AI Will Drive Cyber Efforts at CYBERCOM Amid Zero Trust

United States Cyber Command plans to rely on artificial intelligence (AI) and machine learning to improve cyber defensive operations as the cyber landscape grows increasingly hostile, according to CYBERCOM Executive Director Dave Frederick speaking at the Defense One Tech Summit Tuesday.

CYBERCOM’s innovation unit, DreamPort, is working closely with the Defense Department’s new Chief Digital and AI Office (CDAO), the Defense Innovation Unit (DIU) and the Defense Advanced Research Projects Agency (DARPA) to expand AI and machine learning “for a whole range of missions.” CYBERCOM also just began an internal survey of its machine-learning requirements to support use cases.

One upcoming use case involves AI-powered synthetic users on a test network to help train and prepare cyber operators and analysts for real-time cyber threats.

“Just setting up a static network isn’t sufficient in terms of realism because, in a real network, you’ve got administrators and users,” Frederick said at the event. “Someone may notice something is off and tip off our security operations center. To elevate our game in training and mission rehearsal, we want to see if we can develop in partnership with industry, simulate the actual presence of people on the network and the uncertainty that can be introduced.”

This use case aligns with CYBERCOM’s three mission goals: defend DOD information networks, defend the nation and critical infrastructure against cyberattacks, and support joint force commanders.

Building on that mission set, training cyber operators and preparing for joint force readiness are major priorities, Frederick said.

“How do we look at our cyber mission teams and make sure our operators and analysts are the best qualified, lethal in the world?” he said. “We have a major focus on workforce, how do we recruit and train civilian operators? And our joint warfighting architecture — we have a series of systems we use for cyber missions, and we’re looking at trying to improve the cybersecurity of those systems.”

The 2022 National Defense Authorization Act (NDAA) gave CYBERCOM more budgetary control over investments at the joint force and military service levels, which allowed CYBERCOM to pivot and adjust funding and priorities as needed to address the onslaught of cyberattacks and cyber threats over the past few years. CYBERCOM is “getting ready” for more budgetary control in 2024, Frederick said.

Rapid development of new cyber capabilities in a DevSecOps environment will be key to success.

“The cyber environment is changing every day, we have to have a really agile system,” Frederick said. “It’s not a system where we’re building aircraft carriers. It’s about data and software, and we need to integrate those capabilities very rapidly. Budget control will help us move dollars around more effectively.”

Zero trust is also critical to CYBERCOM’s mission and priorities, with the Defense Information Systems Agency’s (DISA) Thunderdome zero trust prototype being “an important step forward.” Zero trust as a concept is “really important” for all of DOD, Frederick said.

“Air Force has a zero trust prototype underway, as does Navy,” he said. “We had a zero trust testbed in place for the last few years [at DreamPort] to test and let our computer scientists work with NSA and DISA and the industry to test out some basic ideas. From those experiments, now we’ve got these prototypes emerging at the DISA level and services.”

CYBERCOM sees synergy between its zero trust and AI efforts.

“A key part of zero trust is to spot processes on your network that seem suspicious — we see a place for [machine learning],” Frederick said. “A deeper look at where that’s going to go, I can’t comment much more. We’re still in learning mode with zero trust and the prototypes that are kicking off.”

To further support its cyber and AI research and development and cultivate a cyber talent pipeline, CYBERCOM launched an academic engagement network in January. The network already boasts nearly 100 member universities.

“We’ve had two professors speak to our workforce about election security threats [such as] social media disinformation and the technical side,” Frederick said. “On the flip side, we’ve had a zero trust session. One of our senior leaders held a tech talk with professors and students to talk about where we’re going with that. We’re going to do some follow-up tech talks in the fall.”