Search This Blog

Completing DoD Program on Schedule and on Budget

The House Armed Service Committee, Panel on Acquisition Reform, released its findings on March 23rd, 2010. This report outlines some disturbing statistics on IT programs:

  • Only 16% of IT programs are completed on time and on budget.
  • 31% are canceled before completion.
  • The remaining 53% are late and over budget, with the typical cost growth exceeding the original budget more than 89%.
  • Of the IT programs that are completed, the final product contains only 61% of the originally specified features.

These findings bolster the case for changing the IT management processes.  It is widely recognized that the current lifecycle rules encompasses requirements, architecture, tech assessment, procurement and certification processes, each performed one program at a time. That is unworkable because the development of separate infrastructures for over 3,000 programs increases costs, reduces interoperability and fractures the integrity of security.

57% of DoD costs are now in its infrastructure as noted below as reported in
http://www.whitehouse.gov/omb/e-gov/
 
Most of these costs should to be extracted from individual programs and offered as a shared infrastructure and not as program specific software.  This would deliver large savings and improved security.

Computers for Shooters

Two weeks ago I listened to a Marine Corps Brig Gen making a plea for a lightweight personal computer for use by shooters at the squad level. All of the talk he heard about net-centric networks was meaningless because it did not reach where it was needed.

The planner’s slides that promised connectivity for everyone were fiction. The existing radios were just too heavy and the antennas gave snipers targets. If the civilians could walk around with Black Berries why could not DoD provide comparable services?

There is no reason why we should not provide our fighters with a shirt pocket five-ounce device with a 3.7" color touch screen, GPS, camera and at least a seven-hour power supply for less than $300.
There are several programmable commercial products that can do that as illustrated below:

A Programmable Android Cell Phone

There are several issues that must be solved before we can proceed:

1. Training
The key to adapting computers in the combat environment is simplicity and persistence. Soldiers should be able to use a variety of computing devices regardless how the technology changes. Recruits ought to receive their shirt pocket appliance at the same time when they get their rifle. The graphic buttons on the appliance would be standard icons, with added variations for the Marine Corps, Army, Navy and Air Force. Unique buttons could be designed for specific purposes or for designated individuals. This approach guarantees training continuity over decades. Such proprietary buttons can be programmed using device specific Application Programming Interfaces.

2. Communications
3G cell towers or Wi-Max transmitters can be erected in the battlefield or on military bases for encrypted transmission. Protected commercial circuits can be also used if additional safeguards are installed. The visual persistence of the shirt pocket devices can apply also to desktops, laptops or note pads. Regardless of technology all accesses to the DoD private networks can be identical.

3. Security
The shooter’s computer is stripped of every application that is not accessible by means of a standard graphic “button”. Standard code reduces the attack profile to intrusions. Consequently the code for every function will represent mature software that can be modified only by the designers. Each “button” then offers access privileges based on the roles that are assigned to an individual, regardless of location. Central network control monitors all traffic including awareness as to the uses of the phone.

4. Social Computing
One graphic “button” can be reserved for access to the public Internet. It offers access to a virtual server that is completely isolated from military networks provided that bandwidth capacity is available. For details see http://pstrassmann.blogspot.com/.

5. Performance
Access to a screen should take less than a second. Combat requires response times of less than 250 miliseconds. Redundancy in communications must guarantee scheduled availability at all times. To meet these requirements will require a complete overhaul in the ways in which DoD manages its data centers and its networks.
   
SUMMARY:
Creating a uniform communications environment for our war fighters is not only feasible, but is also reduces costs. It scales down the time needed for learning how extract data from diverse sources. It improves security by relying on “thin” computing for access to intelligence regardless of location. Simplification of the user interface creates reusable software components, which increase the reliability of all communications.

The shooter’s computer is feasible because the technology risks are manageable. There is no reason to wait any longer.
 

Google Security Failure

Google, with over one million interconnected servers, its mature software architecture and its centrally managed security, represents the most formidable case of information protection. Google has more at stake in securing its network than any other firm. $23.6 billion of its revenues and a staggering $6.5 billion profits/year are dependent on assuring customers that privacy will be safeguarded.
Google security was compromised in December 2009. Google never disclosed what was the cause of this security failure. However, reporters kept sniffing around for clues. Finally, a well-connected reporter published what appears to be the most plausible story, which is consistent with everything else I know about Google. (See article by John Markoff, Cyberattack on Google Said to Hit Password System, New York Times, April 19, 2010).

The theft began with an instant message sent to a Google employee in China who was using Microsoft’s Messenger program. According to Markoff, by clicking on a link and connecting to a “poisoned” Web site, the Google employee allowed gaining access to the employee’s personal computer and from there to the computers of software developers at Google. Ultimately, the Chinese intruders were able to obtain control of a software repository used by the development team. Through that the intruders were able to access Google’s crown jewels, which is the password system that controls access by millions of users worldwide to almost all of Google’s Web services.

