent heterogeneity of software that we have emphasized in this report. They can realize the ACTS only by recognizing the value of cross-functional teams at every level and every stage; a program cannot extract full value from its ACTS if its supply chains, industry partners, authorizing officials, and warfighters are not part of the journey. Finally, PEOs have to periodically review a program’s implementation of the ACTS through the lens of continuous improvement.
- ACTS 1: Evaluate Existing Software Factories before Building Your Own
- ACTS 2: Partner with an Authorizing Official to Realize a Continuous Authorization to Operate
- ACTS 3: Own Your APIs, Even More So Than the Implementation
- ACTS 4: Behave Like a Software Recruiter
- ACTS 5: Think in Service Levels
- ACTS 6: ACTS 6: Define Zero-Trust Outcomes within Software Applications