Home >> July 2021 Edition >> A Kratos Constellations Conversation With Nicolas Chaillan
A Kratos Constellations Conversation With Nicolas Chaillan
Chief, Software Office, U.S. Air Force

 

New Software-Based Capabilities Break Silos and Enable Global Data Interoperability.

In this conversation with Nicolas Chaillan, Chief Software Officer for the U.S. Air Force, we learn about radical new initiatives that are enabling faster, more secure software development to make the connected, all-domain future possible. 


 


Nic explains how DevSecOps and Platform One, software factory managed services with baked-in security, are enabling data sharing and reducing cyber risk across DoD systems, while drastically cutting development time so that a 90 percent solution is possible from Day One instead of starting from nothing. 

Note: The views expressed in this transcribed podcast feature, or on www.constellationspodcast.com, do not officially represent the views of the US Military or the United States government. The original interview has been edited for brevity. interview has been edited for brevity. 

Constellation Podcast Host, John Gilroy Welcome to Constellations. Our guest is Nic Chaillan, US Air Force Chief Software Officer. Nic brings quite an unusual background to the DoD. He’s a serial entrepreneur who started 12 software companies in his native France. Then the terrorist attacks in Paris happened and he decided he wanted to make a difference. He became a US citizen and got a job at the Department of Defense. Nic, that’s a tough story to beat. Can you tell us a more about your background and how you ended up at the US Air Force? 

Nicolas Chaillan
Thanks for having me. As you can tell with my French accent, I was born in France and I created my first company back there when I was 15. I’m a software guy. I became a US citizen, and really wanted to make a difference at the time. I started first at DHS. I was a Chief Architect trying to solve some of the issues we’re facing with terrorism and also cyber-security challenges across the critical infrastructure across the country. From there, I joined the DoD to help the government move at the pace of relevance with DevSecOps. It’s been a unique journey moving from commercial startup industry to the Department of Defense. 

John Gilroy
We hear you’re bringing a lot of innovation to the government. In addition to your role as Air Force Chief Software Officer, you also serve as a co-leader for the DoD DevSecOps initiative along with the DoD CIO. What is DevSecOps and why would the DoD even need it? 

Nicolas Chaillan
DevSecOps is kind of breaking the silos between development, security testing, and operations, effectively shortening the life cycle of software so that you can release software multiple times a day and get feedback loops shorter and faster. You learn from your end-users, in our case the warfighters, so we can build relevant software for them. Obviously, you don’t want to build software and features in a vacuum, you want to develop it with that feedback. The faster you can release it with more incremental change and progress, the more you can move at the pace of innovation and evolve to the next thing. Having that timeliness, and security that’s baked-into the life cycle, is why we call it DevSecOps and not just Dev Ops. And we use zero trust and all the most advanced cyber principles to do that. In just over a year now with 37 DoD programs moving to DevSecOps, we have saved a hundred years of plan time. That means effectively in one year we have saved a hundred years of what it would have taken  if we were not using DevSecOps. That’s game changing. 

John Gilroy
It sounds like you’re applying a mantra from startups to the vastly different environment of the DoD. To that point, the military is looking to have global data interoperability across all its domains, which would seem to imply a completely new data architecture. But you’ve said this does not necessarily mean changing the underlying technology. How you do one without the other? 

Nicolas Chaillan
It’s a bit foolish to think you can completely modernize an entire enterprise of the size of the DoD. There are too many silos and legacy systems for that to happen. Instead we can aggregate and federate systems through abstraction layers to aggregate data across systems. The key is to protect the data. Effectively, all these silos were initially created to avoid cyber or security risks, to prevent malicious actors from moving through the system. But by segmenting them, you obviously create silos. And to be efficient in fighting the next wars, you need to have data and a holistic view of what’s happening. Silos are impediments to the leadership success of making the right decisions. To move to that connected environment, to what we call zero trust, is going to be foundational to enable connectivity across systems, making sure people only have access to what they should have access to, and limiting malicious actors. You can implement your trust by adding abstraction layers to the existing systems. And you can federate or aggregate data across those systems rather than drastically changing them. 

With federation, you can connect things together and query the federated system and get results without even knowing where that query goes. As a user, you just get the results of that query without knowing you talked to maybe 50 systems behind the scenes. 

