The Department of Defense (DoD) is embracing Artificial Intelligence (AI), the cloud, and DevSecOps to support the warfighter in an increasingly complex global environment. While today’s warfighter is still delivering on the mission in-theater around the world, they are also delivering on a “digital mission,” operating drones, reviewing satellite imagery and sharing intelligence, and protecting the nation from a constant assault of cyberthreats. As a result, the way in which the warfighter needs to be supported has changed dramatically.
Today, Infosec personnel are key players in building a strategic advantage against the enemy. In seeing the hundreds and thousands, if not millions, of security threats targeting the agency and the warfighter, these cyber personnel have developed unique skill sets and solutions to mitigate these threats, quickly and effectively. This mindset and process of fast-paced, iterative development – DevSecOps – has been instrumental in making the DoD more agile and more capable of responding to these threats but, as with all things cyber-related, as the good guys improve, so too do the capabilities and skills of the attackers.
The critical question facing DoD leadership is how do you improve on an already agile and highly successful environment to regain that strategic advantage?
The answer lies in the incorporation of AI and Machine Learning (ML) into DevSecOps. By putting data derived from past security scans in the DevSecOps pipeline to work with AI, it is possible to reduce the number of cycles needed to identify a genuine threat versus a false positive. According to a recent whitepaper by Cyberstar, LLC “Static Application Security Testing (SAST) scans detect more vulnerabilities than traditional environments, but only a small percentage of these vulnerabilities are truly critical and require action.” Instead of diverting hundreds of man-hours into figuring out which is a real vulnerability versus which is a false alert, the DoD could use AI to identify which alerts are actionable and which are not. In taking this next-generation approach, not only is the DoD able to use it’s its highly-skilled cyber warriors in more mission-critical activities, but it optimizes the warfighter’s ability to operate successfully in today’s complex and highly dynamic theaters.
While AI-powered DevSecOps might sound like a heavy lift, the good news is with the mindset already deployed and petabytes of data already available, there are just a few more steps needed to take it from concept to action. The first step is to migrate data sets into a secure cloud. With the DoD well on its cloud journey, there’s a pathway for critical operational commands to follow suit and break down those data storage silos to make it possible to access, share, and quickly interpret data. The more data that can be used to train an AI model in vulnerability detection and credibility assessment, the more accurate the initial results will be, and the more likely it that detection of future vulnerabilities can be properly automated.
The second, and equally critical step, is the automation and interpretation of natural language. With a large segment of military orders already issued in natural language and text, the ability to assimilate, organize, and process this information automatically with advanced Natural Language Processing applications is achievable. With these words and syntax mapped and modeled, the ability to refine AI models and further enhance insight into vulnerabilities, as well as provide context and linkages to tactical operations, becomes possible.
As the DoD continues its push to the cloud both within the Pentagon and across all services and commands, the application of AI to further refine DevSecOps and enhance automation will create important strategic advantages for the warfighter. The ability to automate as much as possible with optimized security not only helps the warfighter successfully defend the nation but will also reduce both the human and financial costs of meeting the mission.
Ready to learn more? You can do that here.