Thousands of attendees from the Defense Information Systems Agency, Defense Department, U.S. Cyber Command, and industry turned out to talk technology at TechNet Cyber 2023 and browse innovations from 354 exhibitors.
Hosted by AFCEA on May 2-4 at the Baltimore Convention Center, the flagship event brings together military and industry partners to discuss current challenges and how to address them. This year’s theme, “The Urgency of Action: Focused, Aligned and Ready,” highlighted the difficulty of finding the right defenses in a domain that is under constant and evolving threats.
A common refrain from the event was the need for DOD and industry to work together. For instance, Army Gen. Paul Nakasone, commander of U.S. Cyber Command, said collaboration is crucial in today’s complex cyber setting. Calling “steady state” an anachronism, he said that competition, crisis and conflict are the new watchwords. “In this environment, the winners will be those that can set conditions for dynamic collaboration, that enable understanding and action,” Nakasone said.
Michael Clark, director of acquisition and technology for the command, said he plans to create a lab and executive office with a $3.2 billion budget by fiscal year 2027 to obtain digital capabilities “at the speed of operational relevance.”
Artificial Intelligence at Center Stage
Given the media coverage of ChatGPT’s emergence, it’s no surprise that artificial intelligence was a main topic of conversation at this year’s event, but reactions to it were mixed.
DISA Director Lt. Gen. Robert Skinner began his keynote by letting a generative AI that cloned his voice do the talking for him. He then asked for industry’s help in understanding how to optimize the technology for defense agencies’ needs.
“Generative AI, I would offer, is probably one of the most disruptive technologies and initiatives in a very long, long time,” Skinner said (as himself). “Those who harness that and can understand how to best leverage it, but also how to best protect against it, are going to be the ones that have the high ground.”
But Craig Martell, DOD’s first chief digital and AI officer, said of generative AI such as ChatGPT, “I’m scared to death.”
On the other hand, Lt. Gen. Maria Barrett, the leader of Army Cyber Command, said other types of AI have the potential to be game-changing for defense. “We fly planes on autopilot, we land on autopilot,” Barrett said. “This is not scary to run a network in an automated way.”
The one thing everyone agreed on is that AI is a fairly nascent technology that requires more research. “I think we have a few steps to consider before we can do AI/ML [machine learning] at scale for cybersecurity,” said Wendell Foster Jr., executive director at the Joint Force Headquarters – Department of Defense Information Network. “We believe that there will always be a human in the loop for a lot of those key decisions in cyberspace operations.”
Several officials have their eye on yet another emerging technology: quantum computing. A new report from McKinsey, a research firm, states that it is “a completely new approach to computing.”
One area of particular concern is quantum computing’s ability to crack encryption, so efforts are underway by government and industry researchers to try to maintain crypto systems’ security. For instance, the National Institute of Standards and Technology has signed cooperative research and development agreements with 19 companies to study algorithms that could run in traditional computing but protect against quantum computing decryption, said Bill Newhouse, a cybersecurity engineer and project lead at NIST’s National Cybersecurity Center of Excellence.
Meanwhile, existing algorithms won’t go away as soon as new ones are validated, Newhouse added. “Maybe on the day that we know a cryptographically relevant quantum computer exists, NIST would say, ‘We need you to stop using those algorithms.’ But until we have more evidence in that space, it’s going to be a measured approach,” he said.
Zeroing in on Zero Trust
No conversation about security today is complete without zero trust.
DISA recently completed the prototype of Thunderdome, a zero-trust network access architecture, although Brian Hermann, cybersecurity and analytics director at the agency, noted that “we also have some contracting activity that’s going on behind the scenes as well.”
And Randy Resnick, director of the Zero Trust Portfolio Management Office within the DOD Chief Information Officer’s Office, said the goal is to achieve target level of zero trust in 2027. “Target level for us means being able to stop the adversary,” Resnick said.
Key to that will be multivendor integration, he added, encouraging companies to map products and services against DOD’s seven pillars of zero trust.
It sounds like the next few years will be pivotal for defense cybersecurity. We can’t wait to see what develops!