One of U.S. Cyber Command’s major programs, Unified Platform, is expected to cost five times more than military officials originally estimated, according to a report from Congress’ watchdog agency.
Unified Platform will consolidate and standardize the variety of big data tools used by Cyber Command and its subordinate commands to allow forces to share information more easily, build common tools and conduct mission planning and analysis.
To date, few details have been available regarding the program’s history, scope, contracting strategy and progress.
According to the Government Accountability Office report, published June 3, the Unified Platform program was missing an approved cost estimate informed by independent analysis and a formal schedule risk assessment in August 2018. This year’s report marked the first time Unified Platform was included in GAO’s annual review of major defense acquisition programs.
“Our prior work has shown that this type of information is important to help decision makers make well-informed decisions about middle-tier program” initiation, the report said.
Cyber Command, however, has since approved requirements and the Air Force Cost Analysis Agency independently assessed its cost estimate.
That cost estimate, GAO found, was five times greater than when the program first began. This new estimate includes costs beyond completion of the current middle-tier acquisition effort and is attributed to new requirements from Cyber Command.
Part of Unified Platform’s development has included the creation of a software factory. This involves “containerizing” applications as a means of providing a more flexible platform and infrastructure with a set of standards.
The GAO found that Unified Platform’s approach for DevSecOps software development differs from industry best practices, which seeks delivery of software to users on a continuing basis as frequently as every one to six weeks. Currently, the program fields new features at the end of every three month increment.
Thus far, the program has delivered 32 features through the first four increments with the first prototype – increment 1 – accepted by Cyber Command in April 2019.
Cyber Command officials determine if the software is ready for operational deployment once it is completed.
At the time of the assessment, GAO also found that the program had yet to complete its cybersecurity strategy. Program officials told the agency that it anticipates approval of this strategy by August.
“Not addressing cybersecurity issues sooner may increase risk to the program,” GAO said. “Our past work has shown that not focusing on cybersecurity until late in the development cycle or after a system has been deployed is more difficult and costly than designing it in from the beginning.”
Additionally, the program office was slated to conduct its annual authority to proceed to review in April 2020, a full year after delivery of increment 1.
Those briefs, provided to the Assistant Secretary of the Air Force (Acquisition, Technology, and Logistics), allow him to determine if funding needs increase or decrease by 25 percent each year or if the number of development teams for accomplishing requirements increase or decrease by 25 percent.