Software program-Outlined Warfare: Crossing the Chasm in Two Software program Areas

Software program-defined warfare is at this time’s actuality for nationwide safety, shifting the emphasis in army operations from {hardware} to software program, “the core of each weapon and supporting system” fielded for protection. The Atlantic Council’s 2025 Fee on Software program-Outlined Warfare: Closing Report defines software-defined warfare because the “steady integration and supply of cutting-edge know-how and main interoperable software program into legacy and future protection programs.” The report emphasizes the necessity for velocity by means of synthetic intelligence (AI) by calling on nationwide safety organizations to “purchase and maintain unified, shared platforms that assist and speed up the end-to-end improvement, deployment, and governance of AI options.”

This weblog publish examines how software program engineering practices can meaningfully deal with two enterprise challenges for software-defined warfare recognized within the Atlantic Council’s report. The primary is a shortfall of software program pipelines, expertise, and sources, and the second is impediments to using DevSecOps. Software program engineering is the “software of a scientific, disciplined, quantifiable strategy” throughout the lifecycle of software-enabled programs. Over the previous 4 a long time, the advances famous in successive variations of the Software program Engineering Physique of Information (SWEBoK) recommend that software program is rarely accomplished. As software program continues to enhance, its challenges and alternatives do as effectively.

Software program engineering acknowledges the significance of each software program code (purposeful directions) and structure (system high quality attributes). Though the machine studying (ML) software program algorithms for AI programs are totally different—model-based, in a position to be taught new patterns, and producing output based mostly on statistical modeling—the event and sustainment of these programs is analogous to designing, constructing, deploying, and enhancing software-reliant programs.

Software program-Outlined Warfare, an Evolving Idea

The Division of Conflict (DoW) has lengthy labored towards software-defined management. Within the late Seventies, as an example, applications to develop software-defined radios (SDRs) sought to change incompatible legacy radios with ones that could possibly be configured—and reconfigured—with software program. After I served as Commander of the Air Pressure Analysis Lab at Griffiss Air Pressure Base in Rome, New York, our groups developed the primary open structure SDR within the SPEAKeasy (Software program Programmable Embedded Structure) challenge. SPEAKeasy know-how allowed troops to make use of a single gadget to speak with Military, Navy, and Air Pressure radios, and it was foundational to the later, bigger Joint Tactical Radio System (JTRS) applications.

Alberts, Garstka, and Stein described software-defined networking in a 1999 report Community-Centric Warfare: Growing and Leveraging Data Superiority. Extra not too long ago, DoW’s Mission Maven boosted software-defined warfare by making use of ML to research the large quantity of knowledge obtainable. On this decade, the Mixed Joint All-Area Command and Management (CJADC2) initiative emphasizes a complete strategy to behave “throughout all domains, and with companions, to ship data benefit on the velocity of relevance.” At present, the DoW is accelerating software-defined warfare with “AI-enabled functionality improvement.”

Whereas critically wanted, software-defined warfare just isn’t assured and depends on community connectivity that’s each safe and at all times obtainable. Denied, disrupted, intermittent, and restricted (DDIL) environments, a characteristic of the tactical edge, depart programs weak to cyber-attack and outages. Resilient designs can usually overcome this, however there are different impediments, similar to a paucity of fine coaching knowledge for AI fashions, sluggish procurement processes, a scarcity of individuals with the proper abilities and experience, and cultural resistance.

Software program Considerations within the Atlantic Council Report

The Atlantic Council, whose commissioners embody former DoW officers and software program business leaders, recommends in its report that the DoW “put money into the pillars of software program and AI improvement . . . to empower finish customers to effectively generate and operationalize software program and AI . . . .” The report poses seven “as is” enterprise challenges to realizing software-defined warfare. This weblog publish addresses two of them:

1. There’s a main shortfall of software program pipelines, expertise, and sources to satisfy the demand for software-defined warfare inside DoD organizations.
2. The absence of a software-centric tradition throughout the DoD impedes the employment of contemporary DevSecOps, which fosters speedy iterations and recertifications.

