The Navy operates on the forward edge in an unpredictable and hostile environment. Rapidly delivering new capabilities to a ship via digital systems and applications can give warfighters a competitive advantage in an era of great power competition.
Maintenance and modernization of the fleet is key to ensuring commanders have the assets they need to win at sea. Timely delivery of these assets provides them the flexibility to operate on a global scale, but software delivery can be complex because opportunities, or ship availabilities, are carefully planned for a scheduled period of time in which many upgrades are performed. To operate in this quick-paced environment, software updates must be performed rapidly, reliably and securely, explained Naval Information Warfare Center (NIWC) Pacific Chief Engineer Delores Washburn in a webcast Sept. 22 titled — “Software Armories” — sponsored by Elastic.
“I really enjoy the title of this webcast being ‘Software Armories’ – that idea of a software armory – what is an armory? It’s a place where we keep our arms and ammunition and so the fact that we are starting to think about software that way is really interesting and novel because our software is that valuable,” Washburn said.
In the Toolkit: Digital Twins, DevSecOps, App Arsenal
Washburn discussed the various tools Navy developers use to engineer software for the fleet. The Naval Information Warfare Command enterprise calls its software factory “Compile to Combat.” In this approach, developers go from compiling, which is the last step in a process to change high level code to executable code, to combat. That idea of going straight from compiling to combat is a really exciting idea, she said.
The Navy has fashioned a number of ways to speed the delivery of software, Washburn said in a question and answer period following her brief. One is the concept of digital twins which she described as a novel and innovative way of using a commercial cloud to build a digital instance that is representative of a ship.
“We wanted to take advantage of cloud and be able to have a digital twin that looked just like a ship and let that be our staging environment so we could have high confidence that as soon as we deployed software on an operational platform, it’s going to work,” Washburn said.
Digital twins in this case are digital instances that replicate the ship’s computing and software services and support development, deployment, cybersecurity and troubleshooting efforts.
This environment enables the ability to continuously test, evaluate and integrate solutions before delivery. As a key initiative in the Navy’s digital transformation efforts, this will increase system reliability and cybersecurity while decreasing risk for the warfighter.
This is significant because ships operate in remote, austere conditions, disconnected in a low-bandwidth environment. While they can reach back to the cloud for a lot of good information, fundamentally, they must operate alone without a dependency or reliance on cloud services, Washburn explained.
“The other thing is that not all ships are alike, every ship has its own schedule and so they come in for an install and get the next baseline, so we have multiple baselines across the fleet. Being able to actually represent that baseline and even getting telemetry [automated app monitoring] on a specific ship and a configuration change, where we can actually have that twin get to that baseline and specific ship configuration, is really key to ensure that the software is going to work,” Washburn said.
“The good thing about cloud is you can spin up an instance, spin it down; automations allows us to do that,” Washburn said.
The concept of continuous testing and integration with a digital instance of the ship in a third-party commercial cloud is an important part of NAVWAR’s DevSecOps strategy. The cloud-enabled DevSecOps digital environment facilitates rapid delivery of software applications to the warfighter.
NAVWAR’s digital twin efforts also include digital models of these systems. By using digital models, NAVWAR was able to identify capability gaps and overlaps prior to installation. The goal is to create digital models of all systems on all platforms to improve cybersecurity, enhance system capability, increase the speed of technology delivery and reduce the time and cost of an installation, NAVWAR officials have explained.
In the Beginning
Development of the Consolidated Afloat Networks and Enterprise Services (CANES) open architecture and Agile Core Services (ACS) was really the beginning of quicker application migration for the fleet, Washburn explained. CANES provides enabling technologies for development and deployment of mission applications, including Platform as a Service (PaaS), a data analytics framework and common application services. Uncoupling software and hardware served as a game-changer leading to other breakthroughs in the developer’s toolkit.
“I can’t emphasize enough how CANES has been the big enabler. I feel like we are standing on the shoulders of giants, of those leaders who made those decisions years ago to make it modular, for them leaning forward and putting a PaaS there so we could have containerized applications to be delivered more quickly,” Washburn said.
Washburn described CANES as a “data center afloat.”
CANES consolidated disparate networks and computing infrastructure into one secure shipboard environment. System and application owners just bring their software for hosting on CANES – no need for them to include a network, routers or any type of hardware.
Responding to a question about the future of CANES and further applications to be added, Washburn said CANES already hosts 100 different applications.
“What’s new for CANES is how we migrate all those different applications into this new way of doing business. Some are further along, I think I have a top 10 moving along, they are containerizing, using DevSecOps, so they are able to do rapid deployments. We now think we have to work across the whole community. Part of the unfortunate problem is not everyone [application owners] is funded to modernize their applications. We want to be able to help them modernize when they can.
