Atlantic Council Commission on Software-Defined Warfare: Final report

Report

March 27, 2025 • 9:00 am ET

Commission on Software-Defined Warfare: Final report

By
Whitney M. McNamara, Peter Modigliani, Tate Nurkin

Table of contents

Recommendations:

1. Mandate data and invest in AI enablers
2. Ensure software interoperability and integration
3. Modernize test and evaluation infrastructure
4. Enforce commercial as the default approach for software
5. Transform DoD software requirements
6. Remove all restrictions on software funding
7. Measure what matters for DoD software
8. Enable software talent across the enterprise
9. Fully establish a DoD software cadre

Executive summary

A profoundly transformed global security environment presents the United States with its most significant geopolitical and geoeconomic challenges since the Cold War—and perhaps since World War II. China, Russia, Iran, and North Korea—together a new “axis of aggressors”—are increasingly collaborating to support their revisionist geopolitical goals and challenge global stability. Meanwhile, US domestic constraints—such as relative-to-inflation flat defense budgets, military recruitment and talent shortfalls, byzantine acquisition processes, and inadequate industrial capacity—severely limit the US ability to adequately deter and address these threats at speed and scale. 

During World War II, US industrial strength and manufacturing capacity decisively factored into the Allies’ victory. Today, however, US defense production capacity falls short of potential wartime demands. In contrast, China’s industrial policies, manufacturing prowess, and strategic focus on software-defined technologies—including artificial intelligence (AI), cloud computing, and development, security, and operations (DevSecOps)—have propelled Beijing to rapidly advance its defense capabilities. 

Maintaining the Department of Defense (DoD) status quo—anchored to a defense acquisition system ill-suited to the rapid tempo of modern technological innovation—places the United States at significant risk. This approach undermines the nation’s ability to effectively deter near-peer adversaries in the short term and jeopardizes its capacity to prevail in a major conflict. 

Addressing these systemic challenges demands a sustained, long-term effort. Meanwhile, there is an urgent need for near-term, high-impact initiatives to bridge existing capability gaps and reestablish an advantage. That is what this report’s concept of software-defined warfare presents. 

Commissioners

Mung Chiang, president, Purdue University; co-chair of the Commission on Software-Defined Warfare,   

Mark T. Esper, board director, ; 27th secretary of defense; co-chair of the Commission on Software-Defined Warfare,

Christine H. Fox, former acting deputy secretary of defense; senior fellow, John Hopkins University Applied Research Laboratory; co-chair of the Commission on Software-Defined Warfare,  

Steve Bowsher, president, chief executive officer, In-Q-Tel

General James E. Cartwright, USMC (ret.), board director, ; 8th vice chairman, Joint Chiefs of Staff

General Joseph F. Dunford, Jr., USMC (ret.), board director, ; 19th chairman, Joint Chiefs of Staff

Frank A. Finelli, managing director, The Carlyle Group

James “Hondo” Geurts, distinguished fellow, Business Executives for National Security; former assistant secretary of the Navy for Research, Development, and Acquisition, US Department of Defense

Susan M. Gordon, former principal deputy director of national intelligence 

Lieutenant General S. Clinton Hinote, USAF (ret.), former deputy chief of staff, Air Force Futures

Paul Kwan, managing director, Global Resilience Practice, General Catalyst

Ellen M. Lord, former under secretary of defense for acquisition and sustainment, US Department of Defense

John Ridge, CBE, chief adoption officer, NATO Innovation Fund

Nadia Schadlow, senior fellow, Hudson Institute; former US deputy national security advisor for strategy

Lieutenant General Jack Shanahan, USAF (ret.), former director, Joint Artificial Intelligence Center

Trae Stephens, general partner, Founders Fund

Admiral Scott H. Swift, USN (ret.), 35th Commander, US Pacific Fleet

Industry commissioners

Rob Bassett Cross MC, founder, chief executive officer, Adarga; nonresident senior fellow,  

Prashant Bhuyan, founder, chief executive officer, Accrete AI 

Michael D. Brasseur, chief strategy officer, Saab, Inc.

Todd Bryer, vice president for strategic growth, CAE 

Jordan Coleman, chief legal and policy officer, Kodiak Robotics 

Scott Cooper, vice president, Government Relations, Peraton

Steven Escaravage, president, Defense Technology Group, Booz Allen Hamilton

Jon Gruen, chief executive officer, Fortem Technologies 

Adam Hammer, co-founder, chief executive officer, Roadrunner Venture Studios

Jags Kandasamy, co-founder, chief executive officer, Latent AI 

Rob Lehman, co-founder, chief commercial officer, Saronic Technologies

Joel Meyer, president of public sector, Domino

Sean Moriarty, chief executive officer, Primer AI

Nathan Parker, chief executive officer, Edge Case Research

Gundbert Scherf, co-founder & co-chief executive officer, Helsing

Zachary Staples, founder & chief executive officer, Fathom5

Tyler Sweatt, chief executive officer, Second Front Systems

Dan Tadross, head of federal delivery, Scale AI

Jim Taiclet, chairman, president & chief executive officer, Lockheed Martin 

Chris Taylor, founder, chief executive officer, Aalyria Technologies

Mark Valentine, president, Global Government, Skydio

Advisors

Lieutenant General Michael S. Groen, USMC (ret.), former director, Joint Artificial Intelligence Center

Rob Murray, nonresident senior fellow, Scowcroft Center for Strategy and Security,

Major General Arnold L. Punaro, USMC (ret.), advisory council member, Scowcroft Center for Strategy and Security,

Stu Shea, managing partner and strategic advisor, Shea Strategies, LLC

Foreword

The United States stands at the threshold of a new era in defense and national security. Dramatic changes in the global security environment are upending the established world order, presenting new and unexpected challenges. The war in Ukraine, conflict in the Middle East, and rising tensions in the Indo-Pacific underscore shifting power dynamics. At the same time, we are in an age marked by an escalating pace of technological change. Innovations such as the fusion of AI, autonomy, and robotic systems are poised to profoundly influence national security and economic power. This moment demands decisive action to prepare the US military to adapt swiftly to evolving conditions and reclaim its tactical, operational, and strategic advantages. 

