screenshot from https://www.youtube.com/watch?v=ARJ8cAGm6JE

HAL 9000

WASHINGTON: The Pentagon’s year-old Joint Artificial Intelligence Center is giving all comers until July 26th to submit proposals for cyber and information warfare. JAIC’s Cyberspace National Mission Initiative (CNMI) is working with Undersecretary Griffin’s Rapid Reaction Technology Office (RRTO) to find a wide range of AI tools, from automatically patching weak points in military networks to hunting hacker hangouts deep in the Dark Web.

Companies whose ideas catch JAIC’s eye might get invited to make “short technical presentations” at an industry day — excuse us, a “Solutions Meeting” — on a date-to-be-determined late summer or early fall. If your presentation goes well, you might “be selected for pilot projects or experimentation.” But there’s a gauntlet to run first.

While anyone can apply via email, each company is allowed one — and only one — proposal, and they have to make their case in “less than 100 words.” That suggests JAIC is casting the widest possible net, but also expecting it’ll have to throw out a lot of the fish and wants to waste as little time on that winnowing process as possible.

CNA photo

Larry Lewis

The Department of Defense is “casting a wide net in support of this National Mission Initiative, [because it] is particularly suitable for off-the-shelf solutions,” said Larry Lewis, director of the Center for Autonomy & Artificial Intelligence at CNA. “Compare that to other NMI topics — e.g., targeting, disaster relief — that are more specific to the military, where DOD will need to rely more on tailored solutions to address its unique requirements and challenges.”

Because the Pentagon’s cybersecurity needs have a lot in common with those of the private sector, which already invests over $100 billion a year in defenses, there are plenty of innovative companies to choose from — if the Defense Department can get them interested in the military market, which is notoriously bureaucratic and hard to break into. A 100-word email is a low bar to entry, so JAIC Is probably hoping it can get a lot of applicants who might not otherwise bother.

So the hard parts of this process are not applying, but convincing JAIC in under 100 words that you have solutions to some truly tough problems.

Of the six technology categories they’re looking for, three involve cybersecurity. The common theme is applying Artificial Intelligence (AI) and machine learning to spot and even fix potential problems before an attacker can exploit them — in stark contrast to classic antivirus software that can only find malware that’s already been unleashed, detected, and analyzed. One category asks for AI-enabled analysis of not only public social media, itself staggeringly fast-moving and complex, but also the hidden sites of the Dark Web, which are specifically designed to be unsearchable and anonymous. The final two categories ask for AI to automate aspects of developing software — which could potentially speed up responses to cyber attacks — and to manage massive amounts of data — the raw material all modern machine learning systems need to grow.

JAIC Needs Statement 06-26-19 by BreakingDefense on Scribd

Six Categories

Let’s break down what the Joint AI Center is looking for in more detail. The JAIC wants new ideas about how AI and machine learning can be applied to six areas of cybersecurity: autonomous cyber defense, user activity monitoring and attribution, social media and dark web analysis, network mapping, autonomous software development (DevOps), and data engineering.

Autonomous Cyber Defense: JAIC wants artificial intelligence that can monitor networks for any activity out of the usual (“anomaly detection”). This is the best way to spot zero-day attacks, which use malware no one’s seen before to attack vulnerabilities no one knew was there (meaning there have been “zero days” to analyze and fix the problem); these kinds of attacks often go undetected for weeks, or months as the attacker steals data unimpeded. JAIC wants the detection algorithms to automatically and immediately trigger defensive responses, rather than alert an often-overworked human supervisor and wait for their relatively slow protein-based brain to react. They also want AI to scan networks for vulnerabilities and then patch them by writing new code — again, without requiring human intervention.

User Activity Monitoring & Attribution: A key component of cybersecurity, which the JAIC request pulls out in a separate section, is figuring out who’s using your network, what they’re doing, whether they’re authorized to do it, and — authorized or not — whether it’s unusual enough to worry about. Bradley Manning, for example, was a legitimate user downloading files he was allowed access to, but intelligent security software would have flagged how many he was copying when compared to a normal user. Edward Snowden reportedly talked other users into giving him their passwords. And there’s a long list of agencies and companies that fell prey to phishing emails that tricked employees into giving away their log-in credentials. One small subcontractor with little cybersecurity expertise can inadvertently open a backdoor not only to its own operations but to its larger and more tech-savvy partners. So JAIC wants AI that can develop a baseline of normal user behavior, detect deviations from that norm and flag it for investigation.

Social Media & Dark Web Analysis: A host of bad actors from scam artists to criminal hackers, from ISIS recruiters to Russian propagandists operate both on normal social media — with both real and fake profiles — and in the closed circles of the Dark Web. Operating alone, in criminal networks, or on behalf of a nation state, they often congregate in communities of like-minded malefactors to share software, buy and sell data, and spread disinformation. Machine learning finds patterns in communications that can identify individuals and communities, analyze how they operate, understand their motivations and characteristics and then pinpoint potential targets.

Network Mapping: Do you know everything that’s on your network? With more and more devices capable of connecting and disconnecting, from smartphones to cloud backups to WiFi baby monitors, you probably don’t. That renders obsolete the classic castle-and-moat network security structure, where a series of firewalls protect data within clearly defined perimeters. Cloud computing and mobile devices have pushed the perimeter out to wherever a user logs onto the network. Network mapping can protect this expanded perimeter by identifying devices that connect to the network, authenticating these devices automatically, and tying them to individual users.

Autonomous DevOps: The software development methodology called DevOps (Development Operations) is also known as “agile” because it embraces an iterative process: develop a little, get user feedback, field a little more, and repeat, thus continuously improving the product. Autonomous DevOps accelerates this even more by automating key functions — in particular, testing, which requires brute-force checking of combinations that humans are bad at — and making some improvements automatically.

Data Engineering: Cybersecurity in general increasingly relies on massed data to figure out what’s going on, what’s normal, what’s not, and develop the more resilient, more automated networks discussed above. But all this requires aggregating and sharing data, extracting relevant content and tagging data so it can searched for and found. Those are processes that can require hundreds of mind-numbing hours for humans. Using AI to digest the data instead could allow much-needed breakthroughs in cybersecurity.