Also, culture is very important to the future of CANES. “When we talk about DevSecOps, it’s about bringing together people, processes and tools and to be able to deliver software more rapidly and actually having better security. I like to think of DevSecOps in a very simple way which is combining and unifying development, security and operations … It’s having all these communities come together – that’s why I like to think of DevSecOps as a unification of those three elements,” Washburn said.
Successfully piloted by NAVWAR in 2018, Compile to Combat in 24 Hours was engineered to provide a standardized way to transform the Navy's information environment through the adoption of common standards for data formats and interfaces with the aim to deploy new software capabilities in under 24 hours.
“I was really lucky to be involved in some of our first experiments, a lot of folks might have known it as the Compile to Combat in 24 Hours, it was called that by a wonderful admiral, (now retired) Rear Adm. Danelle Barrett. She had this goal, ‘I want to be able to get compile to combat in 24 hours.’ We did two experiments one on the USS Essex, the other on the USS Stockdale, and we were able to do just that. We had four applications that we were able to take to the software factory and then deliver to those ships … and the fun thing is we were able to deliver an update to an app in eight hours to Admiral Barrett’s 24 hours challenge. That was really exciting,” Washburn said.
The Information Warfare Platform – Delivering Advantage
CANES is a critical component of the Information Warfare Platform which exemplifies the need for speed, affordability and interoperability. Success in this environment requires the ability to acquire, test, install and field capability at the speed of modern technology.
“The way I like to describe [information warfare] is the advantage that we get from integrating all the information-based sensors. It could be intelligence, surveillance, reconnaissance, electromagnetic warfare, cyber, and it could be any sensor from seabed to space. So it’s vast and varying; being able to integrate all those together [for] maneuverability throughout the battlespace and to deliver effects,” Washburn said. “We are no longer waiting for a ship availability where we send an install team onboard because we think we have the tactical advantage in rapidly updating the software. We are not Facebook doing 10,000 software updates a day, but we can see ourselves doing frequent updates, possibly three in a week.”
Information Warfare is continuously evolving and being able to deliver smaller and more rapid software updates to ships is what the team is building on.
“One of the things that NAVWAR has done is stand up what they call the ‘App Arsenal’ … The way to think about the App Arsenal is we all have smartphones, so if you want a new app you go to the app store. So the App Arsenal is really our app store for the fleet, for ships. When the ships have the connectivity, they can look at the app store, see what’s new, and pull down updates to deliver those updates between ship avails, between coming into port,” Washburn said.
Asked about the type of metrics the team captures, Washburn said the team is working on a methodology.
“With DevSecOps, I think the most important metrics industry would recognize is how frequently you do releases, stability, availability and lead time. We recognize we need to start keeping metrics. We have what I call leading metrics, which is how many of our programs, how many of our developers are trained and starting to adopt these processes in the software factories… But it’s that release — sending software to a ship — is the metric that we will absolutely be measuring and reporting to our leadership,” Washburn said.
Washburn said the team has worked to remove barriers that have slowed DevSecOps, for example, reengineering the Risk Management Framework (RMF) process, which requires an application or system owner to obtain an Authority to Operate (ATO).
“The really great thing is people have come across the Navy to streamline the RMF process for DevSecOps. We have a new process we are using. We’re going to be using it for a new application and it will actually help us have the RMF process baked in,” Washburn explained. “We have what I call a tactical use case, which we think is something the rest of the Services and the DoD may be interested in. That is our end-to-end RMF streamlining that lets us take advantage of the software factory, all the goodness of cyber, and continuous monitoring, but taking into account that we are taking software out of one environment and deploying it into another – the risk is owned by the operational commander so the risk has to be assessed for that particular platform.”
Washburn relayed that her team couldn’t have had success without industry partners. Industry partners interested in supporting the Navy in these efforts should work with their government sponsor, Washburn advised.
“We can give you access to the digital twins so you can do continuous testing and integration to help speed your timelines, because as a developer for CANES, you have to go through the ‘Application Integration Process.’ Previous to having digital twins, you might have to wait four to six months to get into the lab to go to a physical space and test. Now we can get you into that continuous development, continuous integration environment ... So to all the industry partners supporting their sponsors, we absolutely can help you get access.”
Cybersecurity in the Cloud
NAVWAR Spotlights Digital Transformation Efforts at WEST 2020
SPAWAR Supports Navy’s Digital Transformation with ‘Compile to Combat in 24 Hours’ Training Series
NAVWAR Completes First Digital System-of-Systems Model; Increases Cybersecurity on USS Abraham Lincoln
Working Group Promotes Navy Application Modernization and Accelerated Delivery to Afloat Platforms