An impartial assessment of global geopolitics and geoeconomics reveals significant and widening gaps in US capabilities. These gaps not only undermine deterrence but also place the ability of US military forces to prevail in future conflicts at risk. The shifting geopolitical landscape exposes vulnerabilities in the nation’s approach to capability design, development, fielding, and sustainment. Addressing these gaps is imperative to prepare for emerging threats, yet immediate solutions are also needed to confront present dangers. While the principle of “speaking softly and carrying a big stick” has long guided US foreign policy, it is now imperative that US military power and economic strength are capable of deterring potential adversaries and, if deterrence fails, prevailing in conflict. Software-defined warfare presents a vital opportunity to bridge these challenges, providing a pathway to both near-term readiness and long-term competitive advantage. 

A software-defined mindset and capabilities are essential to modern military readiness. From enterprise solutions to autonomous systems to personnel, software underpins the effectiveness of defense operations. However, Industrial Age, hardware-centric acquisition processes are unsuitable for software systems that need to be updated with the rapid cycle of technological advancement. To preserve its competitive advantages, the DoD must embrace a more agile and integrated approach to software—one that fosters continuous modernization, capitalizes on cutting-edge commercial innovations, and deepens collaboration with allies and partners. 

The ’s Commission on Software-Defined Warfare was convened to address these challenges and identify solutions. Comprising leaders from government, industry, and academia, the commission identified clear, actionable, and meaningful recommendations that will position the DoD for enduring success. This report’s roadmap is organized around three core pillars: technology, process, and people. The recommendations outlined herein propose actionable steps to shape software investments, build a cohesive digital ecosystem, modernize software development practices, and cultivate a skilled and sustainable workforce. Together, these recommendations provide a clear pathway to establishing a software-defined DoD capable of responding rapidly and effectively to emerging threats in an increasingly dynamic security environment. 

As we present these recommendations, we acknowledge the support and insights of the many contributors who have helped shape this vision. We believe this work will provide leaders with the tools and direction needed to build a DoD that is resilient, innovative, and more fully prepared for the future. Now is the time to build a modern, software-defined defense infrastructure to ensure the safety and security of the United States. 

Overview

Enterprise challenges

The commission started with a vision for what the future of software-defined modernization and warfare could look like if optimized. Striving to go beyond diagnosing the challenges facing the DoD enterprise, this commission outlined desired outcomes to help the DoD overcome such challenges.

1. There is an absence of DoD enterprise processes and enablers that rapidly update software with novel capabilities that keep pace with threats.  
2. The DoD has limited processes or proving grounds to allow end users to experiment with, and rapidly adopt and scale, novel software solutions, including AI and autonomy-enabled systems.
3. The DoD lacks established best practices for developing or buying software.  
4. The industry faces challenges in providing and deploying its capabilities due to a lack of transparency and predictability, and other bureaucratic hurdles.  
5. There is a major shortfall of software pipelines, talent, and resources to meet the demand for software-defined warfare within DoD organizations. 
6. Systems, capabilities, and platforms are generated in silos. This hinders the integration of systems on the battlefield, creation of an interoperable force structure, and the DoD’s goal of a joint warfighting concept, as well as partner and allied collaboration.  
7. The absence of a software-centric culture across the DoD impedes the employment of modern DevSecOps, which fosters rapid iterations

Top recommendations

To address these challenges, the Commission recommends that DoD leaders, congressional defense committees, and other executive branch agencies take the following ten high-priority actions to accelerate DoD innovation adoption:

1. Mandate enterprise data and invest in AI enablers
2. Ensure software interoperability and integration
3. Modernize test and evaluation infrastructure
4. Enforce commercial as the default approach for software
5. Transform DoD software requirements
6. Remove all restrictions on software funding
7. Measure what matters for DoD software
8. Enable software talent across the enterprise
9. Fully establish a DoD software cadre

Recommendation 1: Mandate enterprise data and invest in AI enablers

• The deputy secretary of defense should direct the Chief Digital and Artificial Intelligence Office (CDAO) to track enterprise-wide progress and recommend actions to the deputy secretary and vice chairman of the Joint Chiefs of Staff to accelerate DoD-wide adoption of data best practices. The CDAO should ensure this process prioritizes collecting and categorizing data in a way that makes high-priority data sources readily usable for analysis and refinement for AI training, functional, and operational pipelines. 
• Resource the CDAO to acquire and sustain unified, shared platforms that support and accelerate the end-to-end development, deployment, and governance of AI solutions—including Machine Learning Operations capabilities, tools for developing, deploying, and reusing models, and reusable AI-ready datasets. 
• CDAO should consider the best strategy to make these tools accessible to the end-user community across innovation organizations, services, and combatant commands (CCMDs) to empower users to operationalize AI to solve mission-critical problems.  
• Services should designate a CDAO liaison that helps the services discover what is available to them at the CDAO repository and identify gaps in service-specific investments to ensure department-wide investments are not redundant and better streamline demand for new capabilities.  
• Service Chief Information Officers (CIOs), in collaboration with the CIO, should be resourced to invest in AI enablers that are domain- and service-specific, and in which the CDAO is unlikely to invest.  
• Both the CDAO and the services should maintain unclassified and classified datasets of highly relevant DoD use cases that are available for industry to use to demonstrate capability viability.

