WASHINGTON — Lt. Gen. Robert Skinner stood offstage, awaiting his cue.
When it arrived, the U.S. Air Force officer and director of the Defense Information Systems Agency palmed a microphone, pressed it to his mouth and walked into the spotlight at AFCEA TechNet Cyber, a defense conference in Baltimore, Maryland.
As he proceeded, an uncanny voice came over the sound system. It sounded like Skinner, who leads thousands of military and civilian workers at the Pentagon’s de facto information technology authority. But the cadence was odd and the tone was off.
And, as those sitting close enough to the stage in May could see, his mouth wasn’t moving much.
Skinner would later reveal the first 45 seconds of his keynote speech was machine-made audio — a product of 30 minutes of training, free voice-cloning tools and clever event production.
“I’m definitely not a good lip-syncer, but think about that,” Skinner said. “Generative artificial intelligence, I would offer, is probably one of the most disruptive technologies and initiatives in a very long, long time.”
The stunt elicited laughter and applause from the audience, but also bore serious national security implications.
Those who harness artificial intelligence “and can understand how to best leverage it, but also how to best protect against it, are going to be the ones who have the high ground,” Skinner said at the time. For its part, the Pentagon is seeking $1.8 billion for AI efforts in its latest budget blueprint, as it jockeys with world powers, such as China, for superiority.
Generative AI, specifically, captured the world’s attention in November, when OpenAI introduced ChatGPT. Trained on a massive corpus of data, including webpages and books, the program can carry humanlike conversations and churn out computer code with little prompting.
Its immediate influence and prospective staying power caught DISA’s eye, too. It soon landed on the agency’s so-called Tech Watchlist, a catalog of the cutting-edge. Refreshed every six months or so, it offers a look at the Defense Department’s technological pursuits.
A list divided
DISA’s latest watch list features more than two dozen focus areas divided by five lines of effort, or LOE. They are further subdivided by their overall adoption or popularity, defined as monitor, plan, prototype or deploy. Subjects of interest include:
- Generative AI
- Quantum-resistant cryptography
- Edge computing
- Autonomous penetration testing
- Data tagging
- Big-data analytics and visualization
- Infrastructure as code
- Thunderdome zero-trust
- 5G fifth-generation network connectivity
Bill Grenzer, the technical director at DISA’s Emerging Technology Directorate, said the list helps visualize “all the technical areas that DISA is going to be looking at over the coming 12 months, or even several years out.”
“If you start in the outer ring there, the monitor ring, those technologies are brand new to us. They’re probably several years out from deployment,” Grenzer said at the conference where Skinner spoke. “The state that we’re in is, we’re trying to wrap our head around the technology and get a better understanding of the state of industry.
“As you start to move toward the center, we’re more comfortable with the technology and the state of the maturity.”
Generative AI is a new addition for fiscal 2023 and appears in the planning ring of LOE 5 in DISA’s graphic. Others, such as quantum-resistant cryptography and Thunderdome zero-trust, received updates and sit in the prototype layer.
Quantum-resistant cryptography aims to shield sensitive information from prying eyes and code-busting attempts. Military data is for now guarded by a shell of complex algorithms, but mature-enough quantum-computing capabilities powered by subatomic particles could crack them open, revealing pearls of vulnerable data.
“If you’re not watching what is going on in the world of quantum computing, it’s pretty fascinating,” said Stephen Wallace, DISA’s chief technology officer. “A few of us had an opportunity a few weeks back to go to New York and actually see some quantum computing in action. It was very impressive.”
In a similar vein, the Thunderdome approach to zero-trust cybersecurity — wherein users, devices and the need for access are continuously checked — is designed to ensure hackers have only so much reach. DISA in January 2022 awarded Booz Allen Hamilton a $6.8 million contract to develop a Thunderdome prototype.
The Defense Department and its suppliers are under constant threat of digital attack or foreign influence. The department has since 2015 experienced more than 12,000 cyber incidents, with yearly totals declining since 2017, according to a Government Accountability Office study.
Skinner in March told Congress hackers backed by China, Russia and other U.S. adversaries are applying “very high” levels of effort to infiltrate, surveil, and make off with technical plans and intelligence closely held by defense companies.
Autonomous penetration testing, or pen testing — another item on DISA’s tech watch list — is meant to more effectively identify such weaknesses.
“What we’re looking at here in this arena is trying to automate a lot of the functions a team of pen testers would do for us within the agency,” said Eric Mellott, a senior technical strategist at the Emerging Technology Directorate. “Those resources are becoming more and more limited, if you will, being able to have a team of highly skilled pen testers.”
Poking and prodding virtual defenses is critical to understanding one’s vulnerabilities and shoring up weak spots. Regular testing is key, according to Mellott, as is thinking “like a hacker.” AI could be trained to do so, and could fill shortfalls in human efforts or interest.
DISA’s emerging tech watch list has evolved over time — in terms of content, purpose and outward appearance. What was once primarily used to communicate interests with industry is now also used to relay needs to a broader audience inside and outside the agency.
“It’s changed quite a bit,” Wallace said. This year, it received “a little bit of a facelift, visually.”
Several technologies have successfully navigated the chart, making it from the monitor phase to widespread deployment. They include cloud-based internet isolation, or CBII, and identity, credential and access management, otherwise known as ICAM.
The former further insulates networks from intrusions by hosting internet browsing in an isolated cloud environment, thus transferring traffic away from a user’s device. Officials in 2020 told C4ISRNET the program is especially important given the explosion of remote work tied to the coronavirus pandemic.
The latter is a means of tailoring what information is available to a person while also keeping tabs on those plugged in. Maj. Gen. Jeth Rey, the director of the Army’s Network Cross-Functional Team, likened it to a banking app.
“You secure a connection with the data environment. It identifies your identity through your eyes, your biometrics, and then it allows you access to data that your credentials will allow for,” he said in an interview in 2022. “And it has boundaries, so you don’t go left or you can’t go right. It quarantines you.”
The Pentagon published an ICAM strategy in 2020, in which the department recognized its own failures to “maximize the strategic, operational, and tactical benefits of information sharing.” Leaders have since said ICAM is pivotal to Joint All-Domain Command and Control, an ambitious vision of seamless communication across land, air, sea, space and cyberspace.
Overall, the tech watch list has proved “very useful for us, for how we want to focus on technology and how we, ultimately, want to deliver,” Wallace told C4ISRNET. “That’s just helped a lot of our thinking within the agency.”
Colin Demarest is a reporter at C4ISRNET, where he covers military networks, cyber and IT. Colin previously covered the Department of Energy and its National Nuclear Security Administration — namely Cold War cleanup and nuclear weapons development — for a daily newspaper in South Carolina. Colin is also an award-winning photographer.