Six months out from the release of its digital modernization strategy, the Defense Department is taking a different approach to implementation than it first envisioned.
“The broad themes are still in place and we’re still pursuing those activities, but as we make contact with the execution of that strategy, we’re learning from that and we’re adapting,” Peter Ranks, DoD’s deputy chief information officer for information enterprise, said last Thursday at a Unisys and MeriTalk event.
But also as part of that strategy, the Pentagon is looking to speed up the way it fields artificial intelligence systems to adapt to real-world environments.
“AI does not field when it’s finished. AI has to field when the algorithm is just good enough to get feedback, and it has to encounter real data and real users and real problems,” Ranks said.
Fielding systems before they’re complete and working out the bugs in production, Ranks said, is “just not how we’re wired” in the Pentagon, and goes against the production of materiel like missiles and aircraft.
But in the case of AI, he said those systems need to adapt from training data to “noisier” real-world data as soon as possible.
“When we field AI, it goes out to a workforce and starts getting feedback from users when it would not have passed any traditional measure of DoD readiness, but it’s the only way the algorithms are ever going to get there. If we wait to test them until they are whatever percent effective, then we’re just not fielding them fast enough,” Ranks said.
Meanwhile, cloud computing, he said, will serve as the “foundational infrastructure capability” necessary for the development of AI.
AI has also played an increasingly important role in DoD’s cybersecurity, as part of a modernization strategy that focuses on the agile deployment of capabilities in smaller chunks.
“If we’re going to deal with a near-peer competitor who is going to challenge our capabilities in the field of battle, we have to be able to respond in real time by updating those capabilities and driving them out. And nothing in the Department of Defense, in any of our processes, prepares us to be able to move with that type of agility in software,” Ranks said. “That’s just not how we’re wired.”
Rethinking ‘risk paradigm’ amid modernization
As part of its modernization efforts, the Air Force has 37 applications in the cloud right now, while 80 more applications are in pipeline. Bill Marion, the deputy CIO of the service, said another 150 applications aren’t in the pipeline yet.
That move to the cloud also includes an effort to containerize software applications to limit the “blast zones” during a cyber breach.
“It’s not zero-trust in the large, large context, end-to-end. But those are the chunks that we’re biting through with the elephant to deliver a zero-trust model,” Marion said. “We have a lot more things on the plate coming forward, but I think you really need to challenge your staff. If you’re still in a perimeter defense, kind of walled-garden mentality, we’ve got to fundamentally challenge that.”
Meanwhile, Marion said the Air Force needs to “fundamentally flip” from a paradigm that’s 90% desktop and 10% mobile traffic to one that’s predominately mobile in an effort to reduce the surface area for cyber attacks.
But amid all of this, Marion said the Air Force needs modernization to “work through all the bureaucracy” of the service by improving the digital experience and rethinking digital workforce development.
“We’ve crushed the souls of our airmen, as our chief would say, but putting so much cybersecurity on that we can’t actually operate, and so we’ve got to think about the risk paradigm a little bit,” Marion said.
Part of that paradigm shift includes initiatives like Kessel Run, the Air Force’s new agile software development office that aims to deliver Authorities to Operate in as little as a day.
“Cyber outstrips all of our budgets. We can’t possibly patch and remediate every single thing that’s out there. I’m not trying to be an alarmist, but that’s the reality,” Marion said.