Integrating AI and Cyber into the DoD

  • By: JAIC
ncsam2019 logo

“Cyberspace is a warfighting domain, and the U.S. military must take an active role in defending the country and its allies from threats in that realm,”

- Mark Esper, Secretary of     Defense Secretary

The Department of Defense (DoD) faces a future that is fast moving, connected, and highly contested. Technology advancements are occurring ever more rapidly. Our adversaries are relentless, using both traditional and non-traditional methods to erode our ability to protect and defend the United States. As October is National Cyber Security Awareness Month, it is a good reminder that the interplay of AI and Cyber will be critical to safeguarding DoD operations as cyber-attacks increase on our networks and data, and threaten military operations.

In April 2019, the JAIC stood up the Cyber National Mission Initiative (NMI) with the goal to use AI to shrink critical timelines for cyber-threat situational awareness. The initial focuses include network incident detection, user activity monitoring, and network mapping.

AI brings to bear the capability to detect threats and malicious activities at a rate that is not humanly possible. Suspicious events, behaviors and anomalies can be rapidly identified for cyber professionals and operators to further investigate and deploy mitigation strategies. This decreases the likelihood of adversaries gaining access to DoD networks, infrastructure, and weapon systems.

Understanding that industry has a full range of capabilities that could be useful, the JAIC held an industry Day on October 3 and 4, 2019 that brought together more than 30 vendors. The vendors focused on autonomous cyber defense, user activity monitoring, social media & dark web analysis, network mapping, autonomous Dev Ops, and data engineering.

JAIC’s Initial Cybersecurity Focus Areas

Network Incident Detection:
AI will identify relevant network incidents indicative of malicious activity allowing analyst to identity previously undetectable intrusions.

User Activity Monitoring:
AI will recognize suspicious cyber persona behaviors and alert trained analyst to investigate user activity inconsistent with user accounts.

Network mapping: 
AI will allow analyst to quickly generate network maps based on limited network data or incomplete network maps.

To realize the full capabilities of AI, data must be useable. As such, the JAIC is partnering with the National Security Agency, U.S. Cyber Command, Joint Force Headquarters-DoD Information Network, and Service cyber components to create a common data framework for cyber data to curate, tag, and label operational data. This will create a trove of relevant cyber data to train DoD AI models to monitor military networks for potential threats

“The data framework is pivotal in accelerating AI to the DoD - a core mission of the JAIC. Without a data set that is properly curated, tagged, and labeled, the Department cannot make accurate inferences across our enterprise,” said Lt Col Andrew Wonpat, Cyber NMI Chief. “The framework allows Cybersecurity Service Providers (CSSPs), Cyber Protection Teams, and other cyber teams to better leverage DoD’s Big Data Platforms to gain operational advantages by applying AI models against the archived data. As more tactical units gain the capability to develop AI tools, they can use the framework’s data to train their models.”

Over the next six months, the JAIC’s Cyber NMI will be working with our DoD cyber partners to further network incident detection and user activity monitoring product evaluations, to rapidly prototype GOTS products for network mapping. Additionally, the team is looking to initiate a cyber data engineering activity resulting from discussions during the October Industry Day.