Success measure: DoD end users are empowered to leverage their domain expertise to experiment with and operationalize robust and governed AI pipelines with best-of-breed capabilities from the industry. AI adoption can be scaled faster and more efficiently because capabilities are built with scale and reproducibility in mind. The DoD saves money by not buying the same capabilities many times over. There is better coordination and transparency across the department on AI adoption and resourcing. 

Notional example: The Army’s 101st Airborne Division realizes the potential of an AI use case for automatic target recognition. Instead of building something from scratch, leadership first engages the CDAO and Army CIO shop to determine what AI pillars are available to them. Using these foundational tools, operational experts spend their time addressing their specific operational problems and experimenting with integrating these new capabilities into their existing decision-making processes. Once it reaches a minimum viable product (MVP), senior leadership makes plans to integrate the capability to be part of Next Generation Command and Control (NGC2), or C2 Next. 

Recommendation 2: Ensure software interoperability and integration

• To ensure interoperability between new capabilities being adopted, service CIOs, in coordination with the DoD CIO, should mandate 
  • Modular Open Systems Approach (MOSA) frameworks applied to the maximum extent practical; 
  • defining modules and leveraging Application Programming Interfaces (APIs) and modular system interfaces to enable data interchange between disparate platforms;  
  • industry and government co-collaborated reference architecture for multi-vendor environments as a best practice; 
  • industry, where possible, ensuring the capabilities it provides to different parts of the DoD can interoperate with one another; and
  • when feasible, reference architectures are shared with allies and partners to streamline coalition interoperability.  
• To aid in interoperability with allies and partners, these best practices should be shared as early and often as possible with partners through existing allied technical exchanges.
• Service chiefs should designate one Program Executive Office (PEO) to
  • Consolidate the development, acquisition, management, and modernization of non-proprietary mission integration tools under a dedicated program office within the designated PEO shop to elevate the role of mission integration. 
  • The designated PEO should leverage simulation tools to imitate the feasibility of the technical integration to 
    • ensure the successful integration of new and legacy systems, including the use of open-computer architecture to facilitate the deployment of capability on associated hardware;  
    • create demand signals for software mission integration tools; and 
    • identify new software-enabled capabilities that can enable SoS warfare.  

Success measure: Services are incentivized to proactively establish open compute requirements and identify seams between capabilities that would prevent them from carrying out their highest-priority missions and creating acquisition pathways for mission integration tools. 

Notional example: The Navy’s PEO for integrated warfare systems (IWS) is designated as the Navy’s “effects” organization. PEO for IWS identifies three relevant operational problems and begins simulating and combining existing force structures to address them. IWS 1.0 stands up with the authority to procure and sustain mission integration tools identified during simulation exercises, as well as to capture Tactics, Techniques, and Procedures (TTPs) in which end users creatively overcome inorganic integration.

Recommendation 3: Modernize test and evaluation infrastructure

Success measure: Simulating capability viability becomes a widely accessible and organic part of validating and testing digitally enabled technologies. In addition, metrics are established to drive progress toward the automation of qualification processes and alternative certification paths. This adoption helps create a pipeline that rapidly scales the deployment of robust and trusted software-defined capabilities. 

Notional example: The TRMC invests in digital infrastructure focused on testing drones’ ability to swarm to overwhelm enemy defenses. The DIU uses this infrastructure to quickly validate compelling candidates for its Commercial Service Openings submissions rapidly and iteratively. The initial testing helps identify existing deficiencies—potentially including adversarial embedded code in a commercial component—as well as best practices for managing the data flows required to monitor the performance of these capabilities, and cross-functional teams organized to begin addressing the problem. 

