The State Department’s Office of Cyber Monitoring and Operations is zeroing in on two AI use cases to better defend against cyber threats, with Director Manuel “Manny” Medrano announcing today that the agency plans to build a cyber data visualization for its analysts by the end of the year.

The first AI use case that Medrano’s team is currently working on – in partnership with the agency’s chief data officer – is correlating all of the data sets from the security operations center (SOC) and different identity management solutions into a single visualization.

“I’m happy to say that, yes, today, that is the use case that the team is working on right now,” Medrano said on Thursday during the Government & AI Summit hosted by Nextgov/FCW. “That is going to save the team hours, instead of doing those manual checks.”

“Right now, what we’re looking at is, by the end of the year, be able to have a visual that may not be the perfect visual, but beginning to then have at least one or two analysts be able to take that visualization and then take action,” he added. “And then, one of the key areas that we’re working on is to document the metrics and [see] how many hours are we saving? How is this making us better?”

Once his team has the visualization in place later this year, he said it plans to then look at “how can we automate some parts of that.”

“Still, one of the key areas at the State Department is that we still need to have the human factor validation … that is key when it comes to AI,” Medrano stressed. “But then the other side of it is, how do we then defend against cyber threats now leveraging artificial intelligence, because that’s going to get spicy, and it’s already spicy.”

Therefore, Medrano said the other use case that the Office of Cyber Monitoring and Operations has identified is a program called defensive cyber operations (DCO). That program is all about automation and giving much-needed time back to cybersecurity analysts.

“This is a program that we’re working on right now where we have a lot of data that we’re ingesting, and then we’re trying to work with our different partners – within the private sector, our Five Eyes, and the interagency as well – to make sure that what we’re doing is making sense of the data,” he said, adding, “And then also leveraging the great technology capabilities that we have in order to automate and give some of that time back to the analyst to do more of that analytical work.”

“What we’re focusing on right now with DCO, it is what I call people, process, and technology,” Medrano explained. “So, no offense to vendors out there, but the technology is only as good as the people and the process.”

Medrano also announced that the State Department is working on building a new roadmap in partnership with Gartner to work towards “a cyber mesh architecture.”

“We’re on our way to get there. It’s not going to be a sprint, it is a marathon, but we’re working slowly, day by day, with all of those three pillars that I just mentioned [people, process, and technology] to make sure that we’re getting there to our future state,” he said.

“My goal is to be able to go from like 17 different portals that analysts have to access to maybe two or three, and then have that analytics layer, the visualization layer, and then AI to help us automate some of those simple tasks so that we can be able to be more fast at reacting and also more proactive,” the director said.

Medrano noted that neither use case is in production yet, but he teased that more news will be coming soon on “where and how we’re going to execute towards that December deadline.”

So, what is next for the State Department’s Office of Cyber Monitoring and Operations? Medrano said that the roadmap it’s working on with Gartner will lay out “the next generation of SOC operations.”

“What that means is, what we’re trying to do right now – and we’re already working on – is based on the [DCO] use case … and all the data that we have is, how can we accelerate that slowly so that we can start to gain more momentum and have greater impact? Because we are in a digital world, and right now the world is definitely requiring us to get faster.”

Read More About
About
Grace Dille
Grace Dille
Grace Dille is MeriTalk's Assistant Managing Editor covering the intersection of government and technology.
Tags