The tools would use automation and machine learning to respond to common cyberattacks without any human intervention, freeing personnel to focus on more complex intrusions.
The Pentagon is looking to bring in machine-learning tools to monitor its networks for suspicious activity and act as the first line of defense during cyberattacks.
Last week, the Defense Information Systems Agency started seeking out commercial cybersecurity tools that could detect and respond to incidents across the agency’s numerous networks without direct input from humans. By using automation and machine learning to defend against common attacks, the system would allow the Pentagon’s cyber personnel to focus on more pressing threats.
“DISA desires to leverage commercially available technology to strengthen its ability to detect and thwart cyber-attacks in real-time before those attacks can do the intended damage to the [Defense Department] systems DISA protects,” officials said in the solicitation. “While DISA employs a number of cybersecurity products and services, it is constantly striving to minimize the time to detect, respond to, and, ultimately, mitigate attacks.”
According to the solicitation, the tools would counter attacks by employing so-called cybersecurity “playbooks,” which are sets of pre-selected guidelines for responding to specific incidents. Once deployed, tools would analyze attacks, determine the appropriate playbook to follow, and launch a response without any human intervention.
This playbook-based approach would let tools independently respond to the most common types of cyberattacks, automating a significant amount of the workload that occupies Pentagon cyber personnel today. Instead of manually interpreting network data and executing rote playbooks, those experts would have the opportunity to focus on “harder and more immediate issues,” officials said.
The system would also improve its ability to characterize attacks over time, “drastically reduc[ing] low-level alerts and virtually rid[ding] itself of false positives and negatives,” the solicitation said.
Initially, DISA expects the tools to be capable of responding to the nearly 300 adversary tactics and techniques outlined in the MITRE Att&ck framework. Officials also want the ability to update the system with new playbooks as cyber threats evolve, according to the solicitation.
Ultimately, the tools are expected to sift through terabytes of data per day flowing through IT systems of more than 1,500 organizations, officials.
Tech experts have long touted AI’s potential to make network monitoring more efficient, and thus improve organizations’ cybersecurity. However, building those tools requires a lot of standardized training data, and for agencies like the Defense Department that rely on numerous proprietary cybersecurity services, consistent data is hard to come by. The Pentagon’s Joint Artificial Intelligence Center is currently working with the National Security Agency, U.S. Cyber Command and dozens of cybersecurity vendors to standardize data collection across the Pentagon’s sprawling IT ecosystem, which could help enable the department to roll out more AI-powered cyber defenses.