Recommendation 4: Enforce commercial as the default approach for software

• Requirements, acquisition, and contracting executives install checkpoints in the early phases of software-intensive programs to enforce statutory preferences for commercial software. Require added justification and approvals to pursue a non-commercial software solution. 
• Service Chief Technology Officers (CTOs) and the DIU align DoD and industry groups to provide enterprise market intelligence and due diligence for in-depth insights into the commercial software market and include those of allies and partners. Service CIOs and the DIU should leverage or establish a platform to share these insights. These offices should publish and maintain a clearer software total addressable market (TAM) by technology segments. This roadmap should outline how they plan to leverage software as part of their annual budget documents to better incentivize and shape industry research and development. This TAM should map to commercial TAMs to identify dual-use or DoD-unique software. 
• Update Department of Defense Instruction (DODI) 5000.87 on the software acquisition pathway and related acquisition policies and regulations to require program managers and contracting officers to capture in software acquisition and contracting strategies that they pursued commercial solutions to the maximum extent practicable. This should include  
  • engaging industry, industry-focused organizations, and consortia to communicate their needs and understand existing solutions;  
  • capturing holistic timelines and costs of buying commercial solutions compared to developing new software (contracting, acquisition, development, integration, test, and updates); 
  • ensuring contracting requirements are captured in a manner that would not preclude viable commercial solutions as partial or whole solutions to address the capability needs; 
  • ensuring contract strategies do not preclude commercial solutions and that they enable leading software vendors and nontraditional defense companies to compete; 
  • enabling DoD users and industry to rapidly demonstrate, prototype, and experiment with commercial solutions for defense applications; 
  • working with testers and certifiers to understand cybersecurity, integration, and other factors to assess the risks and processes of using the software in the defense domain; 
  • ensuring prime contractors and subcontractors default to commercial solutions; 
  • identifying how modular open systems, common interfaces, and standards are leveraged; 
  • publishing the non-commercial item determination in the solicitations for custom software development to allow vendors to appeal that decision, if justified; 
  • ensuring realistic intellectual-property (IP) strategies avoid unrealistic demands for source code while enabling the DoD to update or pivot if costs or performance are unsuitable; 
  • having acquisition sponsors provide supporting justification if commercial solutions are not viable and new development is warranted; and 
  • ensuring requirements and acquisition approving officials or boards must validate the commercial solution analysis early in the process.
• The services, in collaboration with the defense acquisition executive, Defense Acquisition University, DIU, and the CDAO, should expand guidebooks and training for acquisition and requirements professionals on effectively leveraging commercial software. These protocols should be maintained online and regularly updated with insights and resources from across the DoD, government, and industry. They shall include the documentation and compliance tasks avoided by using commercial software. Program offices and portfolio executives should provide regular inputs to guide the community on best practices, lessons learned, and adoption metrics. 
• Service CTOs, in partnership with the DIU and the Office of the Under Secretary of Defense for Research and Engineering, should meet quarterly to review software research and development efforts by science and technology (S&T) organizations to minimize duplication with the commercial sector. They should also incentivize organizations charged with developing concepts of operations to do so collaboratively, based on consistent industry engagement, to understand the state of play in commercial technologies that can be leveraged for warfighting missions. CTOs and CIOs should have authority to work with the PEOs to co-direct software factory funding. This authorization will ensure the factories focus on the intended objectives and can achieve the performance metrics developed per the Software Modernization Implementation Plan. Based on a clear inventory of platforms, services, and personnel, the CTOs and CIOs, in partnership with the PEOs, should adjust investments that maximize efficiencies and effectiveness. These adjustments could include reducing personnel billets and increasing software licenses. These factories should enable increased speed and quality of deploying code to various environments while maximizing interoperability and cybersecurity. PEOs, CTOs, and CIOs should hold software factory leadership accountable to continuously improve performance metrics and enable software-intensive acquisition programs and operations on the tactical edge. Similarly, the CTOs and CIOs should be accountable to continuously improve enabling policies, resources, authorities to operate, and reciprocity across organizations and the services. 

Success measure: The DoD identifies and tracks commercial software acquisition metrics and TAM. The DoD demonstrates a significant increase in commercial software usage, particularly for systems with well-bounded, government-defined modular system interfaces. This approach improves system cost, schedule, and performance.  

Notional example: One of the Army’s autonomy programs deviates from its strategy of a lengthy government-developed autonomy stack and rapidly acquires commercial software from leading vendors. The program saves years in development and millions in costs, while delivering higher-quality software to operations faster. 

Recommendation 5: Transform DoD software requirements

• The DoD should exempt all software requirements below the Major Defense Acquisition Program thresholds from the Joint Capabilities Integration and Development System (JCIDS) approval processes. This exemption should include requirements for new software capabilities and software upgrades to legacy systems, regardless of the acquisition pathway used. 
• Service requirements organizations—in collaboration with Joint Staff J8 forces, acquisition executives, and software leaders—should establish separate, yet complementary, structures, processes, and training to manage software requirements in a streamlined, dynamic, and collaborative environment.
  • While a high-level document might be used to capture initial operational capability needs, the bulk of software requirements will be managed via dynamic backlogs with active stakeholder engagements.  
  • Policies should delineate hardware and software requirements and enable each to operate on separate timelines and processes. When capabilities reach appropriate maturity levels during system development, use integrated hardware-software testing, digital engineering, modeling, and simulation to verify desired system performance. 
  • Requirements should enable operational agility measured in days and weeks, tailoring for both global and regional needs across the full range of military operations, and should enable operational commands to define and tailor capabilities based on edge-generated data, while providing insight to service software capabilities.  
• Service requirements organizations should update policies to require sponsors to provide written justification in an appendix to the requirements document or a companion document, demonstrating that they pursued commercial solutions to the maximum extent practicable. This includes identifying how the requirements community, through the acquisition community, actively engaged industry and the DoD S&T ecosystem to 
  • communicate operational needs, challenges, and environments;  
  • understand what commercial solutions exist, the existing applications of these solutions, and the emerging software capabilities that could have military applications; 
  • capture requirements in a manner that would not preclude viable commercial solutions as partial or whole solutions to address the capability needs; and 
  • foster discussions between the DoD and industry to reduce barriers to buying commercial solutions.

Success measure: Each of the military services update their software requirements processes to enable greater speed, agility, and quality. Updated training, guidance, and resources enable the requirements and acquisition communities to successfully adopt modern software practices. 

