Software program-defined warfare is at this time’s actuality for nationwide safety, shifting the emphasis in navy operations from {hardware} to software program, “the core of each weapon and supporting system” fielded for protection. The Atlantic Council’s 2025 Fee on Software program-Outlined Warfare: Ultimate Report defines software-defined warfare because the “steady integration and supply of cutting-edge know-how and main interoperable software program into legacy and future protection programs.” The report emphasizes the necessity for velocity by synthetic intelligence (AI) by calling on nationwide safety organizations to “purchase and maintain unified, shared platforms that assist and speed up the end-to-end improvement, deployment, and governance of AI options.”
This weblog put up examines how software program engineering practices can meaningfully deal with two enterprise challenges for software-defined warfare recognized within the Atlantic Council’s report. The primary is a shortfall of software program pipelines, expertise, and sources, and the second is impediments to the usage of DevSecOps. Software program engineering is the “software of a scientific, disciplined, quantifiable strategy” throughout the lifecycle of software-enabled programs. Over the previous 4 a long time, the advances famous in successive variations of the Software program Engineering Physique of Data (SWEBoK) counsel that software program isn’t carried out. As software program continues to enhance, its challenges and alternatives do as nicely.
Software program engineering acknowledges the significance of each software program code (useful directions) and structure (system high quality attributes). Though the machine studying (ML) software program algorithms for AI programs are totally different—model-based, in a position to be taught new patterns, and producing output primarily based on statistical modeling—the event and sustainment of these programs is analogous to designing, constructing, deploying, and enhancing software-reliant programs.
Software program-Outlined Warfare, an Evolving Idea
The Division of Warfare (DoW) has lengthy labored towards software-defined management. Within the late Seventies, as an example, packages to develop software-defined radios (SDRs) sought to exchange incompatible legacy radios with ones that might be configured—and reconfigured—with software program. After I served as Commander of the Air Power Analysis Lab at Griffiss Air Power Base in Rome, New York, our groups developed the primary open structure SDR within the SPEAKeasy (Software program Programmable Embedded Structure) venture. SPEAKeasy know-how allowed troops to make use of a single gadget to speak with Military, Navy, and Air Power radios, and it was foundational to the later, bigger Joint Tactical Radio System (JTRS) packages.
Alberts, Garstka, and Stein described software-defined networking in a 1999 report Community-Centric Warfare: Creating and Leveraging Data Superiority. Extra just lately, DoW’s Mission Maven boosted software-defined warfare by making use of ML to research the great quantity of knowledge out there. On this decade, the Mixed Joint All-Area Command and Management (CJADC2) initiative emphasizes a complete strategy to behave “throughout all domains, and with companions, to ship data benefit on the velocity of relevance.” In the present day, the DoW is accelerating software-defined warfare with “AI-enabled functionality improvement.”
Whereas critically wanted, software-defined warfare will not be assured and depends on community connectivity that’s each safe and at all times out there. Denied, disrupted, intermittent, and restricted (DDIL) environments, a function of the tactical edge, depart programs weak to cyber-attack and outages. Resilient designs can usually overcome this, however there are different impediments, reminiscent of a paucity of fine coaching knowledge for AI fashions, gradual procurement processes, a scarcity of individuals with the best expertise and experience, and cultural resistance.
Software program Considerations within the Atlantic Council Report
The Atlantic Council, whose commissioners embrace former DoW officers and software program trade leaders, recommends in its report that the DoW “spend money on the pillars of software program and AI improvement . . . to empower finish customers to effectively generate and operationalize software program and AI . . . .” The report poses seven “as is” enterprise challenges to realizing software-defined warfare. This weblog put up addresses two of them:
- There’s a main shortfall of software program pipelines, expertise, and sources to fulfill the demand for software-defined warfare inside DoD organizations.
- The absence of a software-centric tradition throughout the DoD impedes the employment of contemporary DevSecOps, which fosters fast iterations and recertifications.
