Operation StormBreaker is as cool as its name sounds – that’s according to a top Marine Corps official who said the initiative accelerates software acquisition and deployment at speed while ensuring critical cyber defenses are in place.
David Raley, digital program manager at Marine Corps Community Services, said the new program leans into the idea of shifting left – or integrating security into products and services earlier in the development lifecycle – and follows the Pentagon’s Risk Management Framework (RMF).
“I see Operation StormBreaker as kind of a bit of a personification of what the DOD (Department of Defense) leadership is … looking for when it comes to modern software capabilities enabling more fighter fatality issues,” said Raley during a Federal News Network event on Oct. 14.
Specifically, the official said that the initiative, at “its core, is an authorized landing zone with a Software Factory included, and the primary differentiator is our ability to get in production in those 15 minutes.”
Last month, the Pentagon released the Cybersecurity Risk Management Construct (CSRMC), which is a new real-time framework that replaces the previous RMF.
Raley said that Operation StormBreaker has been able to achieve many of the goals listed in the previous RMF guidance by using a risk perspective instead of following a compliance checklist.
“I see so often mission outcomes and even true cybersecurity are sacrificed for perceived compliance,” said Raley. “I am probably far more secure running a container through the pipeline and having a look inside the container than I ever am getting a paper-based authorization that takes me 12 to 18 months running on our virtual machines.”
“When you talk about shifting left, it’s very important to understand the engineers. If they have the right security guardrails baked into that development life cycle … they’re getting that response, a far deeper, better response in 15 minutes, so they can actually change their coding practices,” Raley added.
Raley noted that the Defense Department’s – which has been rebranded by the Trump administration as the War Department – culture of prioritizing compliance over effectiveness, saying it routinely “sacrifices mission outcomes and true security on the altar of compliance.”
That rigid adherence to policy often delays progress – leading to 12 to 18-month authorization processes, which require a fundamental shift in mindset. “Policy is to support mission outcomes,” Raley said, “not the thing that we should be serving.”
He noted that Pentagon leadership is increasingly open to this change, asking how they can support innovation “at the tactical level” as agencies work to modernize. Raley urged government technologists to act as “agents of change,” rethinking outdated rules and challenging policies that hinder rather than help the mission.
In the meantime, Raley said he’s looking to expand Operation StormBreaker across the department’s services. He noted that while “the capacity for platforms like StormBreaker across the department is in the single digits of what we actually need,” the Marine Corps is “getting more communities of practice and starting to actually propagate this more broadly.”