Notional example: A major weapons system was unable to detect or react to adversary drones in theater. Through a dynamic software requirements process, this threat becomes the top priority for the next software release. The vendors work closely with operators and testers to rapidly iterate on software upgrades that drastically improve mission operations within weeks.  

Recommendation 6: Remove all restrictions on software funding

• The DoD should immediately discontinue the Budget Authority-8 pilots and implement the pilot intent. 
• The DoD comptroller, in collaboration with service comptrollers and congressional appropriations staff, should update the Financial Management Regulation (FMR) to enable the DoD to acquire, update, operate, and sustain software capabilities with available Research, Development, Test, and Evaluation (RDT&E), procurement, or Operation and Maintenance (O&M) funding appropriated for the capability. This echoes the congressionally directed Planning, Programming, Budgeting, and Execution (PPBE) Reform Commission’s recommendation 11A.
• The DoD comptroller should issue a policy memo for immediate action and clarification while adding these changes to the ongoing comprehensive FMR updates per the PPBE Reform Commission.  
• DoD and service comptrollers should communicate guidance on implementing the changes across the workforce. 
• The language would enable any funding appropriated for a software capability to be used regardless of the software activities (e.g., new development versus maintenance) or how it is acquired (e.g., development, Commercial Off the Shelf (COTS), or as a service). This new language should enable 
  • rapid acquisition and delivery of leading software capabilities;
  • improved responsiveness to changes in threats, operations, and technologies; and 
  • reduced operational, cybersecurity, and programmatic risks. 

Success measure: The DoD comptroller issues a software funding directive removing appropriation restrictions and provides clear direction to the workforce on flexible software funding execution. 

Notional example: To meet a critical operational requirement, a program explores a range of software acquisition and contracting strategies unburdened by the mix of funding appropriations.  

Recommendation 7: Measure what matters for DoD software

• The acquisition executives’ staff should collaboratively develop new software metrics for most acquisition programs. PEOs, services, agencies, and the OSD should compile and share quarterly or annual reports across the DoD workforce and leadership to provide visibility into trends, best practices, and enterprise issues to drive regular discussions and actions on how to accelerate delivery. These metrics often identify program trends and issues to drive corrective action and continuous improvement. The Navy’s PEO Digital established World-Class Alignment Metrics (WAMS), which are a model for others to follow. These reports should include the following metrics. 
  • Deployment frequency: The number of software updates deployed to the operational environment (production) in the last year (or time between deployments). Goal: more than once per week. 
  • Time to initial deployment: Time from the initiation of software development to the date the initial software capabilities are deployed to an operational environment. 
  • Automated testing use and timelines: Program and portfolio use of automated testing and testing timelines. Goal: daily automated testing, development and operational testing timelines declining.
  • Mean times to restore (MTTR): The average amount of time it takes to address a critical vulnerability or issue, including testing, certifying, and authority to operate. Goal: less than one day. 
  • API use: Total API usage each week or month to enable interoperability and data sharing across applications. Goal: increasing usage each month.
  • Production software defect density: Defect density of production software in operations each month. Goal: heavily domain dependent.
  • Security vulnerabilities: Number of security vulnerabilities identified and remediated. Goal: heavily domain dependent.
  • Change failure rate: Percentage of software changes that resulted in system disruptions, including downtime, errors, or negative impacts on users. Goal: less than 10 percent and heavily domain dependent.
  • Customer satisfaction: Quantitative metrics or qualitative value assessments of customer satisfaction.  Goal: greater than 80 percent of customers rate software high value.
  • User engagement: Number of user engagements per month by software developers. Goal: end users engaged weekly.
  • Software reuse: Number of acquisition programs able to reuse software capabilities and infrastructure. Goal: increasing reuse each month.
• The focus of the metrics and subsequent actions at the program, portfolio, and enterprise levels is to continuously deliver impactful software to the user communities to improve mission impact. Each program and organization might have different objectives or challenges to address, such as release velocity, software quality, or user satisfaction. Some of these may have competing forces that must be managed (e.g., quality vs. speed). Defense of the Realm Act’s annual Accelerate State of DevOps report provides industry-leading metrics for software, including levels for elite, high, medium, and low performance. The DoD should strive toward these commercial goals as objectives and tailor performance levels to unique DoD environments. 
• Major programs and software-intensive portfolios should map out the processes to develop, test, certify, and deploy software, including actual timelines for each phase; key stakeholders involved (by name or organization); key bottlenecks; the opportunities to streamline software delivery timelines; and how stakeholders are accountable to accelerate software delivery speed, manage operational and development risks, and ensure high-quality and secure software. Furthermore, programs and portfolios should identify where additional resources (personnel, tools, and services) at a program, portfolio, or enterprise level would enable speed of delivery. These metrics are more for internal DoD operations, with a subset that might be shared with Congress or publicly. 

Success measure: The military services and related organizations track, share, and use a core set of software metrics across the defense enterprise and leverage insights for key decisions, investments, and continuous improvement in speed, quality, reuse, and user satisfaction (mission impact).  

Notional example: A PEO of a software-intensive portfolio has an online dashboard of software metrics that is integrated into program and portfolio operations. Program, portfolio, and policy decisions are made based on these metrics, with the workforce culture focused on leaning out processes and barriers to enable rapid, iterative, and quality software deliveries to operations. Acquisition professionals and vendors are incentivized to continuously improve.  

