Tag Archives: US Air Force

Generative AI, DevSecOps and Cybersecurity Highlighted for the Air Force and Space Force at DAFITC 2023

Posted on by
Reply

Thousands of Space Force and Air Force personnel and industry experts convened to discuss the most current and significant threats confronting global networks and national defense at the 2023 Department of the Air Force Information Technology and Cyberpower Education & Training (DAFITC) Event. Throughout the many educational sessions, thought leaders presented a myriad of topics such as artificial intelligence (AI), DevSecOps solutions and cybersecurity strategies to collaborate on the advancement of public safety.

Leveraging Generative AI in the DoD

At the event, experts outlined three distinct use cases for simplified generative artificial intelligence in military training.

  • Text to Text: This type of generative AI takes inputted text and outputs written content in a different format. Text to Text is associated with tasks such as content creation, summarization, evaluation, prediction and coding.
  • Text to Audio: Text to Audio AI can enhance accessibility and inclusion by creating audio content from written materials to support elearning and education and facilitate language translation.
  • Text to Video: Text to Video AI is primarily geared towards generating video content from a script to aid the military with language learning and training initiatives.

Dr. Lynne Graves, representative of the Department of the Air Force Chief Data and Artificial Intelligence Office (CDAO), provided attendees with a brief timeline of how the USAF will fully adopt artificial intelligence. The overarching aim for AI integration is to make it an integral part of everyday training, exercises and operations within the Department of Defense (DoD).

  • In FY23, the DoD is focusing on pipeline assessment. Using red teaming where ethical hackers run simulations to identify weaknesses in the system, internal military personnel target improvement of their infrastructure and mitigation of the vulnerabilities in the different stages of the pipeline.
  • In FY24, the emphasis will be on the Red Force Migration policy, which involves developing, funding and scaling the necessary strategies.
  • In FY25, the goal is for the department to become AI-ready. This entails preparing for AI adoption at all agency levels, establishing a standard model card that explains context for the model’s intended use and other important information, creating a comprehensive repository of data and implementing tools for extensive testing, evaluation and verification.

Carahsoft AI, Cybersecurity, DevSecOps at DAFITC Tradeshow Blog Embedded Image 2023USSF Supra Coders Utilize DevSecOps for Innovation

The current operations of United States Space Force (USSF) Supra Coders involve a range of activities that combine modeling, simulation and expertise in replicating threats. These operations are conducted globally, and currently include orbit-related activities, replication of DA ASAT (Direct Ascent Anti-Satellite) capabilities and the reproduction of adversarial Space Domain Awareness (SDA).

The USSF Supra Coders have encountered limitations with software solutions, including restrictions tied to standalone systems, licensing structures with associated costs and limited adaptability to meet the specific needs of aggressors and USSF requirements. DevSecOps presents a multifaceted strategy for mitigating the identified capability gaps noted by the USSF Supra Coders. It can help create more effective and efficient software solutions through seamless integration of security protocols, streamlining system integration processes, optimizing costs and enhancing customizability.

Cybersecurity Within the Space Force

Cybersecurity is a shared responsibility across the DoD but is especially relevant for the U.S. Space Force. As a relatively newly emerging branch of the military, the Space Force is still developing its cyber strategies. Due to its completely virtual link to its capabilities, the USSF must prioritize secure practices from the outset and make informed decisions to protect its networks and data.

Currently, the Space Force is engaged in the initial phases of pre-mission analysis for its cyber component which serves as a critical element for establishing and maintaining infrastructure through the integration of command and control (C2). These cyber capabilities encounter a series of complex challenges, which necessitate a multifaceted approach including the following solutions:

  • Enforcing Consistent Cybersecurity Compliance
  • Developing Secure Methods to Safely Retire Old Technology
  • Enhancing Cryptography Visibility
  • Understanding Security Certificate Complexity
  • Identifying Vulnerabilities and Mitigating Unknown Cyber Risks

While the Space Force faces a uniquely heightened imperative to bolster its cybersecurity capabilities with its inherent reliance on information technology and networks in the space domain, the entire community must collaborate effectively to achieve military leaders’ targeted cybersecurity capabilities by the goal in 2027.