Every Atlantic Council “as is” state is paired with an envisioned “to be” state, leaving a chasm between the 2 akin to that described in Geoffrey Moore’s Crossing the Chasm: Advertising and Promoting Excessive-Tech Merchandise to Mainstream Prospects. In Moore’s evaluation, a chasm exists between early adopters (fans) and early majority customers (pragmatists), with the latter being the bigger (and extra worthwhile) group to win over. For the DoW and nationwide safety, the chasm might be seen between improvements from science and know-how (S&T) analysis prototyping and the institution of applications of document. This weblog publish means that software program engineering, with modern greatest practices, can bridge the 2 states for these two challenges.

Assembly the Shortfall of Software program Pipelines, Expertise, and Assets

If the DoW can not meet this shortfall, it dangers being unable to construct reusable capabilities that develop, deploy, interconnect, and govern software program and AI options quickly and at scale. The report’s “to be” state requires a mix of coaching in software program and AI literacy, focused recruitment, profession path improvement, and engagement with industrial software program companies.

How Software program Engineering Mitigates Threat, Accelerates Time to Worth

Software program engineering lessens DoW’s danger by accelerating the “time to worth” for utilizing AI programs by means of software program metrics that emphasize cycle occasions and guarantee interoperability with present programs. Software program engineering can contribute to assembly the shortfalls in pipelines, expertise, and sources within the following 5 methods.

1. Encouraging a holistic view. As a result of rebuilding infrastructure is expensive, disruptive, and resource-intensive, step one is to suit necessities for an AI system to the mission want and the working atmosphere. Then, search high quality, related, and consultant coaching knowledge for the AI mannequin and allow analysts and operators to establish and report errors to enhance the system. Always, pay shut consideration to safety by constructing in functionality to “forestall, keep away from, or present resilience to risks” as a result of flaws and vulnerabilities can circulation throughout vendor fashions within the complicated AI provide chain. When AI programs fail, safety incident response requires multi-party coordinated vulnerability discovery efforts amongst knowledge suppliers, open supply libraries and frameworks, mannequin hubs, distribution platforms, and third-party AI distributors (i.e., the capabilities supplied by an Synthetic Intelligence Safety Incident Response Crew (AISIRT)). Past these steps, the holistic view extends to partnering organizations. These organizations want experience in (ideally all of) the next: software program engineering, programs engineering for software program programs, cybersecurity, laptop science, AI and machine studying, and federal coverage and follow for software program acquisition. (“If a group does a poor job of figuring out the necessities, the challenge, the product or each are more likely to undergo from added prices, delays, cancellations and defects.”—SWEBoK Chapter 1)
2. Measuring cycle time from the primary snapshot (commit) to manufacturing. With an expanded view of metrics—throughout mannequin immediate, coding, human or AI agent evaluate, merge, and deploy—AI-supported developer groups can spot and deal with bottlenecks in programming, testing, and deployment. These advantages, although, might be misplaced if monitoring of the AI system doesn’t proceed after deployment. AI programs proceed to be taught and might produce incorrect outcomes except the programs are retrained. (See SWEBoK Chapter 5 for extra on testing and SWEBoK Chapter 9 for extra on software program engineering administration.)
3. Confirming that scalability enhances velocity. Scalable AI is “the flexibility of algorithms, knowledge, fashions, and infrastructure to function on the dimension, velocity, and complexity of mission wants.” Scalable AI infrastructure—high-quality knowledge, reusable pipelines, iterative improvement (e.g., DevSecOps), and API deployment—can direct the facility of AI from knowledge facilities to the tactical edge, so long as issues attributable to DDIL computing environments are overcome by means of hardened and resilient architectures. SEI and CMU researchers, as an example, are investigating the right way to deploy refined analytics on edge gadgets and lengthen zero belief structure to weapon programs operated in DDIL environments. (AI infrastructure and software program building share the aim of manufacturing dependable, environment friendly programs—SWEBoK Chapter 4.)
4. Making certain system interoperability. The DoW ought to promote using versatile requirements in code improvement and a modular structure strategy. Requirements similar to Future Airborne Functionality Surroundings (FACE) make sure that software program is designed for compatibility. A beneficial step is the DoW mandate for using Modular Open Programs Structure (MOSA) that extends versatile standardization, permitting “plug-and-play” so as to add or change modules with out system redesign, enhancing interoperability and decreasing vendor lock-in. (ISO/IEC/IEEE 12207 (software program life cycle processes), as an example, can guarantee that interoperability is engineered into software-reliant programs—SWEBoK Chapters 2 and 12.)
5. Defining and creating software program competency. The DoW ought to set qualification and certification requirements for its software program workforce backed by coaching and academic alternatives to realize them. On this respect, software program engineers and system designers would possibly borrow from the President’s Cup Cybersecurity Competitors, with a give attention to figuring out and sharpening software program expertise. (The SEI posted a retrospective of its assist for that competitors throughout six years.) Additionally, the DoW can present a market the place employees can match their abilities to mission wants. The SEI printed SkillsGrowth, a proof-of-concept platform that enables employees to construct profiles based mostly on their experience. Managers in want of these abilities can use these profiles to establish the information/AI expertise they want. These efforts might be fortified by selling AI literacy to create a standard language round AI that encourages collaboration and prevents misunderstanding about AI’s capabilities. (See software program engineering skilled follow—SWEBoK Chapter 14.)