Every Atlantic Council “as is” state is paired with an envisioned “to be” state, leaving a chasm between the 2 akin to that described in Geoffrey Moore’s Crossing the Chasm: Advertising and marketing and Promoting Excessive-Tech Merchandise to Mainstream Prospects. In Moore’s evaluation, a chasm exists between early adopters (fanatics) and early majority customers (pragmatists), with the latter being the bigger (and extra worthwhile) group to win over. For the DoW and nationwide safety, the chasm will be seen between improvements from science and know-how (S&T) analysis prototyping and the institution of packages of report. This weblog put up means that software program engineering, with progressive finest practices, can bridge the 2 states for these two challenges.
Assembly the Shortfall of Software program Pipelines, Expertise, and Assets
If the DoW can not meet this shortfall, it dangers being unable to construct reusable capabilities that develop, deploy, interconnect, and govern software program and AI options quickly and at scale. The report’s “to be” state requires a mix of coaching in software program and AI literacy, focused recruitment, profession path improvement, and engagement with business software program companies.
How Software program Engineering Mitigates Threat, Accelerates Time to Worth
Software program engineering lessens DoW’s danger by accelerating the “time to worth” for utilizing AI programs by software program metrics that emphasize cycle instances and guarantee interoperability with present programs. Software program engineering can contribute to assembly the shortfalls in pipelines, expertise, and sources within the following 5 methods.
- Encouraging a holistic view. As a result of rebuilding infrastructure is dear, disruptive, and resource-intensive, step one is to suit necessities for an AI system to the mission want and the working setting. Then, search high quality, related, and consultant coaching knowledge for the AI mannequin and allow analysts and operators to establish and report errors to enhance the system. Always, pay shut consideration to safety by constructing in functionality to “forestall, keep away from, or present resilience to risks” as a result of flaws and vulnerabilities can circulation throughout vendor fashions within the complicated AI provide chain. When AI programs fail, safety incident response requires multi-party coordinated vulnerability discovery efforts amongst knowledge suppliers, open supply libraries and frameworks, mannequin hubs, distribution platforms, and third-party AI distributors (i.e., the capabilities supplied by an Synthetic Intelligence Safety Incident Response Crew (AISIRT)). Past these steps, the holistic view extends to partnering organizations. These organizations want experience in (ideally all of) the next: software program engineering, programs engineering for software program programs, cybersecurity, pc science, AI and machine studying, and federal coverage and observe for software program acquisition. (“If a workforce does a poor job of figuring out the necessities, the venture, the product or each are more likely to undergo from added prices, delays, cancellations and defects.”—SWEBoK Chapter 1)
- Measuring cycle time from the primary snapshot (commit) to manufacturing. With an expanded view of metrics—throughout mannequin immediate, coding, human or AI agent evaluation, merge, and deploy—AI-supported developer groups can spot and deal with bottlenecks in programming, testing, and deployment. These advantages, although, will be misplaced if monitoring of the AI system doesn’t proceed after deployment. AI programs proceed to be taught and may produce incorrect outcomes except the programs are retrained. (See SWEBoK Chapter 5 for extra on testing and SWEBoK Chapter 9 for extra on software program engineering administration.)
- Confirming that scalability enhances velocity. Scalable AI is “the power of algorithms, knowledge, fashions, and infrastructure to function on the dimension, velocity, and complexity of mission wants.” Scalable AI infrastructure—high-quality knowledge, reusable pipelines, iterative improvement (e.g., DevSecOps), and API deployment—can direct the facility of AI from knowledge facilities to the tactical edge, so long as issues attributable to DDIL computing environments are overcome by hardened and resilient architectures. SEI and CMU researchers, as an example, are investigating learn how to deploy refined analytics on edge gadgets and prolong zero belief structure to weapon programs operated in DDIL environments. (AI infrastructure and software program development share the aim of manufacturing dependable, environment friendly programs—SWEBoK Chapter 4.)