The integration of generative AI in military training, innovations through DevSecOps by the USSF Supra Coders and cybersecurity initiatives of the Space Force collectively highlight the evolving landscape of advanced technologies within the Department of Defense. Technology providers can come alongside the military to support these efforts with new solutions that enhance the DoD’s capabilities and security.

 

Visit Carahsoft’s Department of Defense market and DevSecOps vertical solutions portfolios to learn more about DAFITC 2023 and how Carahsoft can support your organization in these critical areas. 

*The information contained in this blog has been written based off the thought-leadership discussions presented by speakers at DAFITC 2023.*

Cybersecurity Initiatives from TechNet Cyber 2023

Posted on by
Reply

The global prominence of technology, cyber power and cybersecurity is vital to U.S. political and economic success. At TechNet Cyber 2023, a conference held in Baltimore, Maryland, Government, industry and academic partners discussed solving global security needs. This year’s conference, which took place May 2-4, focused on numerous topics including Zero Trust, multicloud and defense strategies against bad actors.

Thunderdome: The New Zero Trust Framework

Thunderdome is the new Zero Trust framework to improve cyber security and posture, created by the Defense Information Systems Agency (DISA), a combat support agency that provides information technology and communications support. Lieutenant General Robert Skinner, the director of DISA, attests that Thunderdome meets 131 of 153 key standards that were laid out by the Department of Defense (DoD) as a part of its strategy for Zero Trust. With that and further growth, Thunderdome is well on its way to being a vital part of Zero Trust cybersecurity.

Carahsoft TechNet Tradeshow Blog Embedded Image 2023However, Thunderdome is not a one size fits all solution, as its scalability and modularity will require ongoing assessment. At the event, Lieutenant General Skinner highlighted three key components to understanding where Thunderdome fits into agencies. They are known as the “three Ps:” posture, position and partnerships. The first part, posture, evaluates where an agency stands with its technology and processes in relation to its cyber posture. The second element, position, is the utilization of these resources to achieve the best results. And lastly, partnerships form the cornerstone of maximizing business capabilities. In relationships with allies and partners, all participants can help each other and ensure that they are all on the same page.

Much of this manifests in Thunderdome’s process of improving agency posture with regards to the workforce. Through education, the right training, retention and hiring those with the right skillsets, agencies can improve their industry posture. Lieutenant General Skinner stressed that to support the current workforce, it is vital for agency leaders to “know and understand what their capabilities are to move them in the right place.”

The Pentagon’s MultiCloud Environment

The Pentagon’s multicloud environment is designed to give practitioners access to the best of technology. However, the complexity of the multicloud environment can lead to issues if not managed correctly. To combat this, Armon Dadgar, HashiCorp’s CTO and Co-founder, recommends forming a consistent way for practitioners to set up cybersecurity infrastructure on other platforms. As agencies seek to decomplexify systems, one way to achieve this in both the public and commercial sector is by establishing a consistent approach to the multicloud. Agencies should be intentional about instituting abstraction layers and begin by defining a central platform team to create a common blueprint across environments. This way, there is an organized standard for future processes.

Threats to Cybersecurity

Wanda Jones, a principal cyber advisor of the U.S. Air Force, discussed how to protect against hackers with evolving threats. Bad actors are aggressive, always moving and attacking industry’s weak spots. The best way to defend capabilities is to detect threats early on and respond in a timely manner. Agencies must always be monitoring and improving to stay on the offensive. A solid start to improving the Zero Trust is improving security architecture and providing access to those with known identities within the agency.

With the continued focus on cybersecurity, the Federal Government maintains the public’s safety and security.

 

To learn more about the topics discussed at TechNet Cyber, View the full Fed Gov Today episode co-sponsored by Carahsoft.