John Gilroy
You use the word holistic for global data interoperability, and this concept to connect sensors from all the DoD services — the Air Force, Army, Marine Corps, Navy, and Space Force — into a single network. That’s a big goal. 

Nicolas Chaillan
Yes, it’s obviously foundational to the success of the Department and the future of all-domain. Space and cyber are big new domains and the next battles are going to really involve these, so it’s important to have holistic access across all domains and be able to share data. And also to reuse code and software across these environments. So, effectively, a sensor could be used on a ship, on a jet, on the ground, all the way to space with the same piece of code that could be reused across teams, so we don’t have to rewrite the entire stack from scratch. Enabling the use of code is one of my biggest priorities so we can be more efficient, and not rewrite every system each time we have a new idea. 

John Gilroy
We’re hearing the term open data architecture, but what does that really mean? 

Nicolas Chaillan
People often say open source, but what I think they really mean is open architecture. And so it’s not always open source, but it’s open in a way we’re not getting locked into a single product and having to completely move the entire data structure into a one-size-fits-all product. Open architecture means you know exactly how the data flows. Many of these products are open source and we have access to the source code and can see exactly how these products are built and if they’re secure or not. That gives us more visibility inside the supply chain and the quality of the code, and that obviously helps in making decisions and picking the right products. In fact, most of the Platform One DevSecOps stack is based on open-source products. 

John Gilroy
There must have been challenges when you talk about open source or open architecture in the federal government? 

Nicolas Chaillan
Yes, obviously, you’re facing not only the largest organization on the planet, but also the largest budget, and the most silos across teams. These were initially designed to make sure we’re not creating more risk, but effectively that creates a lot of reinventing the wheel across teams. That’s been a big challenge. People are not used to using enterprise services and quite honestly, in a move to DevSecOps and cloud, you cannot succeed as an enterprise if you don’t have enterprise services. You need to have a cohesive environment to do all this work so that each team isn’t reinventing the wheel when it comes to the basics of cyber, of DevSecOps, of cloud adoption, and that you’re not doing it in a vacuum. And so a big focus when I started was to create Cloud One and Platform One. As you know, Cloud One is the cloud office for my team, and Platform One is a DevSecOps team to help all these DoD teams move to DevSecOps. 

John Gilroy
What is the role of industry in the success of Platform One? 

Nicolas Chaillan
I would argue that we cannot succeed without industry, but we also don’t want to completely outsource all talent and all knowledge to industry without having proper oversight and understanding of the decisions, so we can do what’s right for the taxpayer, both in terms of architecture decisions, and also hands-on coding. So it is very foundational that we also have a say inside of that software lifecycle construct. It’s all about the right mix. We’re trying to be in the 90/10 or 80/20 range, where 80% will be the industry partners and 20% will be government people, whether it’s civilians or military. But that gives us the flexibility we need and the oversight we need to make the right decisions. 

Jon Gilroy
Tell us more about the differences between Cloud One and Platform One? 

Nicolas Chaillan
Cloud One is providing access to the cloud. We have both Amazon and Azure, the government version of these clouds, both unclassified and classified. So that gives us the ability to have access to cloud in a matter of days for what used to take between 8 to 12 months for a team. That’s again, why enterprise services are so important. Unfortunately, the department got so used to doing enterprise services badly that people almost have an aversion to it, and they don’t want to use them even when it’s good. So it takes a bit of convincing. Unfortunately, people too often say, ‘Oh, you’re missing this 5 percent thing here. So we’re going to rebuild everything from scratch,’ instead of just helping build the 5 percent delta. 

So, that’s been the number one problem we’re facing. We need to really centralize the talent to go and tackle these deltas. Nothing is perfect and nothing can solve every problem on the planet, but by focusing on the delta and not reinventing the entire wheel, that obviously helps move faster. So that’s Cloud One, the cloud office. And then Platform One is bringing the DevSecOps, continuous integration, continuous delivery of software with that agile construct to the department as well. 

John Gilroy
If you look at the federal government in the last 15, 20 years, one critique has been with vendor lock-in, where it’s almost impossible or too expensive to get out of a contract. So how does it avoid vendor lock-in with cloud migration? Is the answer standards or open architecture? 

