WHY THIS MATTERS IN BRIEF
There is now way that the US military can protect itself against the exponentially growing number of cyber attacks, so it needs to lean in heavily on autonomous response.
Love the Exponential Future? Join our XPotential Community, future proof yourself with courses from XPotential University, read about exponential tech and trends, connect, watch a keynote, or browse my blog.
A while ago I wrote about the NSA’s ambition to automate the vast majority of its spies with technologies such as Artificial Intelligence (AI). And now, as DISA prepares for the looming threat of China, the Defense Information Systems Agency (DISA) has set an ambitious goal of having 75 percent of its administrative-like cybersecurity capabilities completely automated by AI as well, Brian Hermann, cybersecurity and analytics director at DISA, told a media roundtable Tuesday.
“The only way that we can actually do our job with the pacing threat of China is to actually add that automation capability so that that the human analysts can take advantage of their brainpower to actually do the high-end fight stuff, not just the day-to-day normal stuff that happens all the time,” he said here at the TechNet conference in Baltimore.
“So I think that it’s an aggressive goal for us, but it’s something that we’re working hard to get after as well.” Hermann added that though there is no defined timeline for completing this automation goal, “it’s not where it needs to be.”
The Future of Cyber, by Keynote Matthew Griffin
However, he explained that DISA is making strides toward this goal by streamlining data into a collective space where it was created, instead of in separate silos.
“Our data analytics team has been creating a data lake architecture that allows us to have the data where it’s essentially created. If you think about this, it connects back to the DoD cloud strategy the Joint Warfighting Cloud Capability. We have four primary cloud service providers under JWCC and so we’re creating the lake of data in the environment where the cybersecurity tools are providing, so it’s not going to generate a lot of exfiltration costs or transition costs,” Hermann said.
The creation of this data “lake architecture” was DISA’s next step after it sunset its Big Data Platform (BDP) in two parts that took place last year and earlier this year. With the BDP, DISA’s data was separated from each other, making it harder to eventually automate. Now, with the data moving toward being all in one place, DISA can move toward automation.
Hermann said DISA also plans for this central architecture to have a feature where users can log into one data-centric environment instead of having to use several tools to log into various databases to find a specific piece of data.
“The message that I got loud and clear from our analysts was that we’ve created a number of different silos, [and] that generated the need for them to log into a lot of different environments to do their job on a day-to-day basis. We’d like to have a more federated approach where they log into one portal and they’re able to get access to all the data, get all the insights that they need,” Hermann said.
Another benefit of this data-centric layout, Hermann explained, is that Zero Trust security architectures can be more easily implemented, since all the data is in one place, the necessary security precautions have the potential to be interoperable.
“We had protections at the local user’s desktop station, we had firewalls that existed at the various parts of our infrastructure, and they didn’t really talk to each other very much. So now, that’s the difference, they’re starting to talk to each other,” Hermann said.