Overcoming the Absence of a Software program-Centric Tradition

We look at now the opposite “as is” software-defined warfare enterprise problem, which is the dearth of a software-centric tradition that may successfully make use of DevSecOps to assist speedy iteration within the improvement and deployment of programs. The Council’s report notes that, except the tradition is remedied, the DoW is not going to achieve accelerated supply, decreased value, secured product, and steady authorization to function (cATO) from DevSecOps investments. The “to be” state outlined within the Council’s report envisions a software-centric tradition comprising ongoing skilled improvement and expertise administration, enhanced collaboration with business, and robust software program administration management.

How Software program Engineering Promotes Continuous Enchancment

The DoW goals to take care of a strategic benefit, which suggests it should “evolve sooner and be extra adaptable” than adversaries, by mitigating the potential draw back of its profitable historical past, large dimension, and legacy of conventional programs engineering strategies. The DoW has been a part of U.S. historical past since 1789, and the Military, Navy, and Marines date again to 1775, previous to the Declaration of Independence. This lengthy historical past demonstrates success in guaranteeing nationwide safety. Take into account, too, that at this time’s army represents greater than 2.8 million energetic obligation, reserve, and civilian workers, making it the biggest employer within the nation. Giant organizations with lengthy histories discover it exhausting to be agile, going through the Innovator’s Dilemma. Clayton Christensen’s 1997 guide explores why profitable firms might fail when confronted with disruptive applied sciences—similar to fashionable software program practices and AI. Bigger organizations are likely to ignore improvements that originally enchantment to area of interest markets (e.g., fans). Sooner or later, nevertheless, these improvements might enhance to an extent that they turn out to be the popular methods. By then, these long-standing organizations have fallen behind except they can disrupt themselves and take up the improvements.

To extend organizational agility in a software-centric know-how panorama, the DoW might take into account the next 4 actions:

