The Defense Information Systems Agency complex at Fort Meade, Md.

The Defense Information Systems Agency complex at Fort Meade, Md. Thomas L. Burton, DoD

DISA Enlists AI to Fight Cyber Threats

The agency is also creating a Chief Data Officer.

In the near term, Defense Information Systems Agency officials plan to strategically employ artificial intelligence capabilities for defensive cyber operations.

“First of all, the threat has never been higher. It's also been commoditized: Malware has become commercialized as essentially organized crime on an international scale,” Deputy Commander of the Joint Force Headquarters-Department of Defense Information Network Rear Adm. William Chase III, told reporters during a media roundtable last week. “So, one of the first questions we have to ask ourselves is: ‘What are we actually vulnerable to?’”

The press event was associated with DISA’s Forecast to Industry and the release of its strategic plan for 2022 through 2024.

That document organizes some of the agency’s broad aims to “accelerate [its] efforts to connect and protect the warfighter in cyberspace” as the conflict landscape evolves. The vision includes lines of effort promoting activities to ultimately implement and refine a global network infrastructure and unified capabilities, such as “leverage data as a center of gravity,” and “drive force readiness through innovation.”  

“We're now standing up the Office of the Chief Data Officer to be able to catalog and understand all of the data sources that we have—and then be able to apply AI and machine learning to actually help our cyber defenders be able to, in more real-time, have visibility of the attacks as they're actually occurring on the network,” DISA Chief Information Officer Roger Greenwell explained.

Greenwell, who also serves as the agency’s acting risk management executive and Enterprise Integration and Innovation Center director, said officials are still in the process of finalizing who the chief data officer tapped to lead that office will be. But, he noted, the new hub is “being built out and stood up, and it is populated with a number of individuals.”

It’s establishment comes at a crucial time when DISA is processing massive volumes of data. The agency oversees roughly 300 billion Internet Protocol version 4 addresses, and recognizes that it is simply “not possible” for analysts to have visibility into all those endpoints that exist and manually manage everything.

“So, AI and machine learning are absolutely critical to that. We have some pilot efforts ongoing right now. Certainly, the Joint AI Center is a partner with us in terms of how we actually will go about taking advantage of AI,” Greenwell explained. “But that is, to me, the most critical need that we have for AI at this moment, but there certainly are other use cases for it as well.”

The CIO and other senior officials at the roundtable also reflected on pivots being made to confront modern challenges. Director of DISA’s Cyber Security and Analytics Directorate Brian Hermann noted that tools and networks are having to be rearchitected to match new demands accelerated by the COVID-19 pandemic. 

And at the same time, as the others noted, cyber crime is increasing and becoming more organized.

“The reality is that we can't continue to do the things that we've done for years, in the same way, and be secure against that threat. And so, what we're focused on is automation, AI and tools like that so that we can relieve the pressure on the analysts, and get the high priority things in front of them very quickly,” Hermann said, “and deal with the known issues—the challenges that come up all the time—in a very automated way.”