Why the Joint Cyber Warfighting Architecture Must Evolve

Agencies can reap many benefits from consolidating the cyber warfare platform’s software factories.

LISTEN

Your browser doesn’t support HTML5 audio

U.S. Cyber Command finds itself at a crossroads with the Joint Cyber Warfighting Architecture, which must meet current operational needs while also evolving to integrate with more systems. Further integration of the cyber warfare platform depends on shifting software development from the traditional waterfall approach to one that’s more agile.

The Senate Committee on Armed Services wants to limit funding for the JCWA until CYBERCOM provides “a plan to minimize work on the current JCWA architecture and create a baseline plan for a Next Generation JCWA,” according to a summary of the National Defense Authorization Act (NDAA) for fiscal year 2025.

Click the banner below to learn more about continuous app modernization.

 

Unlocking the Benefits of Software Development Consolidation

The JCWA pulls together software factories from across the service branches, including the Air Force’s Unified Platform and Joint Cyber Command and Control and the Army’s Persistent Cyber Training Environment, Joint Common Access Program and Joint Development Environment jointly operated with CYBERCOM.

One benefit of bringing these software factories under the JCWA is that it better aligns the military cyber operations software development process with civilian best practices, allowing the program to set clear priorities for design and implementation. Each of these branches currently operates its own DevSecOps program, which hints at the challenges involved in integrating their complex systems. However, many additional benefits will accrue from a move to a common development platform.

Integration will help reduce duplicative software development efforts among the branches, which will in turn lower overall costs. A common development platform will improve overall security by reducing the number of systems operating, shrinking the attack surface. The JCWA will also increase opportunities for interoperability between different systems being developed.

RELATED: DOD’s higher-level security framework makes sharing systems tricky but not impossible.

In addition to bringing six programs onto one shared Kubernetes platform, the JCWA’s consolidation effort will extend to the hardware stack, including computers, and everyone will use the same development technology. The JCWA will oversee the common platform, while each program will have its own office to continue developing software in containers or virtual machines to meet its unique mission needs.

There is still much work to do to achieve the JCWA’s vision.

“To realize the JCWA design, USCYBERCOM must balance the need to coalesce around a unifying architectural vision with the fact that the disparate programs already exist in some capacity today, and that the cyber operations forces need capabilities now. They do not have time to wait for a perfectly realized end state,” noted Seth Bennett, deputy director of CYBERCOM’s Cyber Acquisition and Technology Directorate, in a presentation at June’s AFCEA TechNet Cyber conference.

JCWA’s Plan Faces Several Hurdles

To that end, the command acquisition executive and director of the Cyber Acquisition and Technology Directorate at CYBERCOM, Khoi Nguyen, is building out acquisition staff and expertise. With CYBERCOM’s budget growing from an initial $75 million to a robust $3 billion, Nguyen should have access to more funds to improve the JCWA — though just how much remains to be seen.

Another problem is that no mandate exists among programs to move forward with integration. While the JCWA has budgeting and acquisition authority granted by Congress, CYBERCOM still needs additional authority from the Office of the Undersecretary of Defense for Acquisition and Sustainment to require consolidation.

Lastly, the JCWA’s vision can only be made reality once CYBERCOM provides a roadmap for integration, according to the 2025 NDAA summary.

MORE FROM FEDTECH: Four steps to modernizing agency applications.