Recommendation 8: Enable software talent across the enterprise

• Develop an extensive, connected, layered, and modular software-centric training program that involves both digital and in-person learning and incorporates the specific requirements of different roles and missions across the force. The objective of this effort is to increase awareness of the importance of software to DoD operations, instill a basic to intermediate-level understanding of commercial software best practices and agile software development and their value, and build the skills required to more effectively integrate and operate software in specific roles.  
• Specifically, the DoD should do the following. 
  • Partner with leading academic institutions in software development to create a curriculum for an approximately week-long in-person or hybrid training course tailored to senior leaders in the DoD. This executive training curriculum should concentrate on commercial software development best practices and the importance of software to mission execution for senior leaders in the DoD. Training emerging and current senior leaders on these topics can help the DoD develop leaders more willing to create the conditions and culture that will facilitate accelerated adoption.  
  • Leverage and expand existing successful mechanisms and models for software training, such as the Army Software Factory, and access to digital training libraries at both non-DoD and DoD academic institutions.
  • Defense education institutions across the DoD should enrich training to deepen understanding of the importance of software, commercial software best practices and development approaches, and integration of software into DoD activities. The course curriculum should engage and harness insights from leading software experts in industry, as well as in academia, to determine the skill sets and knowledge bases most relevant to the defense context. 
• In addition to enhancing software literacy through training, the DoD needs to scale formal software career fields and paths for military and civilian personnel to harness the software talent for new and expanded roles. For example, in February 2024, the Air Force reestablished warrant officers for information technology (IT) and cyber career fields to improve technical expertise in cyber and information technologies.  
• As part of this effort, the DoD should increase opportunities for identified DoD software-focused professionals to interact with both traditional defense industry companies and commercial companies involved in developing software for the DoD. This should include, but not be limited to, embedding DoD talent in these companies for several months to gain firsthand experience in software development cycles and challenges associated with software acquisition. The ability to engage more closely with commercial industry should also extend to the CCMDs, which should expand opportunities for operators to train and experiment directly with commercial industry through exercises such as the Army’s Scarlet Dragon, among others.  

Success measure: The DoD increases software and technical literacy across the enterprise through scalable training tailored to different DoD levels and roles. The DoD creates opportunities for the identification, enhanced training, and deployment of software talent that can be deployed across the organization to drive software adoption and use.  

Notional example: A Navy officer with demonstrated software competence is placed in a leading commercial software company that supports the DoD on a six-month rotation or internship. The officer learns from product developers and product managers to understand commercial development and improvement processes and brings this knowledge back to help operators in a CCMD more efficiently and effectively operate software-defined capabilities. 

Recommendation 9: Fully establish a DoD software cadre

• The DoD should recruit fifty to one hundred experienced software engineers in modern development environments and place them in key roles across the enterprise. These individuals’ expertise will be used to inform decision-makers on software pipelines, architectures, and leading commercial solutions. They can address key software issues and guide efforts to develop software requirements, acquisition strategies, integration, certification, and employment of software. They can be placed in prominent roles across the DoD, including program management offices and portfolios responsible for acquiring software capabilities; CIO, software factories, and AI and data organizations focused on enterprise services; in operational commands that need to rapidly iterate on tactics and software upgrades; and as executives who oversee major programs, shape budgets, and lead combat operations. Members of this cadre would operate as a network, potentially rotating and surging to meet prioritized problems related to software acquisition, integration, and employment, and sharing best practices and insights.
• Candidates can be hired in a full-time role using existing hiring authorities such as Highly Qualified Experts. They can also be engaged on a temporary or episodic basis through commercial talent exchange programs such as CDAO’s AI and Data Acceleration program or through Search Generative Experiences to provide iterative specialized services for a restricted number of days throughout the year. The services should also implement direct commissioning of willing experienced software engineers in the reserves, up to and including the general officer level (as is done for specialized roles such as doctors and lawyers) and should also identify and engage leading software talent already serving in the reserves, similar to the Marine Innovation Unit approach. Programs like GigEagle help identify talent in the reserves for short-term problem sets. By leveraging reservists throughout the year, the DoD can capitalize on existing expertise while mitigating financial and professional risks for those working with the DoD. 
• Increasing reliance on short-term commercial or reservist software talent will necessitate a review and refinement of conflict-of-interest rules to balance the need to protect the DoD from the risk of providing companies unfair advantages and the need to make it easier for top-level talent to move between the DoD and the commercial sector. 
• In addition to meeting current demand, the DoD should partner with academic institutions to develop talent pipelines of individuals who are educated and certified in commercial software processes and engineering as well as in the DoD processes and requirements. The DoD should work with interested institutions to develop curriculum and certification criteria that will allow students to be fast-tracked into the DoD software cadre positions.  

Success measure: The DoD successfully recruits an increased number of software experts and solutions architects over the next two years to advise on software development, acquisition, and adoption within program offices and CCMDs in particular, while also building a pipeline of software-focused talent. 

Notional example: Cadre members placed in program offices use their expertise to understand the significance of decisions a vendor has made in its software development process and inform program managers and acquisition officers on the implications that development decisions hold for future integration and certification. This guidance allows acquisition professionals to make decisions better informed by downstream considerations, reducing costs and time associated with integration, certification, and upgrading of critical software systems. 

