Summary

Risky shortcuts by McDonnell Douglas Corp. and lax oversight by the Air Force have spawned such severe computer software problems in the C-17 cargo jet that it is a case study in how not to manage software development in a major weapons system. At an estimated cost of $36 billion, the Air Force plans to buy 120 new C-17 aircraft, which are designed to airlift large payloads and oversized cargoes onto small airfields. The C-17 will be the most computerized, software-intensive, transport aircraft ever built. Program officials, having initially assumed that software was a low-risk endeavor, did not adequately assess or manage its software development. These officials later discovered that they often lacked specific knowledge about software problems when they first occurred, and did not ensure that McDonnell Douglas, the prime contractor, took timely corrective action. Actions by the Air Force and McDonnell Douglas in the wake of major software flareups in 1988 failed to keep software development and testing on schedule. As a result, the Air Force and McDonnell Douglas took several development shortcuts to meet flight test deadlines. In addition, other actions taken to reduce schedule delays may substantially boost software maintenance costs when the C-17 is eventually fielded. GAO summarized this report in testimony before Congress; see: Embedded Computer Systems: C-17 Software Development Problems, by Samuel W. Bowlin, Director of Defense and Security Information Systems Issues, before the Subcommittee on Legislation and National Security, House Committee on Government Operations. GAO/T-IMTEC-92-17, May 13, 1992 (seven pages).

GAO found that: (1) at the start of the full-scale engineering development effort, the Air Force did not completely identify C-17 software development requirements or determine how difficult it would be to develop and integrate sophisticated software subsystems; (2) the Air Force did not ensure that the contractor's software development and management capabilities were adequate and underestimated software development risks; (3) to meet the September 1991 first-flight schedule, the Air Force allowed the contractor to take shortcuts that have increased the risk of not completing software and development testing and when the developmental C-17 aircraft first flew it contained only 66 percent of the newly developed software needed to make the aircraft avionics fully functional; (4) as of March 1, 1992, the C-17 development program was 2 years behind schedule and was $1.5 billion over its 1985 cost estimate of $4.1 billion; (5) despite the contractor's lack of software experience, the C-17 contract gave the contractor total control over software development, limited the Air Force's access to software cost, schedule, and performance information, and restricted the Air Force from correcting critical software problems when they became evident; (6) the Air Force has allowed the contractor to develop C-17 software in a diverse assortment of languages that may prevent the Air Force from upgrading, testing, and maintaining C-17 computer systems; (7) Congress has reduced the C-17 production schedule and fiscal year (FY) 1992 funding until flight of the first production C-17, and has prohibited FY 1993 funding obligations until delivery of the fifth production aircraft; and (8) Congress has directed the Department of Defense to assess C-17 mission capabilities scheduled to be completed in late 1992, but believes that further assessment is needed to minimize software development risks.