- Guaranteeing system interoperability. The DoW ought to promote the usage of versatile requirements in code improvement and a modular structure strategy. Requirements reminiscent of Future Airborne Functionality Atmosphere (FACE) be sure that software program is designed for compatibility. A useful step is the DoW mandate for the usage of Modular Open Methods Structure (MOSA) that extends versatile standardization, permitting “plug-and-play” so as to add or change modules with out system redesign, enhancing interoperability and lowering vendor lock-in. (ISO/IEC/IEEE 12207 (software program life cycle processes), as an example, can guarantee that interoperability is engineered into software-reliant programs—SWEBoK Chapters 2 and 12.)
- Defining and creating software program competency. The DoW ought to set qualification and certification requirements for its software program workforce backed by coaching and academic alternatives to realize them. On this respect, software program engineers and system designers may borrow from the President’s Cup Cybersecurity Competitors, with a deal with figuring out and sharpening software program expertise. (The SEI posted a retrospective of its assist for that competitors throughout six years.) Additionally, the DoW can present a market the place employees can match their expertise to mission wants. The SEI revealed SkillsGrowth, a proof-of-concept platform that enables employees to construct profiles primarily based on their experience. Managers in want of these expertise can use these profiles to establish the information/AI expertise they want. These efforts will be fortified by selling AI literacy to create a typical language round AI that encourages collaboration and prevents misunderstanding about AI’s capabilities. (See software program engineering skilled observe—SWEBoK Chapter 14.)
Overcoming the Absence of a Software program-Centric Tradition
We look at now the opposite “as is” software-defined warfare enterprise problem, which is the shortage of a software-centric tradition that may successfully make use of DevSecOps to assist fast iteration within the improvement and deployment of programs. The Council’s report notes that, except the tradition is remedied, the DoW won’t acquire accelerated supply, decreased value, secured product, and steady authorization to function (cATO) from DevSecOps investments. The “to be” state outlined within the Council’s report envisions a software-centric tradition comprising ongoing skilled improvement and expertise administration, enhanced collaboration with trade, and robust software program administration management.
How Software program Engineering Promotes Continuous Enchancment
The DoW goals to keep up a strategic benefit, which suggests it should “evolve sooner and be extra adaptable” than adversaries, by mitigating the potential draw back of its profitable historical past, great dimension, and legacy of conventional programs engineering strategies. The DoW has been a part of U.S. historical past since 1789, and the Military, Navy, and Marines date again to 1775, previous to the Declaration of Independence. This lengthy historical past demonstrates success in guaranteeing nationwide safety. Contemplate, too, that at this time’s navy represents greater than 2.8 million lively obligation, reserve, and civilian workers, making it the biggest employer within the nation. Massive organizations with lengthy histories discover it arduous to be agile, going through the Innovator’s Dilemma. Clayton Christensen’s 1997 e book explores why profitable corporations might fail when confronted with disruptive applied sciences—reminiscent of trendy software program practices and AI. Bigger organizations are likely to ignore improvements that originally attraction to area of interest markets (e.g., fanatics). In some unspecified time in the future, nonetheless, these improvements might enhance to an extent that they turn out to be the popular methods. By then, these long-standing organizations have fallen behind except they can disrupt themselves and take up the improvements.
To extend organizational agility in a software-centric know-how panorama, the DoW may take into account the next 4 actions:
- Evolving the SWP with an AI-specific subpath for AI-based subsystems. As advocated by the Workplace of the Beneath Secretary of Warfare (Acquisition and Sustainment) and the Chief Digital and Synthetic Intelligence Workplace, a Software program Acquisition Pathway (SWP) AI subpath would speed up the deployment of minimal viable functionality releases. The extension of the SWP for AI acquisition was a step advisable by individuals within the June 2025 AI Acquisition Workshop organized by the SEI. (Chapter 9 of the SWEBoK addresses software program engineering administration key concerns together with acquisition.)
