DISA eyes ‘aggressive’ goal of automating 75 percent of cyber capabilities 

TECHNET CYBER 2024 — As DISA prepares for the looming threat of China, the agency set an ambitious goal of having 75 percent of its administrative-like cybersecurity capabilities completely automated by artificial intelligence, Brian Hermann, cybersecurity and analytics director at DISA, told a media roundtable Tuesday.

“The only way that we can actually do our job with the pacing threat of China is to actually add that automation capability so that that the human analysts can take advantage of their brainpower to actually do the high-end fight stuff, not just the day-to-day normal stuff that happens all the time,” he said here at the TechNet conference in Baltimore.

“So I think that it’s an aggressive goal for us, but it’s something that we’re working hard to get after as well.”

Hermann added that though there is no defined timeline for completing this automation goal, “it’s not where it needs to be.”

However, he explained that DISA is making strides toward this goal by streamlining data into a collective space where it was created, instead of in separate silos.

“Our data analytics team has been creating a data lake architecture that allows us to have the data where it’s essentially created. If you think about this, it connects back to the DoD cloud strategy [Joint Warfighting Cloud Capability]. We have four primary cloud service providers under [JWCC] and so we’re creating the lake of data in the environment where the cybersecurity tools are providing, so it’s not going to generate a lot of exfiltration costs or transition costs,” Hermann said.

The creation of this data “lake architecture” was DISA’s next step after it sunset its Big Data Platform (BDP) in two parts that took place last year and earlier this year. With the BDP, DISA’s data was separated from each other, making it harder to eventually automate. Now, with the data moving toward being all in one place, DISA can move toward automation.

Hermann said DISA also plans for this central architecture to have a feature where users can log into one data-centric environment instead of having to use several tools to log into various databases to find a specific piece of data.

“The message that I got loud and clear from our analysts was that we’ve created a number of different silos, [and] that generated the need for them to log into a lot of different environments to do their job on a day-to-day basis. We’d like to have a more federated approach where they log into one portal and they’re able to get access to all the data, get all the insights that they need,” Hermann said.

Another benefit of this data-centric layout, Hermann explained, is that zero trust can be more easily implemented, since all the data is in one place, the necessary security precautions have the potential to be interoperable.

“We had protections at the local user’s desktop station, we had firewalls that existed at the various parts of our infrastructure, and they didn’t really talk to each other very much. So now, that’s the difference, they’re starting to talk to each other,” Hermann said.