Conclusion

The commission’s report presents clear, actionable recommendations and outlines the desired outcomes to address a critical aspect of modern defense and security. While the adoption of software-defined warfare currently poses a challenge, it is also an area of a defining opportunity. The rapidly shifting geopolitical landscape, marked by an axis of aggressors, demands immediate and decisive action to maintain US strategic advantage. If these recommendations are fully implemented, the United States will possess a modern, agile, and resilient defense infrastructure that is capable of fostering a robust software foundation that will bolster the capabilities of US hardware, while streamlining interoperability across services, allies, and partners. However, failure to act will leave the nation vulnerable and unable to adequately adapt to rapidly evolving threats. The time to act is now—while the United States prepares for the challenges of tomorrow, software-defined warfare provides a timely and practical solution to strengthen US defense capabilities today. Leaders in the DoD, Congress, and the private sector should work to implement these recommendations with a sense of urgency—the members of this commission stand by to help them do so. At stake is nothing less than the stability of the US-led, rules-based international order and the decades of unprecedented peace and prosperity it has undergirded. 

About the authors

Chiang received his BS (1999), MS (2000) and his PhD (2003) from Stanford University and an honorary doctorate (2024) from Dartmouth College. Before 2017, Chiang was the Arthur LeGrand Doty professor of electrical engineering and an affiliated faculty in computer science and in applied mathematics at Princeton University.

He founded the Princeton EDGE Lab in 2009 and co-founded several startup companies and industry consortia since the early years of edge computing. Most of his twenty-six US patents are licensed for network deployment. He co-authored two textbooks based on massive open online courses: Networked Life (2012) and Power of Networks (2016). For his research in communication networks, wireless technology, and network optimization, he received the NSF Alan T. Waterman Award (2013), as well as the IEEE Founders Medal (2025), the IEEE INFOCOM Achievement Award (2022), the IEEE Kiyo Tomiyasu Award (2012), and the Guggenheim Fellowship (2014). He was elected to the American Academy of Arts and Sciences (Class of Mathematical and Physical Sciences 2024), the National Academy of Inventors (2020) and the Royal Swedish Academy of Engineering Sciences (2020).

In 2020, as the Science and Technology adviser to the US secretary of state, Chiang initiated tech diplomacy programs in the US government. In 2024, he started serving on the inaugural board of the US Foundation for Energy Security and Innovation, and was elected to the Board of Directors of the US Olympic and Paralympic Committee as an independent director.

Before establishing OTH Intelligence Group in March 2018, Nurkin spent twelve years at Jane’s by IHS Markit where he served in a variety of roles, including managing Jane’s Defense, Risk, and Security Consulting practice. From 2013 until his departure, he served as the founding executive director of the Strategic Assessments and Futures Studies (SAFS) Center, which provided thought leadership and customized analysis on global competition in geopolitics, future military capabilities, and the global defence industry.

Substantively, Nurkin’s research and analysis has a particularly strong focus on US-China competition, defense technology, the future of military capabilities, and the global defense industry and its market issues. He also specializes in the design and delivery of alternative futures analysis exercises such as scenario planning, red teaming, and wargaming.

Nurkin is a frequent author and speaker on these overlapping research priorities. For example, he was the lead author of the US-China Economic and Security Review Commission’s report entitled China’s Advanced Weapons Systems, which was published in May 2018, and has provided testimony to the Commission on two occasions. In March 2019, he was featured on a Center for Strategic and International Studies China Power podcast on China’s unmanned systems. He was the lead author of the ’s 2019 strategy white paper on artificial intelligence.

He previously worked for Joint Management Services, the Strategic Assessment Center of SAIC, and the Modeling, Simulation, Wargaming, and Analysis team of Booz Allen Hamilton. From 2014 to 2018 he served consecutive two-year terms on the World Economic Forum’s Nuclear Security Global Agenda Council and its Future Council on International Security, which was established to diagnose and assess the security and defense implications of the Fourth Industrial Revolution.

Nurkin holds a MS in international affairs from the Sam Nunn School of International Affairs at Georgia Tech and a BA in history and political science from Duke University. He lives in Charlotte, NC.

Rodriguez began his career at Booz Allen Hamilton shortly before 9/11 supporting its national security practice. In his capacity as an expert on game theoretic applications, he supported the United States Intelligence Community, Department of Defense, and Department of Homeland Security as a lead architect for the Thor’s Hammer, Schriever II/III and Cyber Storm wargames. He subsequently was a vice president at an artificial intelligence company (Sentia Group) and served as chief marketing officer for an international defense corporation (NCL Holdings). Rodriguez serves as a board director or board advisor of ten venture-backed companies (Applied Intuition, Duco, Edgybees, Firestorm, Titaniam, Ursa Major Technologies, Vantage Robotics, WarOnTheRocks, ZeroMark, and Zignal Labs). He is a special advisor at America’s Frontier Fund, a commission director at the and a life member at the Council on Foreign Relations. Rodriguez received his BBA degree from Texas A&M University and an MA degree from Georgetown University’s School of Foreign Service. He is published in Foreign Policy, WarOnTheRocks, National Review, and RealClearDefense. 