*The information contained in this blog has been written based off the thought-leadership discussions presented by speakers at TechNet Cyber 2023.*

Technology Trends in 2021: Workflow Automation

Posted on by
Reply

 

What is Workflow Automation?

Workflow automation can be defined as a set of repeatable activities that lead up to a common output, a complete process. Figuring out what needs to be automated is really a process of understanding the organization’s procedures and automating them. It might be something simple like documents that must go through four or five different layers of approvals. Usually that’s accomplished by having someone send emails with the documents attached to each signer in turn. But, that’s a simple workflow to automate where an email goes to the first approver and then on to the next person in line—without an employee needing to do it manually.

There can be more complex workflows with multiple different systems for sharing, processing, or managing data from one system into another. But workflow automation can ensure that an employee doesn’t have to manually pull data out of a database or connect two different systems. Instead it understands the business process, what the organization does day to day, performs the repeatable steps, and automates the process flow.

Benefits of Workflow Automation

One mundane task that can be automated is filling out forms. It benefits an organization to increase the speed and ease of use for the consumers and employees who need to fill out forms. If you’re dealing with a lot of people, the savings start to scale very quickly. The benefit can be monetary, saving time, reducing labor—or all of the above.

Workflow automation can help prefill the form, whether someone is completing a common form they have filled out previously or a new form that they’re completing for the first time. The user only needs to verify the information. It’s a huge time saver, and everyone loves that user experience.

There are more complicated and creative uses for workflow automation. If you have people creating imagery, videos, or other content for the web, you can centralize it in one place with a digital asset management tool. Workflow automation adds metadata and tags, helps report commonly used items, and aids in searches and the overall performance of retrieving content. Thus, it organizes and centralizes everything.

Benefits and Trends during the Pandemic

Adobe Workflow Automation Trends Blog 2021 Embedded ImageWorkflow automation has been making life a lot easier during the pandemic. The Air Force, for example, has a lot of airmen who are working from home and aircraft manufacturers that had been on base who must now send forms for aircraft parts online. Also, the Air Force has to recruit new candidates without storefront offices or recruiting conferences where they give presentations.

There’s been a huge expansion in workflow automation for those types of audiences. The Air Force has to envision its candidates as customers who are potentially interested—and now you have to sell to them. A potential airman goes online and wants to see what the Air Force has to offer. Workflow automation allows the system to personalize that experience

Automation personalizes the recruiting experience to keep the candidate interested and moving through the process, even leading up to filling out the candidate form. Furthermore, it generates leads and helps transfer the data to backend databases and systems such as a CRM system for recruiters—who can work through the leads and follow up. Automation can be a key element to ensure their recruiting workflows are generating qualified leads.

Workflow Automation to Keep Documents Moving

With the pandemic, more of the Air Force’s internal processes must be done remotely. They need collaboration, virtual meetings, filling out forms, and other processes at a much greater scale. They must share knowledge internally before even producing external content.

It became even more important to have some workflows that could keep things moving and make data-sharing easier—to create reports or provide content and data intelligence. They’ve been figuring out how they can make better decisions by using the available data. Workflow automation is the underlying foundation to enable that process.

Moving documentation across the Air Force is incredibly important for its policy and publications workflows to function properly. An aircraft part is important to a maintainer and a well-maintained aircraft is important to a pilot. It takes a lot of forms and coordination, with data moving around, to keep airplanes flying.  An intensely manual process such as filling out forms for shipping and inspecting parts can now be handled easily on mobile devices.

Air Force Publications

Another example of workflow automation is Air Force publications: policy or governance files that basically define all of the policies around anything and everything Air Force. They have 10,000+ people globally as content creators, authors, editors, and reviewers. When a publication is created, it is worked on by many different people in different organizations—with strict governance because creating a policy means it has to go through multiple levels of approval.

It must be seamless and easy because spending too much time wastes manpower and money. They also have multiple authors for editorial reviews or co-authoring with multiple people on the same publication—as well as issues with managing version control.

