Industry experts on Wednesday discussed how they are working with the Department of Defense (DoD) and intelligence agencies to leverage zero trust to meet the information-sharing requirements of the United States Indo-Pacific Command (INDOPACOM) and its partners.
During the AFCEA TechNet Indo-Pacific conference in Honolulu on Oct. 23, an official from Dell Technologies explained how the DoD is utilizing AI to help accelerate its zero trust journey and decision making relating to stopping and containing bad cyber actors.
“One of the key things that I saw in the DoD architecture for zero trust is that AI became a key component so you can speed up the decision making,” said Herb Kelsey, Dell’s Federal chief technology officer (CTO) and lead for Project Fort Zero. “I think that there still has to be some understanding of moving from AI as a tool, like a chat, versus AI as an assistant that can make decisions at a similar quality as a human being.”
Kelsey explained that AI should have “enough information to guide the cyber response,” including looking for the root cause and transferring information to “achieve a result.”
However, he warned, “I think we don’t have enough sophistication yet to understand when we want to have a human in the loop and when we want it to run free, and I think that’s going to be a challenge to balance out within these [zero trust] environments.”
Adam Stevens, the director at Apex Logic, noted that there “very simple assets” that exist today that can help build up collaboration across INDOPACOM and its partners.
“Microsoft has a bevy of [assets]. Dell has a bevy of them. There are other providers around here that have a bevy of them. Those collaborative assets that bring us into one space and allow us to share on the data, in our perspective, matter,” Stevens said during the panel. “Breaking down that data and breaking down barriers to collaboration, a lot of those systems can be something as simple as [Microsoft’s] SharePoint … There are simple systems out there that can actually quite work well, but we don’t use them as effectively as we could.”
A main challenge, Dell’s Kelsey said, comes down to the need for more policies and procedures related to leveraging AI and other technologies within zero trust solutions.
“I believe we have tech that can help us,” he continued. “I think we need some policy and procedures defined so that as industry partners, we can enable that.”
Kelsey pointed to the DoD’s recent release of new guidance to help defense agencies implement target and advanced levels of the DoD’s Zero Trust Strategy.
The “Zero Trust Overlays” is a 400-page document, which consists of one overlay for each pillar in the DoD Zero Trust Strategy – user, device, data, application and workload, network and environment, automation and orchestration, visibility and analytics – and an overlay for the enablers.
Kelsey noted that it was interesting that the overlays encouraged a phased approach.
“The maturity of some of this automation is phased in. There’s a discovery phase, and then there are four follow-on phases. I think we still have work to do to understand and define the policies and procedures out at phase three and four where the full automation is envisioned,” he said.
He continued, “I think that goes to the edge. Do I want my edge systems to operate autonomously, so that they can be better protected and available and resilient, and then I have more people to loop back to my enterprise. Do I flip that? I think there’s some very interesting discussions to fully utilize what we can do and make it more effective.”
Microsoft is now offering AI software as a service to help reduce “overhead” and time officials are spending on “rudimentary tasks” and allow them to share information more quickly, Microsoft Federal’s DoD Joint Account Technology Strategist Dale Shigekane said during the panel.
“We have put a lot of effort into our AI software as a service – what we call copilots – to be able to take a lot of those everyday decisions and tasks and automate them … and also allow them to go through larger data sets to be able to pull the answers quickly,” Shigekane said.
The next generation of that, he said, is combining AI with autonomy. Shigekane urged the DoD to leverage AI to share information across the INDOPACOM more easily – particularly at the edge.
“[AI models] are going to propel us forward in this and allow that information sharing at a more rapid speed,” Shigekane said. “[We] definitely need to figure out how to move some of those models and AI services to the edge to be able to be effective there.”