Clearly, it was the Microsoft Messenger program that was the conduit for penetrating Google’s security curtain. This program is an instant messaging client that is widely used for chat communications and usually depends on Microsoft Live services. With the Chinese in full control of routers that handle all incoming traffic it would be simple for them to divert the message from the Google employee to a Web site, which then implants a “bot” into the Google client. After that, the entire Google system is open to corruption.

IMPLICATIONS
The variety of chat offerings available to DoD personnel through social computing can repeat the Google’s security failure incident many times over. DoD’s seven million clients cannot be protected because of human error and on account of technically inadequate protective measures. As long as social computing, via the public Internet, makes possible the implantation of “bots” into DoD clients, DoD will be always vulnerable.

The only remedy available to DoD is to allow social computing to take place exclusively only over virtual servers that have no connection whatsoever with the networks that carry military traffic.

Social Computing on Cell Phones

Mobile phones are becoming the most important device a consumer owns. With new applications being built daily by a developer community utilizing the rich operating system on these devices, a mobile phone user’s persona—applications, pictures, videos, music, emails, bank info, credit card information, PIM—become more valuable. We need to think very differently about phones – how we secure them, what applications we run on them, how we use them at home and work, and how we manage them.

DoD can provide mobile phones  because they can see benefits for the deployed troops. Simultaneously, more employees are purchasing powerful personal phones and are frustrated by IT not allowing warrior operated devices not to connect to the public Internet. Rather than carry two phones, the troops should be able to do social computing (whenever bandwidth is available).

DoD could securely deploy NIPRNET communications alongside personal social computing in a managed environment, enabling soldiers to carry a single mobile phone.

Reducing Costs of DoD Software

According to Capers Jones — one of the foremost authorities on the productivity of computer programming — the following insights are relevant when evaluating the potential cost reductions in DoD Software (for details see: Productivity Comparisons of Selected Software Methods, Version 10, Copyright 2010, Capers Jones & Associates):

1. The difference between acceptable and excellent development costs is about
$1,748,043 - $1,034,300 = $713,746 (CMM3 - CMM5) per 1,000 function points.

(NOTE: CMM is the Capability Maturity Model of the Software Engineering Institute).

With thousands of DoD contractors and subcontractors writing and maintaining computer code on >5,000 applications with an estimated >500 function points/application the potential savings are very high, especially since much of the contractor's code is at the CMM1 level. However, such savings cannot be realized in the existing contract acquisition environment.

2.  It is unlikely that DoD contractors can ever deliver code plus maintenance at CMM5 levels. Therefore, the only remedy is for DoD to take applications and break them into code for the shared infrastructure (such as data management and security) and code that manages application procedures . The shared infrastructure parts of an application, perhaps as much as 50% of the code, could be then constructed by contractors who deliver at least 50% re-use of certified components.

3. If DoD succeeds in imposing the separation of infrastructure code from procedural code, half of the code would then benefit from the difference between CMM3 costs and 50% Reuse costs ($1,034,300 - $752,773 = $281,527, with incremental savings of $351,908,750.

4. Additional savings are available by adopting "85% certified re-use methods".  This reduces the costs per 1,000 functional points to a Total Cost of Ownership of only $287,518. By far the most promising development that would support such approach is SourceForge with its >250,000 library of available code components that has been refereed with >99% reliability and downloaded by ten thousands of users. SourceForge is an open source library, readily accessible at no cost. For instance, it includes code listing for 62,949 development projects, 13,453 projects for database management and 7,037 projects for security.

5. I believe such savings would be realistic because DoD's increasing emphasis on cyber security will dictate that infrastructure will have to be taken out of the hands of thousands of contractors plus subcontractors and concentrate in the hands of a few software firms that can deliver CMM5 secure code.

6. In addition to the TCO of the development of code there are additional costs incurred by DoD military and civilian personnel as well as data center charges. CMM1 software creates additional cost penalties incurred by users of poorly conceived applications.

CONCLUSION:
There is a large cost reduction potential in DoD's software development processes.

The Android Programmable Cell Phone

Android is a software stack for mobile cell phones that includes an operating system, middleware and key applications that use a modified version of the Linux kernel.  It was purchased by Google and lately by an Open Handset Alliance as an open systems platform which is a consortium of 65 firms.  It allows developers to write code in the Java language and use extensive Google-developed Java libraries. The Android code has been released by Google as free software.

On Feb 16, 2010 Google announced that 60,000 cell phones with Android are shipping every day. According to a press estimate, the Android platform ranks as the fourth most popular smart phone device-platform as of February 2010, rapidly gaining in market share against Microsoft.

Android will make it possible for DoD to create custom-made "access buttons" for the warrior. These buttons can be constructed to assure security.

The following is an example of a "button" that a warrior would use to access maps.