The JCF Aspires to Lead in Continuous Monitoring

In developing new AI capabilities that can be fielded and scaled to meet Department of Defense mission demands, the Joint Artificial Intelligence Center’s Joint Common Foundation will provide users with an infrastructure and platforms as part of a dynamic cloud ecosystem that emphasizes speed, rapid iterations, automation, and Continuous Integration/Continuous Delivery of AI models and applications. Unfortunately, traditional software security tools were designed for the pre-cloud computing era, where boundaries were well defined and where security tools were not proactive enough to manage the risks associated with a cutting-edge AI software factory.

For this reason, the JCF will not rely on the traditional “castle and moat” strategy where a security team focuses first and foremost on protecting the perimeter of the network against intruders and performs occasional sweeps of the system for threats. Instead, the JAIC cybersecurity team will deploy an innovative, forward-looking “Continuous Monitoring” strategy that adheres to Zero Trust principles.

Next-generation Continuous Monitoring is much more proactive and adaptive than traditional approaches in that security never stops looking for and responding to suspicious activity at all levels of the network. “ConMon,” as it’s referred by cybersecurity professionals, is considered the core of any modern defensive cybersecurity strategy that an organization deploys to protect its information assets.

“Purpose-built” for the JCF, this new strategy will provide continuous vigilance of the entire JCF ecosystem in real-time and will integrate security and compliance checks into the development pipeline. The ConMon strategy will enable the security team to define the types of information that move across the network—along with the ability to actively monitor and defend it.

“As we work on our software factory, we will be bringing in Artificial Intelligence/Machine Learning models, data, and new sets of users all the time, so you can’t just do a security check at the end of that process, or once a month, or even once a day,” said Susan Minsek, Senior Information Security Officer for the JAIC. “You need to do these all the time—continuously—as threats are coming in all the time.”

This new strategy is more than just continuous risk assessment, continuous scanning and vulnerability testing, and continuous threat identification and mitigation. It also involves defining policy rules based on applications, workloads, and their relationships across environments and incorporating cutting-edge frameworks, mechanisms, and strategies that:

• Share threat intelligence and risk analysis across the community of users.
• Rely on analytics and Machine Learning to continuously evaluate behaviors within the development environment for suspicious activity.
• Limit the scope of potential cyber-attack damage against DoD AI/ML enabled software.
• Monitor and analyze the performance of cloud infrastructure in real-time, which increases visibility into and control over the network.

Another aspect of the JCF Continuous Monitoring strategy that separates it from traditional approaches is the extension of security responsibility and capability beyond just the cybersecurity team. In other words, the security fabric that’s being developed is intended to be used by and for the benefit of developers, not just the security team.

“Continuous Monitoring is everyone’s shared responsibility,” said Minsek. “And that requires a cultural shift as much as it requires new advanced technologies.”

To equip users with the skillsets they will need to successfully and securely operate within the JCF environment, the cybersecurity team continues to educate users on policy requirements, best practices, emerging tools, and security-aware agile processes.

Once fully implemented, Minsek said, the new JCF ConMon strategy will not only effectively secure the JCF but it will establish DoD-wide trust in the JAIC. Other benefits for the JCF and its Mission Initiative partners include the ability to:

• Allocate finite resources in the best way possible.
• Effectively scale workloads as they become more complex and distributed across internal and cloud environments.
• Provide real-time quantitative and qualitative metrics to improve the cybersecurity posture.
• Build a Continuous Authority to Operate and CI/CD culture based on DevSecOps principles so teams can rapidly deliver AI products and capabilities across the DoD.