They needed to find a simple, intuitive, and easy system to produce these publications. So they set up workflow automation with a content management system and were blown away about what could be automated. They could drastically reduce the number of emails being sent, take care of version management, prevent documents from getting lost, etc.

They leveraged a simple, intuitive user interface, where airmen could have appropriate roles and permissions and define the requirements for the publication so everybody could work on it collaboratively. The result impacts the entire Air Force—and all of its policies and publications. It’s also repeatable across the DoD. Thus, it presents an opportunity for the larger DoD to take what the Air Force is doing and adapt it to save an immense amount of time and money.

Listen to our Podcast to hear our more in-depth conversation about workflow automation, its importance over the last year and what we can expect to see in 2021.

Agencies Build Foundation for DevSecOps Success

Posted on by
Reply

Since the development of the internet, IT professionals have been in an “arms race” with bad actors. DevOps emerged as a way to restructure the development process by bringing developers and operations teams together to create new applications, thus ending the cycle of vulnerabilities and software patches. But security still needed a seat at the table. The newest approach is DevSecOps — both a software engineering approach and a culture that promotes security automation and monitoring throughout the application development lifecycle. DevSecOps is designed to break down barriers to collaboration among development, operations and security teams so they all can contribute to creating new applications. Organizations can deploy new apps with secure, efficient, functioning code — but with security as the foundation. To learn more about how your agency can use DevSecOps to reduce lead and mean time, increase deployment frequency, and cut operation costs almost in half, get up to date with “Agencies Build Foundation for DevSecOps Success,” a guide created by GovLoop and Carahsoft featuring insights from the following technology and government DevSecOps thought leaders.

 

Embracing Machine Identity Management

“One of the advantages of modern IT services is that they leverage both physical machines (computers and other devices) and virtual machines (e.g., applications, containers and code) to exchange data and execute tasks without human intervention. That makes it possible to design services that are fast, flexible and reliable. But it also raises an important security question: How do you know whether those machines can be trusted?  That’s a question of identity management.”

Read more insights from Venafi’s Senior Product Marketing Manager, Eddie Glenn.

 

The Playbook for Innovating Quickly, Expansively and Securely

“Government adoption times can be taken for granted – people aren’t surprised when something takes three years to build or 12 months to implement. Those are common refrains that often go unquestioned. They shouldn’t. Cloud changed the game by allowing agencies to spin up networks instantaneously. And that was just the beginning. Throw in microservices architectures and agile development methods that have security and operations built in; now you’re getting down the court, faster than before.”

Read more insights from SAP NS2’s Cloud Director, Dean Pianta.

 

How Developers Can Become a Security Asset

“When it comes to security, IT experts often talk about the importance of “shifting left,” that is, addressing security earlier in the development lifecycle. But it’s not just security that shifts left with DevOps. In traditional IT environments, developers were expected to adhere to a detailed IT architecture, which was updated periodically. To take advantage of today’s rapid rate of innovation in technologies and architectural approaches, agencies need to give developers more leeway to decide what languages, toolsets and capabilities they might need to build an application.”

Read more insights from Red Hat’s Cloud Native Transformation Specialist, Michael Ducy.

 

IIG GovLoop Dec. DevSecOps Blog Embedded ImageEnabling Agencies to Succeed with DevSecOps

“Instrumentation provides benefits both to the application security team and to developers. For the application security team, the tool soup approach often results in so much data, and so many false positives, that they have a difficult time gleaning intelligence from it. The unified picture provided by an instrumentation platform eliminates the noise so that the team can identify and remediate problems quickly. Instrumentation can also provide accurate feedback directly to developers, so that they can fix vulnerabilities as part of their normal work.”

Read more insights from Contrast Security’s Co-Founder and CTO, Jeff Williams.

 

DevSecOps Teams Require a Robust Orchestration Platform

“DevSecOps, by definition, is intended to promote collaboration among the development, security and operations team. But Chow emphasized that such collaboration needs to begin at the outset of a project, when defining the goals and strategy for a project. The idea is to define the overarching goal or mission of the project, then have each team prioritize their own needs and goals as it relates to that mission, said Chow. Those secondary goals become the building blocks for the strategy and shapes the development and orchestration of the application pipeline, he said.”

