Like the little boy trying to stop the dyke from bursting, the Defense Department is running out of fingers to plug up the ever-increasing amount of cyber threats it faces.
But hiring more people, with more fingers, to block the holes is not the answer either.
Jeff Kleck, the director of the cyber portfolio for the Defense Innovation Unit at the Defense Department, said DIU is testing artificial intelligence to keep up with the velocity, volume and veracity of cyber threats.
“The automation and intelligence of new technology can allow us to address this increasing number of threats,” Kleck said on Ask the CIO. “We now have technology that allows us to address that. We are not increasing the number of cyber operators who can deal with this as fast as the number of threats so the good news is the commercial world has been building technology both in the automation and the intelligence and machine learning that allows us to address it and solve it.”
DIU is testing out three commercial cyber tools that provide the AI and automation under an Other Transaction Agreement (OTA) through the summer of 2021.
“The Air Force came to us seeking an innovative commercial solution that could harness the power of AI and machine learning to drastically reduce the time it takes for their cyber operators to address malicious activity in the DoD network. Their ask was to give them a capability that could act as a virtual tier one operator. That means the analytical, the triage, the investigative work that make up the bulk of the analysts’ work in looking at these threats. They needed a system to address that,” he said. “To be able to sift through that quickly so threats can be racked, stacked and divided up based on priority is what the system is designed to do.”
If the tool is successful, Kleck said the hope is the software will let the cyber operators focus on more complex threats and attacks, and mitigate them more quickly.
Over the next six months, DIU, the Air Force and the vendors will fine tune the software against real-time data.
“The Air Force has created the test environment. The reason we are doing this over a period of time is as this solution, functionality and capability is introduced, the Air Force will interact with that test environment and modify it. It’s not one specific environment that will live in one form. The Air Force will want to modify to optimize the return from the solution,” Kleck said. “The Air Force is using real-world data to measure success. The Air Force has a lot of experience doing this already on the human side so they will be able to use that to compare and contrast against the results they are getting out of this effort.”
One reason to use OTAs
Kleck said DIU decided to use the OTA approach for one basic reason: speed.
He said the office tends to use non-traditional contracts to accelerate the adoption of technology and cyber is an example of why speed to award is so important.
DIU also has used OTAs for other cybersecurity projects including mobile end point security, automated vulnerability detection and remediation, cyber space deception, which is creating deceptive environments so bad actors end up in the wrong place and perhaps end up in a place where DoD can watch them carefully. Other projects DIU is working on include cyber threat intelligence, which is data that gives us an understanding of the threats that are out there, commercial threat, secure cloud management, which is accessing the cloud in a secure manner, and intelligent security operations center and cyber inventory management and post patch testing, which is part of rapid patching processes.
Kleck said Air Force project is a sign of what the future holds for defending network because it includes both automation and AI and it’s a platform.
“A lot of our projects we are working on focus on one element of cyber. This system is looking broadly across a lot of threats and using AI and automation to do it. That’s really where the future of cyber is going,” he said. “As we do these things, we always consider other services as well. We keep them informed of what’s going on here and they have the ability to also join in these projects. Many of our projects started with one service and then expanded. We feel this is a capability that is not only good for the Air Force, but also good for all the services. We also work closely, as advisors, to other agencies in the government, sharing what we learned here so they can either follow-on what we’ve done or understand enough based on what we’ve done and their unique circumstances to come up with a solution for themselves.”