1. Evolving the SWP with an AI-specific subpath for AI-based subsystems. As advocated by the Workplace of the Beneath Secretary of Conflict (Acquisition and Sustainment) and the Chief Digital and Synthetic Intelligence Workplace, a Software program Acquisition Pathway (SWP) AI subpath would speed up the deployment of minimal viable functionality releases. The extension of the SWP for AI acquisition was a step beneficial by individuals within the June 2025 AI Acquisition Workshop organized by the SEI. (Chapter 9 of the SWEBoK addresses software program engineering administration key issues together with acquisition.)
2. Fostering a department-wide digital ecosystem. DoW business companions use shift-left approaches to ship “resilient software program functionality on the velocity of relevance.” The DoD Software program Modernization Plan and the Atlantic Council report name for a department-wide digital ecosystem to scale advances made in response to the 2019 Protection Innovation Board Software program Acquisition and Practices Report. Because of this, a software-defined DoW would turn out to be agile in buying, creating, deploying, and sustaining programs that may reply to rising threats. (See Chapters 6 and 11 of the SWEBoK for data on software program engineering operations and strategies.)
3. Validating the method. SEI researchers advance the DoW’s imaginative and prescient of making viable, trusted, and extensible AI programs by main improvement of knowledgeable AI Engineering self-discipline. This self-discipline refocuses software program course of on iterative, steady enchancment in improvement and operation of AI programs. AI Engineering rests on three pillars: strong and safe, scalable, and human centered. Collectively, these pillars transition AI system improvement from analysis prototypes into safe and dependable programs for nationwide safety. (Chapter 10 of the SWEBoK particulars the number of technical and organizational processes concerned in software program improvement and deployment.)
4. Constructing belief in AI programs. Whereas AI stays a key driver of velocity, trustworthiness stays a problem as a result of AI fashions are basically statistical approximations and, moreover, algorithms can proceed to be taught. Throughout deployment, these traits, together with an inherent opacity within the largest AI fashions, hinder the seize of dependable metrics for usability, transparency, and explainability. People want these metrics to have confidence within the data AI supplies. As well as, an SEI research discovered that large-language fashions “are vulnerable to factual errors, hallucinations (i.e., fabrication of latest data), overconfidence, and susceptibility to adversarial assaults.” In work for the Beneath Secretary of Conflict for Analysis & Engineering, the SEI piloted the Middle for Reliable Measurement and Analysis (CaTE) to determine strategies for evaluating operator belief and to guarantee the trustworthiness of AI programs. This initiative printed its findings within the Reference Structure for Assuring Moral Conduct in Deadly Autonomous Weapon Programs (LAWS) and the CaTE Guidebook for Growth and Testing, Analysis, Verification, and Validation (TEVV) of LAWS to Promote Trustworthiness. (Chapters 3, 4, 12, and 13 of the SWEBoK contact on points of software program trustworthiness.)

As well as, SEI researchers have been concerned within the improvement of two different certification fashions that emphasize AI and safety. One is the AI Adoption Maturity Mannequin, created in collaboration with Accenture. This mannequin expands on maturity and functionality ideas to assist organizations use AI applied sciences extra securely since AI programs improve assault floor and invite novel assaults. As a result of combatting new threats is significant, the SEI and the DoW, in partnership with the Johns Hopkins College Utilized Physics Laboratory, co-developed the Cybersecurity Maturity Mannequin Certification (CMMC). The CMMC mandates that protection industrial base (DIB) companies shield Managed Unclassified Data (CUI) and Federal Contract Data by verifying their adherence to the mannequin’s safety necessities. Title 32 Half 170 of the Code of Federal Laws, which particulars CMMC, mandates that cloud service suppliers (CSPs), nearly all of that are AI platforms, turn out to be licensed to make use of FedRAMP.

Software program-Outlined Warfare and Efficient Programs for Nationwide Safety

Sound software program engineering for software-defined warfare ensures supply of resilient AI programs by means of safe provide chains. The ensuing programs shall be

• reliable in building, right in implementation, resilient within the face of operational uncertainties, and up to date with assurance
• delivered to warfighters when and the place wanted—in some cases anticipating the warfighter’s working tempo
• reasonably priced as a result of their value (acquisition, improvement, and operation), regardless of elevated functionality, shall be predictable and decreased over time (because of worth derived from DevSecOps use)
• able to making new missions attainable and enhancing the chance that present ones will succeed

A totally realized strategy for software-defined warfare shall be a pressure multiplier for protection and nationwide safety. Assuring that AI-enabled programs present benefit over the adversary rests on persevering with advances in software program engineering analysis, improvement, and training.