Read more insights from F5’s Senior DevOps Solution Engineer, Gee Chow.

 

How Culture Drives DevSecOps Success

“’When people talk about DevSecOps, they often focus on improving communications between developers and the security team. But organizations need to foster open and transparent communications at every layer of management, from the top down,’ Urban said. In particular, developers can benefit from understanding how their work fits into the larger mission – and why particular security constraints are important. ‘Good healthy communication means staying as open and transparent as you can be without compromising that security,’ he said.”

Read more insights from Atlassian’s Public Sector Evangelist, Ken Urban.

 

Modern Cloud Security Requires an Agile Approach

“Automation also paves the way to change how agencies approve IT systems for use. In a standard Authority to Operate (ATO) process, a system owner must implement, certify and maintain required security controls. The problem is that certification is based on a snapshot in time, whereas in modern cloud environments, change is constant. Systems can ’drift’ from compliance over time as new threats arise. Modern cloud solutions offer architectures leveraging containers that perform discrete tasks within a microservice environment and are in constant flux with application updates, vulnerabilities/threats, policies, etc.”

Read more insights from Palo Alto Networks’s Chief Security Officer of Public Cloud, Matt Chiodi, and Senior Product Manager, Paul Fox.

 

DevSecOps Drives Change at the Air Force

“Another challenge is how to change the culture at government agencies that are not used to major shifts in culture and may actually be averse to it. DoD is still full of silos, he said in October 2020 during Amazon Web Services’ National Security Series. ‘It goes down to even like basic partnerships.… We have so many silos and that’s really part of the reason as to why we cannot really scale things, and why we reinvent the wheel and why we don’t do very well with enterprise services,’ Chaillan said.”

Read more insights from Air Force’s Chief Software Officer and Head of Platform One, Nicolas Chaillan.

 

Army Futures Command Makes DevSecOps a Long-Term Priority

“For agencies thinking of starting DevSecOps programs, Errico has advice: ‘Spend time conducting industry analysis of use cases both inside and outside the federal space. This is very much an emerging technology, and you have to figure out the right way it will fit for your organization. That takes time and thoughtful, honest analysis.’ Once the commitment is made and a DevSecOps program is in place, he said, comes the challenge of maintaining — and expanding — cultural change.”

Read more insights from the Army Futures Command’s Software Factory Lead, Maj. Vito Errico.

 

U.S. Transportation Command Cultivates a Team Mindset

“Unlike Platform One or the Software Factory, the DevSecOps program at U.S. Transportation Command is embedded in a unified, functional combatant command that provides support to the other 10 U.S. combatant commands, the military services, defense agencies and other government organizations. That means it serves many kinds of military organizations, providing strategic mobility capability through its own vast infrastructure of people, information systems, trucks, aircrafts, ships, trains and railcars. It also means the command may consider itself a transportation organization or a strategic logistics organization, but it doesn’t necessarily view software as an essential element of its mission in the way the services do, for instance.”

Read more insights from U.S. Transportation Command’s Chief of DevOps, Christopher Crist.

 

Download the full GovLoop Guide for more insights from these DevSecOps thought leaders and additional government interviews, historical perspectives and industry research on the future of DevSecOps.

Congratulations to USGIF 2020 Achievement Award Winners!

Posted on by
Reply

Congratulations to Mark Skoog and Dr. Loyd Hook for winning a United States Geospatial Intelligence Foundation (USGIF) 2020 Achievement Award!

Skoog and Hook were honored in the Government category for their career-long dedication to implementing digital terrain solutions for safer aviation. The USGIF Awards recognize the exceptional work of the geospatial intelligence tradecraft’s brightest minds and organizations. Award winners, announced last month, were nominated by colleagues and chosen by a USGIF subcommittee. Continue reading