Experts Predict Artificial Intelligence Will Transform Warfare

Artificial intelligence will increasingly and dramatically improve systems across the Defense Department, the director of the Joint Artificial Intelligence Center said.

Artificial intelligence will increasingly — and dramatically — improve systems across the Defense Department, the director of the Joint Artificial Intelligence Center said.

Army Lt. Gen. John N.T. ”Jack” Shanahan spoke remotely from the Pentagon yesterday with Dave Deptula, dean of the Mitchell Institute for Aerospace Studies.

”It is my conviction and deep passion that AI will transform the character of warfare in the Department of Defense in the course of the next 20 years,” Shanahan said. ”There is no part of the department that will not be impacted by this, from the back office to the battlefield, from under sea to cyberspace and outer space, and all points in between.”

Artificial intelligence, often called AI, has been happening in commercial industry, but that effort only started in earnest in the department about 10 years ago, he noted, but ”we’ve been stuck in first gear in terms of fielding.”

​DOD has long struggled with how to take the world’s best research and development and field it at speed and at scale, he added.

Since the Joint Artificial Intelligence Center began operations about two years ago, all of the foundational elements have been put into place, Shanahan said, noting that the center now has 185 employees with a $1.3 billion annual budget.

Shanahan elaborated on what artificial intelligence foundational elements mean —  including AI strategy, policy, ethics, coalition partnerships, rules of engagement, user testing and evaluation.

All those elements were brought into the Joint Artificial Intelligence Center, where integrated product teams for projects do all of that work simultaneously, as opposed to sequentially, he said. ”In the department, those tend to happen in very different places, and sometimes they don’t happen at all.”

The center’s initiatives are focused on lower-consequence, lower-risk missions such as preventive maintenance, humanitarian assistance, defensive cyber and business process transformation, he said.

But perhaps the most important current focus is on joint warfighting operations, he said.

Over the next one to two years, the goal will be delivery of these AI-enabled systems to the warfighter, he said. ”We have to show we’re making a difference,” he added.

Shanahan said moving the department from being an industrial age, hardware-driven force to being an information-age, software-driven, more risk-tolerant one won’t be easy. Nor will it be easy to choose where to take those risks and how to take those risks, he said.

”We’re dealing with 60 years of legacy systems, legacy workflows, legacy talent management. You can’t just bolt those cutting-edge technologies onto … legacy equipment and expect to transform the Department of Defense,” he said, adding that, culturally, AI has to be in the fabric of the department and what DOD does every single day. (June 2020) Experts Predict Artificial Intelligence Will Transform Warfare

DOD to Require Cybersecurity Certification in Some Contract Bids

By the end of September 2020, the Department of Defense (DOD) will require at least some companies bidding on defense contracts to certify that they meet at least a basic level of cybersecurity standards when responding to a request for proposals.

By the end of September 2020, the Department of Defense (DOD) will require at least some companies bidding on defense contracts to certify that they meet at least a basic level of cybersecurity standards when responding to a request for proposals.

DOD released its new Cybersecurity Maturity Model Certification on Friday, billed by the undersecretary of defense for acquisition and sustainment as “Version 1.0.”

By June, the department plans to publish as many as 10 requests for information on contracts that include CMMC requirements, Ellen M. Lord said during a Pentagon news conference announcing the certification effort. By September, she said, the department will also publish corresponding requests for proposals that include those requirements. By fiscal year 2026, all new DOD contracts will contain the CMMC requirements, Lord said.

“I believe it is absolutely critical to be crystal clear as to what expectations for cybersecurity are, what our metrics are, and how we will audit for those expectations,” Lord said. “CMMC is a critical element of DOD’s overall cybersecurity implementation.”

Lord said cybersecurity risks threaten the defense industry and the national security of the U.S. government, as well as its allies and partners. About $600 billion, or 1% of the global gross domestic product, is lost through cyber theft each year, she noted.

“Adversaries know that in today’s great-power competition environment, information and technology are both key cornerstones,” she said. “Attacking a sub-tier supplier is far more appealing than a prime [supplier].”

The CMMC gives the department a mechanism to certify the cyber readiness of the largest defense contractors — those at the top who win contracts are called “primes” — as well as the smaller businesses that subcontract with the primes.

The new CMMC provides for five levels of certification in both cybersecurity practices and processes.

“Something … simple in Level 1 would be, ‘Does your company have antivirus software? Are you updating your antivirus software? Are you updating your passwords?'” said Katie Arrington, DOD’s chief information security officer for acquisition. “CMMC Level 1 is the basic cyber hygiene skills we should be doing every day. They are there to protect yourself, your company and your own information.”

By CMMC Level 2, Arrington said, the department will also begin looking at cybersecurity processes as well, to ensure cybersecurity is not just practiced, but that a company is effectively documenting, managing, reviewing and optimizing its practices across its entire enterprise.

Arrington said that for the roughly 10 requests for information  and requests for proposals DOD is expected to publish later this year for potential contracts, she expects a mix of CMMC certification levels will be required.

“We’ll have some CMMC Level 3, CMMC Level 1, and there may be one or two with the 4 or 5 CMMC levels going out,” Arrington said.

The department will not be certifying potential defense contractors for CMMC on its own. Instead, Lord explained, a series of CMMC “third-party assessment organizations” or C3PAOs, will conduct those assessments. The C3PAOs will also not be paid by the department, Lord said. “That’s a private transaction between industrial base companies and those of certification bodies,” she added.

No C3PAOs have been designated to conduct the assessments yet, Lord said, noting that while multiple companies are interested, DOD has not yet designated who is qualified.

A newly created 13-member CMMC accreditation body, made up of members of the defense industrial base, the cybersecurity community and the academic community will oversee the training, quality and administration of the C3PAOs, Lord said.

Meanwhile, she said, the department is drafting a memorandum between DOD and the CMMC accreditation body to outline its roles, responsibilities and rules. She said one area of concern will be to ensure no conflicts of interest are involved in accreditation. For example, a C3PAO would not be able to accredit itself for CMMC.

No existing contracts with the department will have CMMC requirements inserted into them, Arrington said.

Subcontractors to a prime contractor will not all need to have the same level of CMMC certification to win a contract, Arrington said.

“Security is not one size fits all,” she added. Instead, she said, depending on how controlled unclassified information flows between those parties involved in a contract, subcontractors might need only be a CMMC Level 1 company.

CMMC will ensure a more level and fair playing field for companies bidding on DOD contracts, Arrington said. Today, she said, some small businesses bidding on work might self-attest that they meet requirements to handle certain kinds of information, but in fact only are planning to meet those requirements, while another business might actually be meeting the requirements. CMMC, she said, will ensure that only companies that actually meet requirements can compete for contracts.

“We need to make sure our industry partners are prepared to take on the work, and our third-party auditors will ensure that they are implementing the practices that we need in place to secure that national defense and our industrial base,” Arrington said.

Lord said the department is aware that CMMC requirements could be a burden to some smaller companies and that DOD is working with primes and smaller companies to help them overcome that burden.

“We need small and medium businesses in our industrial base, and we need to retain them,” she said. “We will continue to work to minimize impacts, but not at the cost of national security.” (2020). DOD to Require Cybersecurity Certification in Some Contract Bids

Help me maintain this news reporting blog by donating here.