From 2016, she supported NATO’s Public Diplomacy Division at two NATO summits (Brussels and London) and organized and managed three senior task forces on US force posture in Europe, military mobility, and US defense innovation adoption. During her time at the , Starling has written numerous reports and commentary on US space strategy, deterrence, operational concepts, coalition warfare, and US-Europe relations. She regularly serves as a panelist and moderator at public conferences. Among the outlets that have featured her analysis and commentary are Defense One, Defense News, RealClearDefense, the National Interest, SpaceNews, NATO’s Joint Air and Space Power Conference, the BBC, National Public Radio, ABC News, and Government Matters, among others. Starling was named the 2022 Herbert Roback scholar by the US National Academy of Public Administration. She also served as the 2020 security and defense fellow at Young Professionals in Foreign Policy. Originally from the United Kingdom, Starling previously worked in the UK Parliament focusing on technology, defense, Middle East security, and Ukraine. She also supported the Britain Stronger in Europe campaign, championing for the United Kingdom to remain within the European Union. She graduated with honors from the London School of Economics with a BS in international relations and history and is an MA candidate in security studies at Georgetown University’s School of Foreign Service.

Mark J. Massa is a deputy director in the Forward Defense practice of the Scowcroft Center for Strategy and Security at the . the Scowcroft Center for Strategy and Security at the . A founding member of Forward Defense, Massa supports the director in the management of the program’s strategy, budget, personnel, and impact.

Massa leads Forward Defense’s portfolio of work on strategic forces issues, including nuclear strategy, space security, missile defense, and long-range conventional strike. His writing and commentary have appeared in the Hill, Defense News, RealClearDefense, , Air and Space Forces Magazine, the National Interest, CNBC, Sky News, and CTV News.

Massa earned his MA from Georgetown University’s security studies program. He received a BS in foreign service magna cum laude from Georgetown University with a degree in science, technology, and international affairs. He was awarded honors in his major for a senior thesis on a theory of nuclear ballistic missile submarine strategy.

Abigail Rudolph is a program assistant in the Forward Defense program of the ’s Scowcroft Center for Strategy and Security. She contributes to the program’s defense industry and innovation portfolio.

Previously, Rudolph interned with the Cleveland Council on World Affairs where she contributed to its foreign policy forums and committees on foreign relations. As an undergraduate, she co-authored an op-ed detailing net-zero carbon emissions pathways for Ohioans; conducted an independent study evaluating the environmental impacts of war; cofounded the Women in National Security Initiative at her university; and completed her senior thesis which focused on an assessment of, and recommendations for bolstering NATO’s China policy.

She graduated with honors from Baldwin Wallace University, earning a BA in national security with a minor in sustainability.

Curtis Lee is a program assistant in the Forward Defense program of the ’s Scowcroft Center for Strategy and Security.

Lee is a recent graduate from Carnegie Mellon University, where he received a MS in public policy and management, a BS in policy and management, and a BA in Chinese studies. He has experience working on numerous topics in defense and foreign policy with a focus on the Indo-Pacific region and China. Lee completed his senior thesis on analyzing the supply chain vulnerabilities of US future technologies as a result of US-China decoupling policies.

In addition to his role at the , Lee is currently a military intelligence officer in the US Army Reserves.

Alexander S. Young is a project assistant in the Forward Defense program of the ’s Scowcroft Center for Strategy and Security, where he supports the program’s defense industry, innovation, and technology work.

Young is a graduate of the London School of Economics and Political Science, where he earned a MA with merit in global politics. He previously graduated with high honors from the University of California, Santa Barbara, completing a double major in political science and global studies with emphases in international relations and the Middle East and the North Africa region. Having studied and worked in both Europe and the Middle East, Young wrote his master’s dissertation about the impacts of Russia’s full-scale invasion of Ukraine on the geopolitics of the eastern Mediterranean and its natural gas projects.

Previously, Young also worked as an English teacher in underserved communities in Israel, having taught at An-Najah Comprehensive Junior High School in Rahat and Dizengoff Elementary School in Tel Aviv.

Young’s interests include geopolitics, ethnic and religious conflict, natural resources, defense industry issues, conflict resolution, and conflict stabilization.

Acknowledgements

This report was written and prepared with the support and input of its authors, commissioners on the ’s Commission on Software-Defined Warfare, and the Forward Defense program of the ’s Scowcroft Center for Strategy and Security.

This effort was conducted under the supervision of commission director Stephen Rodriguez, Forward Defense director Clementine Starling-Daniels, and Forward Defense deputy director Mark J. Massa. Special thanks to CEO Fred Kempe and Matthew Kroenig for their support of this effort.

This effort has been made possible through the generous support of Booz Allen Hamilton, CAE, Helsing, Lockheed Martin, and Second Front Systems as the foundational sponsors, as well as sponsorship from Aalyria, Accrete AI, Adarga, Domino Data Lab, Edge Case Research, Fathom 5, Fortem Technologies, Kodiak Robotics, Latent AI, Peraton, Primer AI, SAAB, Saronic, Scale AI, and Skydio.

Foundational sponsors

Sponsors

To produce this report, the authors conducted more than fifty interviews and consultations with current and former officials in the US Department of Defense, congressional staff members, allied embassies in Washington, DC, and other academic and think tank organizations. However, the analysis and recommendations presented in this report are those of the authors alone and do not necessarily reflect the views of individuals consulted, commissioners, commission sponsors, the , or any US government organization. Moreover, the authors, commissioners, and consulted experts participated in a personal, not institutional, capacity.

Explore the programs

Related Experts:
Clementine G. Starling-Daniels,
Stephen Rodriguez,
Whitney McNamara,
Tate Nurkin,
Mark J. Massa,
Abigail Rudolph,
Alexander Young, and
Curtis Lee

Image: AI-generated image created with ChatGPT.