In progress
Any project, supported or not by a committee, that is currently being worked on or is considered active, and will have an end date.
U.S. national security depends on defense software that is secure, reliable, and agile. At the request of the Defense Advanced Research Projects Agency (DARPA), the National Academies of Sciences, Engineering, and Medicine conducted a study to explore how to enhance the assurance and agility of large-scale, integrated software-based systems. The report recommends ways the Department of Defense can engineer and manage its software systems to reduce cyber risk and enable more rapid system evolution to meet changing mission needs.
Featured publication
Consensus
ยท2025
U.S. national security depends on defense software that is secure, reliable, and agile. At the request of the Defense Advanced Research Projects Agency (DARPA), the National Academies of Sciences, Engineering, and Medicine conducted a study to explore how to enhance the assurance and agility of lar...
View details
Description
A National Academies consensus study will consider how to significantly enhance the security and nimbleness of large-scale integrated software-based systems, which are critical to national security, civil infrastructure, and key societal and business functions. It would consider (1) how to engineer and manage these systems in ways not only to reduce cyber risk but also to facilitate rapid and confident risk assessments to enable rapid system evolution when there are changing mission needs; (2) how to enable such systems to evolve more rapidly without compromising assurance; (3) the benefits of earlier test & evaluation engagement in acquisition and engineering; and (4) the constraints imposed by the technological state of art and practice, defense acquisition system, and commercial incentives.
In doing so, the study will consider several hypotheses about possible enablers of these goals:
- Direct technical evidence (such as models, analyses, and tests, and including both formal methods and such informal evidence as inspection reports and design documents) is both feasible to create and sustain and can better support assurance and nimbleness goals than purely indirect and proxy evidence (such as assertions of process compliance or supplier reputation);
- Explicitly designed and managed technical architectures allow for higher levels of assurance and better support of ongoing system evolution than unmanaged and emergent architectures; and
- Test and evaluation can be enhanced through technical advances in such areas as semantically sound modeling and simulation infrastructure and their employment earlier in system development and throughout system evolution to provide higher levels of assurance.
The study will also consider lessons learned from such developments as commercial use of formal methods; organic engineering (i.e., industry platforms that avoid using code from outside sources and open-source projects that aim to use open-source code and toolchains); innovative acquisition teams in DOD such as Kessel Run; DOD use of alternative contracting mechanisms; and the evolution of approaches to high assurance for civil flight controls, cryptographic systems, and embedded medical devices.
The study report will provide recommendations for research and development as well as sustainable acquisition practices that would accelerate progress toward achieving assurance goals while supporting rapid operational and technological change.
Collaborators
Committee
Co-Chair
Co-Chair
Member
Member
Member
Member
Member
Member
Member
Member
Member
Sponsors
DARPA (Defense Advanced Research Projects Agency)
Department of Defense
Staff
Tho Nguyen
Lead
Shenae Bradley