- Fostering a department-wide digital ecosystem. DoW trade companions use shift-left approaches to ship “resilient software program functionality on the velocity of relevance.” The DoD Software program Modernization Plan and the Atlantic Council report name for a department-wide digital ecosystem to scale advances made in response to the 2019 Protection Innovation Board Software program Acquisition and Practices Report. Consequently, a software-defined DoW would turn out to be agile in buying, creating, deploying, and sustaining programs that may reply to rising threats. (See Chapters 6 and 11 of the SWEBoK for data on software program engineering operations and strategies.)
- Validating the method. SEI researchers advance the DoW’s imaginative and prescient of making viable, trusted, and extensible AI programs by main improvement of knowledgeable AI Engineering self-discipline. This self-discipline refocuses software program course of on iterative, steady enchancment in improvement and operation of AI programs. AI Engineering rests on three pillars: sturdy and safe, scalable, and human centered. Collectively, these pillars transition AI system improvement from analysis prototypes into safe and dependable programs for nationwide safety. (Chapter 10 of the SWEBoK particulars the number of technical and organizational processes concerned in software program improvement and deployment.)
As well as, SEI researchers have been concerned within the improvement of two different certification fashions that emphasize AI and safety. One is the AI Adoption Maturity Mannequin, created in collaboration with Accenture. This mannequin expands on maturity and functionality ideas to assist organizations use AI applied sciences extra securely since AI programs improve assault floor and invite novel assaults. As a result of combatting new threats is significant, the SEI and the DoW, in partnership with the Johns Hopkins College Utilized Physics Laboratory, co-developed the Cybersecurity Maturity Mannequin Certification (CMMC). The CMMC mandates that protection industrial base (DIB) companies defend Managed Unclassified Data (CUI) and Federal Contract Data by verifying their adherence to the mannequin’s safety necessities. Title 32 Half 170 of the Code of Federal Laws, which particulars CMMC, mandates that cloud service suppliers (CSPs), the vast majority of that are AI platforms, turn out to be licensed to make use of FedRAMP.
- Constructing belief in AI programs. Whereas AI stays a key driver of velocity, trustworthiness stays a problem as a result of AI fashions are basically statistical approximations and, moreover, algorithms can proceed to be taught. Throughout deployment, these traits, together with an inherent opacity within the largest AI fashions, hinder the seize of dependable metrics for usability, transparency, and explainability. People want these metrics to have confidence within the data AI gives. As well as, an SEI research discovered that large-language fashions “are vulnerable to factual errors, hallucinations (i.e., fabrication of latest data), overconfidence, and susceptibility to adversarial assaults.” In work for the Beneath Secretary of Warfare for Analysis & Engineering, the SEI piloted the Heart for Reliable Measurement and Analysis (CaTE) to ascertain strategies for evaluating operator belief and to guarantee the trustworthiness of AI programs. This initiative revealed its findings within the Reference Structure for Assuring Moral Conduct in Deadly Autonomous Weapon Methods (LAWS) and the CaTE Guidebook for Improvement and Testing, Analysis, Verification, and Validation (TEVV) of LAWS to Promote Trustworthiness. (Chapters 3, 4, 12, and 13 of the SWEBoK contact on elements of software program trustworthiness.)
Software program-Outlined Warfare and Efficient Methods for Nationwide Safety
Sound software program engineering for software-defined warfare ensures supply of resilient AI programs by safe provide chains. The ensuing programs can be
- reliable in development, appropriate in implementation, resilient within the face of operational uncertainties, and up to date with assurance
- delivered to warfighters when and the place wanted—in some cases anticipating the warfighter’s working tempo
- reasonably priced as a result of their value (acquisition, improvement, and operation), regardless of elevated functionality, can be predictable and decreased over time (on account of worth derived from DevSecOps use)
- able to making new missions doable and enhancing the probability that present ones will succeed
A completely realized strategy for software-defined warfare can be a power multiplier for protection and nationwide safety. Assuring that AI-enabled programs present benefit over the adversary rests on persevering with advances in software program engineering analysis, improvement, and schooling.