Nicolas Chaillan
Yes, so the entire architecture of Platform One was designed to prevent vendor lock in. We abstract everything from the cloud provider standpoint so we’re not getting locked into a cloud all the way to every piece of the stack. We use Kubernetes, which is a content orchestration tool. Everything we do is Lego blocks driven. So by cutting into small blocks effectively, you can move things around and swap them to try things out for different use cases. The entire stack is containerized and gives us the flexibility and the modularity that we need to be able to swap these Lego blocks and try things. So, we have a central team that’s accrediting containers for the department part of Platform One. That team is effectively accrediting and updating and hardening commercial products and open-source software so they can be used inside of the DevSecOps universe. That gives us that central assessment and mitigation of supply chain risk. That really streamlines the process for a startup or organization that wants to do business with DoD, to add a cool commercial product to be authorized for use in the department. That’s exciting to see. We were able to get the 450 containers accredited in one year with Platform One, which is game changing. That also helps cyber because we can update these Lego blocks automatically across the departments and provide these updates in case there is a new vulnerability, a new zero day, or a new cyber issue that we need to fix immediately. We can do that within four hours. That’s pretty game changing as well. 

John Gilroy
I’m going to transition from Lego blocks to Iron Bank. Where does Iron Bank fit in this discussion about open source? 

Nicolas Chaillan
Iron Bank is a centralized repository of containers. Its where we put all these hardened Lego blocks we were talking about. That’s where we scan them, harden them, and authorize their consumption. By the way, we open source this entire thing, so the entire industry is also using these containers, including financial institutions, healthcare, other government agencies and partners. So, it’s a two- way street that’s very exciting to see. 

We have so much adoption by industry of everything that Platform One does because of that open-source vision. By being open and transparent and really putting more eyes on code and focusing on security we increased the cyber posture of the Department with more people being able to bring back value to us in a faster pace. Timeliness is foundational to cyber, to be able to move fast and react to challenges. 

John Gilroy
We’ve talked about Platform One, Cloud One, and Iron Bank. How do you ensure all this is secure? What do you do to create a secure cloud architecture, and make sure the containers are secure, and therefore the architecture is secure? 

Nicolas Chaillan
There’s two pieces to that. One is you want to secure your supply chain. Iron Bank and the container hardening process gives us visibility into risk, but the foundation of our security is about zero trust and behavioral detection because you have new findings and issues that can come up in zero days. So, we continuously monitor the stack and see if there’s any change of behavior of the container. If it’s doing something it’s never done before, it’s probably a sign of something malicious, so we will kill the container and alert the team. 

Then we use zero trust to effectively reduce the attack surface. For container A to talk to B it has to be white listed, creating an encrypted tunnel to communicate between the two containers. That reduces the ability of a bad actor who gets access to a container to talk to other containers or move laterally across the environment. That reduces the attack surface and the ability to escalate privileges. By detecting behavior change and killing the container, and going back to immutable state of the container, the bad actor will lose everything and go back to zero. That drastically reduces cyber risk, and obviously improves the cyber posture of the systems. 

John Gilroy
If Platform One can instantiate DevSecsOps in days at various classification levels, then what happened before? 

Nicolas Chaillan
Before you would end up having to deal with outdated systems, and product that might be 10 years old. And so by definition this is not a good user experience for the warfighter. You want to have a party between classification levels so that the work you’re going to do you have the same cool tools, whether its AI, machine learning, deep learning, all the way to software development or cyber tools. 

With the containers and the entire stack able to be instantiated automatically across classification level, that way, we always have the latest, most updated versions, and ability to instantiate a DevSecOps environment at the edge on a jet, on a bomber, or on a space system. We have that access with push button deployment to get the most updated version with our cyber fixes, which reduces cyber risk, but also is a drastic improvement in user experience too. Obviously, it all ties back to the timeliness, so we don’t get behind. That’s really critical for us. 

Constellations celebrates 100 episodes of dynamic, thought-provoking insights on space and satellites: 
https://www.kratosdefense.com/constellations-podcast 

See the full list of Constellations interviews and subscribe at: 
https://www.kratosdefense.com/constellations-podcast