Automation and AI Could Ease CORA Assessments
Officials say that emerging technology advancements will help simplify the DOD’s new cyber resiliency assessment.
Defense Department leaders at AFCEA TechNet Cyber in Baltimore this week said that technologies like automation and artificial intelligence will play a role in improving the effectiveness of the new Cyber Operational Readiness Assessment (CORA).
Charles Wille, deputy director for readiness and security inspections at Joint Force Headquarters- Department of Defense Information Network (JFHQ-DODIN), said that AI could play a role in helping identify potential threats or risks or even help with grading agencies’ ability to detect, defend and respond to emerging threats.
“There’s two veins to this: You have AI for cybersecurity in one, and cybersecurity for AI. We have this challenge here, but in this vein, we need both. We need to make sure that, as we employ AI technology, that they’re secure. And we need to leverage AI capabilities for cybersecurity,” Wille said.
“We’re looking for ways to automate that and do it at a continuous basis,” Nicholas DePatto, inspections branch chief at JFHQ-DODIN, added. “How can we automate what we’re doing? There’s going to be manual parts to everything. But if you can automate 80% to 90% of the [CORA] assessment, you could do it.”
DePatto said CORA could reach a point where continuous assessments are happening in the background without interfering with an employee’s normal work day. Eventually, a risk score report could be generated and delivered to commanders and directors to help them understand risk within the agency and where to specifically focus efforts closing gaps in security.
“The end goal is having continuous assessments and continuous monitoring of those critical capabilities within those critical assets, to really give you a day-to-day understanding,” Lt. Gen. Robert Skinner, director of the Defense Information Systems Agency and JFHQ-DODIN commander said during a keynote address Wednesday.
Wille implored those being assessed by CORA to work with their assessors to improve the process.
“We have to come to this mindset that we need to assess, we need to harden. We need to be resilient,” Wille said. “The assessor is not your adversary. We need to bring that downward, inspection to assessment… We know who the adversary is and that’s not the assessor.”
Skinner said that while CORA was progressing, it had run into some expected “bumps in the road” around training and assessment expectations.
“The level of cybersecurity posture we’re driving to a higher level, and so they just weren’t ready for that. But it’s a good thing, because now they know, and the posture is already increasing across the enterprise,” Skinner told GovCIO Media & Research. “The good thing is that we’ve learned from the first ones that we’ve done. We’ve been able to share that with everyone else and they already know what the expectation is and what the standards are for future assessments.”
This is a carousel with manually rotating slides. Use Next and Previous buttons to navigate or jump to a slide with the slide dots
-
Federal Leaders Revamp Tech Workforce, Policy
Despite the rise in interest of emerging technology, federal leaders see data, policy and the workforce as a best vehicle for change.
4m read -
Looking Back at the First Trump Administration's Tech Priorities
In his first term, Donald Trump supported cybersecurity, space policy and artificial intelligence development.
4m read -
Labor CAIO Outlines Responsible and Ethical AI Priorities, Use Cases
Department of Labor Chief AI Officer Mangala Kuppa outlined how her role is shaping the agency’s artificial intelligence strategy.
20m watch -
Elevating Cybersecurity in the Intelligence Community
The Intelligence Community is developing strategies to protect data and strengthen resiliency against emerging cyber threats.
30m watch