AFA 2024 — A key Air Force cybersecurity official told Breaking Defense he wants to use artificial intelligence and machine learning to help sort through the millions of cybersecurity alerts the service gets every day.
Lt. Gen. Thomas Hensley, commander of the 16th Air Force, the service’s information warfare organization, said the Department of the Air Force (DAF), which includes the Space Force, receives an overwhelming nearly 2.5 million cybersecurity alerts each day. And, he said, that number will only grow as the DAF connects more weapon systems and more battle management systems.
Hensley’s solution: Develop AI and ML programs to comb through and track the the cyber alerts, helping to weed out false alarms, so humans can focus on the “analytical work” for true threats.
“So AI/ML, [will] take all of this data, do the metadata analysis, do the content triage and filter up the information that only human beings can do, and that’s the nuanced, focused, analytical work,” Hensley told Breaking Defense in an interview at the Air, Space and Cyber Conference Tuesday.
He said the Air Force currently has capabilities like the Enterprise Logging Ingest and Cyber Situational Awareness Refinery system database among others — both help servicemembers log data more efficiently — but the service hasn’t bolted on “the AI/ ML logic that can help us do things faster.”
Regarding the popular concern that AI is going to succeed in taking over human jobs, Hensley said, “this is not the case.”
“It’s going to help human beings do their job better,” Hensley said, adding that hiring more people to monitor and analyze the millions of cyber alerts a day is not a viable solution.
“What I tell people is we’re not going to mass [hire] our way out of this. We’re not going to be able to hire more people to monitor all the sensors, and so we’ve got to be smarter with the technology that we have,” he said.
The idea of an AI or ML platform that could sort through and analyze data at a basic level may not be too far fetched for the DAF. It previously released a large language model for Airmen, Guardians, civilians and contractors called the Non-classified Internet Protocol Generative Pre-training Transformer, or NIPRGPT, which serves as the DAF’s rendition of the popular public generative AI known as ChatGPT. NIRPGPT’s goal is to help users with communications and more mundane tasks on a secure system.
While the DAF is focused on implementing AI and ML capabilities for speed and efficiency purposes, Hensley emphasized cybersecurity will remain a focused priority. He said the cutting edge systems must have cybersecurity “baked in from the beginning” if they want to withstand today’s information warfare environment, a philosophy he mentioned has been a critical lesson learned from the war in Ukraine.
“I think the key there is starting with cybersecurity, protecting your information. That is the foundation of all that we do. So whether it’s, you know, using our day-to-day computer to do day-to-day work, or it’s the weapon systems that we employ, it’s the battle management systems that we utilize, we have to protect the networks,” he said.