Introducing Kessel Run to DOD

Everyone wants part of the Air Force’s successful software development program

Everyone wants a piece of Kessel Run, the Air Force’s agile software development program, and attempts to replicate its success of are already underway.

Air Force Chief Information Security Officer Wanda Jones-Heath said the Defense Department is taking steps to scale the program, named after a reference in the “Star Wars” movies, with the help of the Department of Homeland Security.

“DOD is stepping up to the table now to guide the services,” Jones- Heath said during a panel discussion at the Armed Forces Communications and Electronics Association’s Air Force luncheon Nov. 16.

“They’ve already taken a lot of the Kessel Run artifacts, the playbook — and there are other services also doing the same thing. We’re looking at how can we scale across the entire DOD enterprise to bring that capability securely into what we do. DOD is already working that; they’ve brought in someone from DHS recently that’s now taking that on.”

More Software Based

The Air Force is in the midst of shifting to being more software based, and to do that, it is considering creating and deploying mini Kessel Runs throughout the service.

“If we’re going to do a DevOps model as we transition to a software- based Air Force, where we’re more software defined, more agile … I can change capabilities via an aircraft out there,” such as a sensor, shooter or network node, Brig. Gen. Kevin Kennedy, Air Force director of cyberspace strategy and policy, said during the panel discussion.

To get the software to that level, Kennedy said, three elements are needed: an operator—air, cyber, or space—an acquisitions expert and a coder all with proficiency in software development. The Air Force hasn’t made any decisions yet, Kennedy told reporters following the event, and conversations about how to scale Kessel Run focus on how to mobilize the right problem solvers when needed.

“The idea is if a problem presents itself—an operational capability that we want to evolve or change—how would we put the right people on it,” he said. “Right now we have Kessel Run, we operate that activity.... That’s the concept, but we haven’t fleshed it out yet.”

To identify capabilities within its members, the Air Force is building a program to identify service members with programming skills—modeled on a similar one for language skills—that would allow “immersion opportunities” to hone those skills, Kennedy said. The challenge is keeping up with the constant evolution and change of programming languages.

Merging Intel and Communications

The Air Force is also considering merging its Intelligence, Surveillance, and Reconnaissance branch (A2) with its chief information office (A6) to better prepare for information warfare.

Kennedy said the service is still talking about combining the two components despite not having an official CIO. The idea would be to create seams between IT network operations, defensive cyber operations and network defense to better ensure information sharing and deliver cyber effects.

“We want to do this, but I want to emphasize that we are also in a place where we have to rely on the nomination/confirmation of a new leader and new roles and responsibilities,” Kennedy said.

Right now, Air Force Undersecretary Matthew Donovan is acting in the CIO role, with William Marion as deputy CIO and Lt. Gen. Veralinn Jamieson as head of ISR.

As the Air Force moves forward, Kennedy said, the service must determine how get “better postured for information warfare and what capabilities we can focus on creating cyber effects. If we can get better at information warfare, then how do we move toward information dominance as we look at becoming a software-driven Air Force.”

This article originally appeared in the January/February 2019 issue of Security Today.

About the Author

Lauren C. Williams is a staff writer at FCW covering defense and cybersecurity.

Featured

  • AI Is Now the Leading Cybersecurity Concern for Security, IT Leaders

    Arctic Wolf recently published findings from its State of Cybersecurity: 2025 Trends Report, offering insights from a global survey of more than 1,200 senior IT and cybersecurity decision-makers across 15 countries. Conducted by Sapio Research, the report captures the realities, risks, and readiness strategies shaping the modern security landscape. Read Now

  • Analysis of AI Tools Shows 85 Percent Have Been Breached

    AI tools are becoming essential to modern work, but their fast, unmonitored adoption is creating a new kind of security risk. Recent surveys reveal a clear trend – employees are rapidly adopting consumer-facing AI tools without employer approval, IT oversight, or any clear security policies. According to Cybernews Business Digital Index, nearly 90% of analyzed AI tools have been exposed to data breaches, putting businesses at severe risk. Read Now

  • Software Vulnerabilities Surged 61 Percent in 2024, According to New Report

    Action1, a provider of autonomous endpoint management (AEM) solutions, today released its 2025 Software Vulnerability Ratings Report, revealing a 61% year-over-year surge in discovered software vulnerabilities and a 96% spike in exploited vulnerabilities throughout 2024, amid an increasingly aggressive threat landscape. Read Now

  • Motorola Solutions Named Official Safety Technology Supplier of the Ryder Cup through 2027

    Motorola Solutions has today been named the Official Safety Technology Supplier of the 2025 and 2027 Ryder Cup, professional golf’s renowned biennial team competition between the United States and Europe. Read Now

  • Evolving Cybersecurity Strategies

    Organizations are increasingly turning their attention to human-focused security approaches, as two out of three (68%) cybersecurity incidents involve people. Threat actors are shifting from targeting networks and systems to hacking humans via social engineering methods, living off human errors as their most prevalent attack vector. Whether manipulated or not, human cyber behavior is leveraged to gain backdoor access into systems. This mainly results from a lack of employee training and awareness about evolving attack techniques employed by malign actors. Read Now

New Products

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area.

  • 4K Video Decoder

    3xLOGIC’s VH-DECODER-4K is perfect for use in organizations of all sizes in diverse vertical sectors such as retail, leisure and hospitality, education and commercial premises.

  • ResponderLink

    ResponderLink

    Shooter Detection Systems (SDS), an Alarm.com company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols.