healthcarereimagined

“We want to make sure, of course, that the directive still reflects the views of the department and the way the department should be thinking about [autonomous] weapon systems,” Michael Horowitz told Breaking Defense in an exclusive interview.

By VALERIE INSINNA and AARON MEHTAon May 26, 2022 at 10:08 AM

WASHINGTON: The Defense Department is updating its guidance on autonomous weapons to consider advances in artificial intelligence, with a revised directive slated for release later this year, the head of the Pentagon’s emerging capabilities policy office told Breaking Defense in an exclusive interview.

DoD directive 3000.09 [PDF], signed by then-Deputy Secretary of Defense Ash Carter on Nov. 21, 2012, established policy, responsibilities and review processes for the “design, development, acquisition, testing, fielding, and employment of autonomous and semi-autonomous weapon systems, including guided munitions that can independently select and discriminate targets.”

But in the decade since its release, artificial intelligence and machine learning technologies have made a massive leap forward, and it’s “entirely plausible” there may need to be revisions that reflect the Pentagon’s “responsible AI” initiative and other ethical principles adopted by the department, said Michael Horowitz, DoD director of emerging capabilities policy.

“Autonomy and AI are not the exact same thing,” Horowitz told Breaking Defense on May 24. “But given the growing importance that AI plays, and thinking about the future of war and the way the department has been thinking about AI, I think ensuring that’s reflected in the directive seems to make sense.”

It’s important to note that, based on the definition inscribed in DoD directive 3000.09, the military currently does not operate any weapon systems that qualify as an autonomous weapon — and at least publicly is not currently developing such a weapon. The department characterizes an “autonomous weapon” as an autonomous or semi-autonomous system that can choose its own targets and apply lethal or nonlethal force without a human in the loop.

The directive does not apply to unarmed drones or armed drones like the MQ-9 Reaper, whose flight path and weapons release is controlled by a human pilot sitting at a remote location. It also doesn’t apply to systems like the Switchblade loitering munitions the US has provided to Ukraine, which are programmed by a human operator to hit specific targets and can be called off when needed.

“It was the first national policy published on autonomous weapons systems, and actually remains one of the only publicly available national policies,” Horowitz said. “It set the standard essentially for the global dialogue that followed and demonstrated America’s responsible approach to the potential incorporation of autonomy into weapon systems.”

In a 2012 interview with Defense News, David Ochmanek, then the deputy assistant secretary for policy force development, described the doctrine as “flexible” and stressed the imposition of a “rigorous review process” that would now be in place before any future autonomous weapon could be approved.

But that promise has done little to assuage opponents, who raise comparisons to Terminators and have organized into efforts, such as the eponymous Campaign to Stop Killer Robots, to preemptively ban the technology. Horowitz — a longtime drone expert who once authored a paper titled “The Ethics & Morality of Robotic Warfare: Assessing the Debate over Autonomous Weapons” — is well aware of the debate around such systems, and while avoiding commenting on those concerns directly, he noted that the department’s increased focus on autonomy and AI in recent years has always been with the idea of a human being involved in the process.

“I would say the one of the things about the approach of the United States to the role of AI and autonomous systems has been imagining these systems as a way to enhance the warfighter,” he said. “It’s why, dating back a couple of administrations, the United States has talked about things like human-machine teaming, because it tends to think about AI and autonomous systems as things that work synergistically with the best trained military in the world to improve its capacity.”

Modernized AI

The update is occurring not because a major technological breakthrough is on the horizon, but because of a department standard that requires directives be updated every 10 years. Right now, it’s unclear exactly how much of the original directive will need to be revised, but Horowitz seemed to downplay massive rewrites.

“Our instinct entering this process is that the fundamental approach in the directive remains sound, that the directive laid out a very responsible approach to the incorporation of autonomy and weapons systems,” Horowitz said.

“But we want to make sure, of course, that the directive still reflects the views of the department and the way the department should be thinking about [autonomous] weapon systems,” he continued. “You know, it has been a decade. And it’s entirely plausible that there are some updates and clarifications that would be helpful.”

Horowitz declined to go into details about where he thinks changes may be needed, but did highlight that the document reflects the Pentagon of 2012, which has morphed over the course of the Obama, Trump and Biden administrations. For instance, the review process laid out in the original directive references the Under Secretary of Defense for Acquisition, Technology, and Logistics — a position that no longer exists, whose responsibilities are now split between the Undersecretary of Defense for Acquisition and Sustainment and the Undersecretary of Defense for Research and Engineering.

He also underlined that this directive would be focused on the specific subject of autonomous weapons, and not the broader AI efforts that exist throughout the department.

“When this directive was published in 2012, the notion of the way that algorithms, how algorithms might impact the military seemed pretty futuristic, or seemed further away. And autonomous weapon systems were a specific thing that the department chose to write a directive about,” he continued. “I think it’s important that the department consider the way that should then also influence this directive … given the intersection between AI and autonomous systems, and I say autonomous systems as opposed to autonomous weapon systems deliberately.

“There’s so many AI applications that can or are already influencing the American military and will influence the American military that, you know, that have nothing to do with this.”

While Horowitz’s office — only recently established — will seek out input from the relatively new defense organizations that have been stood up in the past decade, such as the office of the Chief Digital and Artificial Intelligence Officer (CDAO), other organizations that may be relative to the revamp of DoD Directive 3000.09—the Joint Artificial Intelligence Center, Defense Digital Service and Office of Advancing Analytics—are slated to become part of the CDAO office on June 1, Breaking Defense reported earlier this week.

He also expects to get inputs from the services, Joint Staff and other stakeholders — of which, he noted, there are significantly more now than a decade ago.

Article link: https://breakingdefense.com/2022/05/updated-autonomous-weapons-rules-coming-for-the-pentagon-exclusive-details/

Jaspreet Gill in Washington contributed to this report.

by Jane Edwards May 25, 2022

The Defense Business Board performed a 24-week study of the Department of Defense’s civilian workforce and found that talent management within DOD lags behind the commercial sector and that DOD fills short-term vacancies with little attention to future technology requirements and strategy to upskill or reskill them, Federal Times reported Tuesday.

The board has recommended that the Pentagon increase training opportunities for civilian employees and improve collaboration with military talent managers to keep pace with the private sector when it comes to aligning talent with work function.

“The Department doesn’t know its employees’ capabilities and requirements for the future, the systems to manage them, the policies to enable the new generation of skilled employees, or the programs to upskill them,” the DBB report reads.

According to the study, DOD lacks the data approach, organization and cultural foundation to “take its place as a bastion of STEM development.”

The report offers three recommendations for the Pentagon to better manage civilian talent and these are transforming civilian culture to prioritize talent management; prioritizing and elevating talent management within the organization; and modernizing DOD’s workforce planning and data.

Article link: https://executivegov.com/2022/05/defense-business-board-releases-dod-civilian-talent-management-study/?

Industry 4.0 sectors are adopting private networks at a fast pace, but 5G private networks will drive innovation in all businesses.

By MIT Technology Review Insights May 19, 2022

The world is rapidly moving from human-directed manufacturing using computerized assembly lines to largely automated smart factories that manufacture more efficiently using real-time data. Considered by many to be the fourth industrial revolution, or “Industry 4.0,” this transformation requires a bevy of technologies to deliver on its promise of ultra-reliable low-latency communications (URLLC). From smart devices to machine-learning systems to pervasive communications, the need for ultra-high speeds and reliability requires technologies that can connect in a variety of situations while remaining compliant with regional regulations. Technology and telecommunications providers have created a solution—5G private networks—to address the challenge.

The manufacturing industry is exploring 5G technology at an accelerated pace, largely to enable AI-driven use cases such as closed-loop manufacturing, adaptive manufacturing, predictive analytics for maintenance, and extended reality (XR)-based worker training and safety, says Jagadeesh Dantuluri, general manager for private and dedicated networks at Keysight Technologies. “It’s not about a static assembly line performing the same action time and time again, but one that can change based on their needs,” he says. “Private networks essentially enable new business models in manufacturing.”

Yet, the benefits of 5G private networks extend beyond manufacturing. Because the technology offers more reliable connectivity, faster data rates and lower latency, and greater scalability, security, and network control than previous communications technologies, 5G private networks will drive innovations in many industrial and enterprise sectors.

The benefits of 5G private networks

A private cellular network is built on 3rd Generation Partnership Project (3GPP)-defined standards (such as LTE or 5G), but it offers dedicated on-premise coverage. This is important for remote facilities where public networks do not exist, or where indoor coverage is not robust. A private network also makes exclusive use of the available capacity; there is no contention from other network users, as on a public network. Private operators can also deploy their own security policies to authorize users, prioritize traffic, and, most importantly, to ensure that sensitive data does not leave the premises without authorization.

​​The dedicated nature of 5G private networks coupled with a customized service, intrinsic control, and URLLC capabilities provides more reliable industrial wireless communication for a wide variety of use cases, Dantuluri says “Applications include wireless, real-time, closed-loop control and process automation, and AI-based production and AR/VR-based design for onsite and remote workers,” he explains. “In addition, low-cost connectivity allows sensors to become easily deployed in a wider variety of scenarios, allowing businesses to create innovative applications and collect real-time data.”

​The industrial sector is driving toward a massive digital transformation, and the integration of information-technology (IT) systems with operational-technology (OT) systems will speed up this process.  Digital technologies will also enable many new use cases, such as automated manufacturing.  

A 5G private network enables a facility to synchronize and integrate tracking data into its workflow, allowing production lines to be configured in real time, says Dantuluri. “Since the factory’s assembly lines and infrastructure, such as robotic arms, autonomous mobile robots (AMRs), autonomous guided vehicles (AGVs), and sensors, are wirelessly connected, configuring or moving assembly elements on demand is much easier. This use case demands highly reliable, low-latency wireless connectivity and coverage, and potentially high data rates in both the uplink and downlink, and maybe support for Time Sensitive Networks (TSN) in the future. This use case application can only be achieved with 5G private networks.”

Outside the industrial sector, 5G private networks enable mobile augmented-reality (AR) and virtual-reality (VR) applications, allowing, for example, engineers to view superimposed blueprints, soldiers to have heads-up displays, and businesses to have virtual meetings in the field or working remotely. “If a machine has to be repaired, and a technician or a factory worker has AR goggles, they can have technical information superimposed on the real-world device to see what is wrong,” says Dantuluri. “And the data center can send instructions about how to do the repairs, step by step.”

As enterprises realize the benefits of pervasive, low-latency, high-bandwidth, and secure connectivity, the applications of 5G private networks will expand. By the end of 2024, analysts expect investment in 5G private networks will add up to tens of billions of dollars. A separate analysis by the research arm of investment firm JP Morgan predicts that the global enterprise opportunity for 5G will exceed $700 billion by 2030.

Better security

5G private networks have improved upon previous 4G standalone network security and are better able to address several existing security threats. Like most new technology, 5G private networks will likely have security issues that need to be addressed, but security has become a primary consideration in both developing the standards for 5G and in the implementation approaches. In addition, companies can further augment those security features with novel technologies, such as more robust encryption schemes and zero trust architecture, as private networks afford complete control to its owner—a benefit not possible on public networks.

The focus on improving security will drive new and innovative applications, especially in high-security areas such as seaports and airports, says Dantuluri. “Private networks provide the flexibility of movement that seaports require,” he says. “In airports, after a plane lands, engine data can begin downloading before the plane even docks to the gate, which saves a lot of time and helps airlines stay on schedule.”

Wireless flexibility

Most manufacturing robots are tethered to wired networks, but improved connectivity and better security means that connected devices can more easily move around and stay connected to necessary systems and data. In addition, 5G networks are built to allow devices to remain connected when moving between cells, whereas many Wi-Fi networks require devices to reconnect after moving. 

This advantage pays off in scenarios where a large area needs to be covered by a wireless network, Dantuluri says. “Facilities like mines, airports, and seaports require significant geographic coverage in the order of several square kilometers,” he says. “Other wireless technologies have very limited range, making them unsuitable for these use cases.”

In addition, there are benefits for remote applications as well. Today, most offshore oil rigs, for example, rely on separate satellite communications and local networks. Not only are 5G private network connections more secure and interoperable, but they reduce the cost of hybrid communications, combining local area, cellular, and satellite networks.

A revolution in connectivity

Industry has quickly evolved over the past two decades, from steam-powered machines automating manufacturing, to assembly lines simplifying production, to computerized systems creating more precise products. Machine learning and fast, reliable connectivity promise to make the next industrial revolution, Industry 4.0, possible.

Every industry will apply Industry 4.0 advances to help improve their operations. 5G private networks will be crucial to that effort. “Today, automation is significant, but is all done with wires, so systems—industries, robotics, sensors—are difficult to quickly customize,” says Dantuluri. “As 5G private network adoption increases, all systems will be automated and connected with low-latency wireless, which will enable adaptive business models.”

Article link: https://www-technologyreview-com.cdn.ampproject.org/c/s/www.technologyreview.com/2022/05/19/1052138/5g-private-networks-enable-business-everywhere/amp/

This content was produced by Insights, the custom content arm of MIT Technology Review. It was not written by MIT Technology Review’s editorial staff.

By Loren Blinde May 25, 2022

On May 24, the U.S. Army posted an invitation to the upcoming Machine Learning Assessment Event, which will be held August 2 to 5. Responses are due by June 28.

The Cyber Fusion Innovation Center (CFIC), in collaboration with U.S. Army Cyber Command (ARCYBER) Technical Warfare Center (TWC), will host a series of events to identify existing and/or potential capabilities and expertise to reduce cognitive workloads and optimize workflows within its four mission areas (defend, operate, influence, and attack) to further increase operational effectiveness.

Background
Machine learning (ML) and artificial intelligence (AI)-enabled systems can effectively reduce Warfighter burden by automating portions of their workflows to increase Warfighter accuracy and throughput.  Warfighters with shorter, more accurate workflows will therefore increase operational effectiveness across many various lines of effort.  Defensive and offensive cyberspace workflows involve finding a capability or technique to generate an effect somewhere in an environment under certain conditions.  Understanding the entire solution space manually is cumbersome, time-consuming, and in most cases infeasible.  An AI-based system could reduce this problem to the subset of capabilities/techniques that have the highest probability of success given past experience.  This would enable faster and more accurate solution finding, ultimately improving operational effectiveness.

Known Capability Needs

1. How to proactively and continuously support asset identification and
   compliance at the network edge via at-scale enterprise network traffic
   analytics, in support of the Cyber mission. May include but not limited to identification and status of all end-points, current status of patching, and recommendations for patching priorities.
2. Automatically identify vulnerable surfaces or likely bad-actor avenues of approach to our network.  May include but not limited to dynamically identifying adversarial Grey and Red space infrastructure.
3. How to enable dynamic automation, augmentation, or reconfiguration of network infrastructure for detection of malicious intent and intervention against adversary actions in support of cyber operations at the network edge. May or may not include human intervention.
4. How to identify malicious (preferred) or anomalous behavior in data
   related to netflow or PCAP.

While the ideal solution is preferred, capabilities that address individual components will be considered. Partnerships among potential solution providers resulting in complete solutions are highly encouraged.

Review the ARCYBER ML assessment event submission instructions.

Article link: https://intelligencecommunitynews.com/arcyber-to-host-ml-assessment-event/

Source: SAM

“Without a common understanding of risk, civilian and military leaders are unable to make informed and consistent decisions about open-source data, leading to strategic missteps and tactical knee-jerk reactions.”

From fitness trackers to aircraft monitoring apps, open-source information is everywhere. The Army needs to account for it as it develops its concept of information advantage.

Maggie Smith and Nick Starck | 05.24.22

Editor’s note: This article is part of the series “Compete and Win: Envisioning a Competitive Strategy for the Twenty-First Century.” The series endeavors to present expert commentary on diverse issues surrounding US competitive strategy and irregular warfare with peer and near-peer competitors in the physical, cyber, and information spaces. The series is part of the Competition in Cyberspace Project (C2P), a joint initiative by the Army Cyber Institute and the Modern War Institute. Read all articles in the series here.

Special thanks to series editors Capt. Maggie Smith, PhD, C2P director, and Dr. Barnett S. Koven.

---

Three months ago, as Russia invaded Ukraine, the world watched as Twitter exploded with real-time data, reporting, and analysis of the unfolding conflict. It quickly became clear that the war presented analysts with an unprecedented amount of rich, open-source data on military movements, troop location, shelling damage, weapon types, and more. Ukraine has been quick to capitalize on Russia’s poor data protection and President Volodymyr Zelenskyy has become Ukraine’s most potent weapon because of his ability to use data and information and Russia’s inability to protect it.

For the US Army, a key takeaway from the Ukrainian conflict so far should be the extent to which our modern-day habits are trackable, traceable, and predictable. Open-source data presents modern militaries, especially wealthy high-tech ones, with a very uncomfortable truth: militaries are exposed because their troops are connected. Currently, the US legal and regulatory systems do not, and cannot, protect the average citizen—and therefore, the average US service member—from risks associated with the ubiquitous open-source data produced by our surveillance economy. From a national security perspective, the accumulation of open-source data on people—their habits, their likes and dislikes, their exercise routines, and more—and its potential to impact the military’s ability to fulfill its man, train, and equip mandate from Congress is deeply concerning. Also alarming is the amount of information our adversaries can glean about US strategic interests from tracking US military activity on any number of apps, like Flightradar24, which includes US military reconnaissance platforms such as the unmanned RQ-4 Global Hawk, the RC-135V Rivet Joint, and others among the aircraft it tracks, and Strava, the fitness tracking app. Ultimately, you can intuit quite a bit about where our forces may be heading, where military planners are focusing their efforts, and where the next conflict is likely to occur if you simply track where Rivet Joints are conducting sorties and service members are working out. And for the Army specifically, the existing and emerging doctrine fails to account for the surveillance economy and its open-source data, leaving a gaping hole in our competitive strategy.

Information Advantage: What Is It?

Presently, the Army is developing its doctrine for its newest term of operational art: information advantage. Information drives friendly, neutral, and adversary actors at all levels and across all domains of warfare. Information advantage is a condition of relative advantage that enables a more complete operational picture and leads to decision dominance—the sensing, understanding, deciding, and acting faster and more effectively than the adversary. Gaining the initiative and maintaining a position of relative advantage over the information environment—regardless of where we find ourselves on the conflict continuum—largely depends on a commander’s ability to achieve an information advantage over a defined target audience or adversarial decision maker in a specific context or timeframe. Complementary to information advantage is the employment of information and other capabilities as weapons, designed to shape friendly, neutral, and adversarial perceptions, attitudes, and behaviors. Ultimately, the ability to shape perception and achieve victory in modern conflict and competition is heavily dependent on trust—trust in data, among team and unit members, in leaders, in doctrine, in equipment, and in capabilities.

To achieve information advantage, the Army conceives of five, interrelated core tasks— what have been described as “information advantage activities.” Commanders must: 1) enable decision making; 2) protect friendly information; 3) inform and educate domestic audiences (a task conducted in accordance with laws and focused on public affairs office activities); 4) inform and influence international audiences; and 5) conduct information warfare. In theory, information advantage activities are synchronized through the operations process, integrated across the Army’s six warfighting functions—command and control, intelligence, protection, movement and maneuver, fires, and sustainment—and employed using all available military capabilities. After distilling the Army’s rhetoric, information advantage requires commanders to prioritize persistent sensing, ongoing analysis, cyclical assessments, and a willingness to continuously update assumptions to ensure they maintain a dynamic situational awareness of the environment—in competition and conflict. Ultimately, the Army anticipates that victory in future warfare, and in the current era of persistent engagement, will come down to who can gain the most by effectively employing information to their advantage.

The National Security Risk

Instead of gunfire or artillery explosions, some of the first signs that Russia was invading Ukraine on February 24, 2022, came from Twitter. For example, Dr. Jeffrey Lewis, an expert in arms control and nonproliferation, compiled open-source data from the traffic layer of Google Maps and shared the Russian troop movements he identified, essentially in real time, on Twitter. According to Google Maps, he Tweeted, “there is a ‘traffic jam’ at 3:15 in the morning on the road from Belgorod, Russia to the Ukrainian border”—exactly the spot where vehicles, equipment. and manpower had massed the previous day. “Someone’s on the move,” Dr. Lewis concluded, and he was right. As the Ukrainian conflict escalated, individual researchers and organizations continued to collectand analyze open-source data—also defined as publicly available information by DoD—from social media platforms, commercial satellites, and public databases. Their analysis and reporting have emerged as a critical resource on the conflict, providing combatants and observers with incredible insight and minute-by-minute assessments of what is happening on the ground.

However, the ability to track ongoing military operations through open-source data is not new—in 2016 Bellingcat released a report that used open source data to document the full scale of the Russian artillery attacks against Ukraine in the summer of 2014. In fact, using open-source data is the new normal. And various US government agencies, including the Department of Defense, rely on open-source data for intelligence and procure data through contracts with data brokers. In response, civil society and privacy watchdogs around the world have voiced concern, highlighting the risks to personal privacy associated with government-led data collection, aggregation, and use. The likely result is new legislation, like the proposed Fourth Amendment is Not For Sale Act and others.

However, the use of open-source data and large scale, legal data collection efforts frequently pose less obvious national security risks. China, for example, aggressively collects data—legally and illegally—to support its domestic and international goals. A major threat to US citizen data is China’s Beijing Genomics Institute(BGI), which has grown into one the world’s largest genomic companies after working on the Human Genome Project. BGI developed a prenatal genetic test, in collaboration with the Chinese military, that is sold and used globally. However, in addition to providing prospective parents with important genetic information, the DNA specimens are also amassed into a vast bank of genomic data that China is using to conduct large-scale studies of population traits. More than eight million women have taken BGI’s prenatal tests globally, and China has their DNA and location data stored locally in mainland China. BGI also developed a COVID-19 test and offered to set up testing laboratories in several US states at the start of the pandemic. Mike Orlando, head of the National Counterintelligence and Security Center, identified the BGI offers as a national security risk, “citing concerns about how China might use personal data collected on Americans.” Even when done legally, DNA collection by Chinese companies should be understood as part of China’s comprehensive effort to collect records and data.

On the other hand, data also creates risk for the governments that aggressively pursue it. Experts are increasingly identifying the ways that open-source data can be used to expose government activity (e.g., military maneuvers, resource allocation, travel, or policy activity) and how the ever-growing pools of open-source data generated by modern societies pose a national security risk. But we lack precision in how we describe the sources, mechanisms, and outcomes of open-source data risks, preventing the development of a coherent mitigation strategy tailored to the national security context. Without a common understanding of risk, civilian and military leaders are unable to make informed and consistent decisions about open-source data, leading to strategic missteps and tactical knee-jerk reactions—like embedding code in the Free Application for Student Aid website that sends user information back to Facebook (the code has since been removed) or banning service members from using geolocation features on devices in deployed areas (e.g., fitness trackers).

What Is Information Advantage Missing?

The piece missing from the Army’s information advantage framework is an awareness of how the persistent aggregation of open-source data in the surveillance economy impacts the Army’s ability to achieve information advantage. Because the American public is subject to the surveillance economy, US service members are, too. George Washington famously emphasized that “when we assumed the Soldier, we did not lay aside the Citizen” as a cautious reminder that soldiers are citizens first. Since service members live alongside and among the general population, service members and veterans are not only susceptible to the same targeted marketing the average citizen experiences, but are actually the target of additional foreign manipulation and surveillance efforts. Soldiers, sailors, airmen, and Marines access social media platforms and online services just as civilians do. They also purchase items online, apply for credit cards online, do their taxes with online tax preparation tools, and surf the web just like their civilian counterparts. But unlike the civilian neighbors they barbeque with, they also fight the nations’ wars. Open-source data is produced continuously by all service members as they go about their digitally connected lives alongside their civilian counterparts, making the surveillance economy an integral part of the information environment that commanders need to consider as they conduct information advantage activities.

The military is beginning to understand the potential risks presented by open-source data, particularly in combat situations, partly because examples of how open-source data can expose military information abound—from troop location tracking on Tinder to tracking stolen AirPods to SIM cards revealing Russian troop locations in Ukraine. Of course, these known cases fit neatly within traditional operational security risks and are scenarios that senior military leaders can relate to—especially when open-source data is directly contributing to deaths on the battlefield or to the identification of war criminals. However, having a tactical appreciation of the open-source data risks during periods of declared conflict is not enough to achieve information advantage—the risks to military operations are present well before any decision to go to war is made, and persist after conventional conflict ends. In fact, the risks are a constant factor in the current competition environment, making any ex post facto restrictions, regulations, or rules placed on deployment behavior inadequate and misguided. Changes need to happen at home, well before the deployment cycle begins. Failing to consider garrison operations and the ways that soldiers interact with the surveillance economy as part of the information environment that commanders need to consider for information advantage is a failure to understand when and where the vulnerabilities and threats to the force begin and a failure to account for our modern, digitally connected, human behavior.

The “So What” of Open-Source Data

For multi-domain operations, the Army frames the operating environment as including human, physical, and informational aspects. To be effective across the competition continuum, the Army proposes positioning formations and capabilities forward, so that information advantage activities are integrated into security cooperation efforts and crisis action planning on behalf of theater commanders. To coordinate information advantage activities in an area of conflict, the Army identifies that preparation must begin in competition, or when forces develop the intelligence to identify specific vulnerabilities and then gain or prepare to request the required authorities, and train to use national-level capabilities. The overall goal is operational convergence with formations postured to degrade, disrupt, or destroy adversary capabilities, while defending those of friendly forces. However, what this framework does not consider is the intersection of the human, physical, and informational aspects, or the risks to day-to-day garrison operations from open-source data.

Ultimately, the risks of open-source data are not an individual’s problem, but an Army problem. For example, fake accounts on Facebook for US Army general officers are numerous, and in some cases, fail to violate Facebook’s terms of service and can therefore, remain active. Even LinkedIn is rife with fake profilesattempting to make connections with users in targeted marketing campaigns. Additionally, fake social media accounts managed by Russia have already mobilized the American public in connection with divisive issues, making fake accounts for authoritative figures, like US Army generals, especially concerning. From a national security perspective, open-source data enables foreign manipulation efforts that target the US military and veteran populations through the use of “misleading and divisive questions about the U.S. government’s military and veteran policies to further amplify and exploit the existing frustrations.” The relative ease with which anyone can purchase open-source data means that soldier data is already being used to target service members for products, media, or other services and presently, there is nothing preventing our adversaries from using open-source data to target them as well.

To achieve information advantage, the Army needs to give commanders the tools necessary to assess the operational risks of open-source data, social media, and related information technologies. The Army has longstanding doctrine for assessing operational risks; however, the traditional risk management framework is intentionally broad, leaving commanders without clear guidance or terminology for identifying, assessing, and making risk decisions in the information environment. As the Army develops its information advantage doctrine, it should simultaneously develop a dedicated data risk management framework to enable modern commanders to achieve information advantage. In its current form, information advantage perpetuates an antiquated notion that operating environments are (or can be) geographically bound—as the conflict in Ukraine has highlighted, kinetic actions may be limited to a geographic area, but informational risks are global. A dedicated data risk management framework would be a guide for commanders to continually and methodically assess the evolving information environment, to identify and address conceptual gaps, and to achieve their informational and operational goals. As the information environment emerges as the main effort in competition and conflict, the Army must adapt and provide its commanders with the right concepts, doctrine, and resources to succeed in a world characterized by the ubiquity of open-source data.

Article link: https://mwi.usma.edu/open-source-data-is-everywhere-except-the-armys-concept-of-information-advantage/

Captain Maggie Smith, PhD, is a US Army cyber officer currently assigned to the Army Cyber Institute at the United States Military Academy where she is a scientific researcher, an assistant professor in the Department of Social Sciences, and an affiliated faculty of the Modern War Institute. She is also the coeditor of this series and director of the Competition in Cyberspace Project.

Captain Nick Starck is a US Army cyber officer currently assigned as a research scientist at the Army Cyber Institute. His research focuses on information warfare and data privacy.

The views expressed are those of the authors and do not reflect the official position of the United States Military Academy, Department of the Army, or Department of Defense.

Image credit: Sgt. Dustin D. Biven, US Army

By Colin Demarest Wednesday, May 18

WASHINGTON — Two NATO agencies recently kicked off an artificial intelligence initiative to better understand the technology and its potential warfare applications.

More than 80 AI experts, researchers and academics from the U.S. and other member countries are involved with the venture, known as a strategic “horizon scanning,” put together by the NATO Science and Technology Organization and the NATO Communications and Information Agency.

An inaugural meeting and workshop was held this month in The Hague, Netherlands, where the NCI Agency’s data science and AI facilities are located.

“AI is one of the key emerging and disruptive technologies identified by NATO as vital for the maintenance of its technological edge,” NATO Chief Scientist Bryan Wells said in a statement. “By working together, the STO and the NCI Agency are able to bring together global experts to ensure the very best scientific expertise is available to advise NATO and its allies and partners on the latest scientific trends in this area.”

The NATO guarantee of a collective defense and the advantage of numbers, both on the battlefield and in the lab, has been much discussed amid Russia’s latest invasion of Ukraine and the subsequent membership applications made by Finland and Sweden.

NATO ministers in October adopted the alliance’s first-ever AI strategy, which describes the capability as “changing the global defense and security environment” and offering “an unprecedented opportunity to strengthen our technological edge but will also escalate the speed of the threats we face.”

The strategy emphasizes responsible use of AI for defense across six tenets: lawfulness; responsibility and accountability; explainability and traceability; reliability; governability; and bias mitigation.

AI frameworks and other guidance drafted by the U.S. and its defense community take a similar approach.

NATO allies in 2019 agreed to focus on seven emerging and disruptive technologies, data, computing and AI among them. Making sure there are shared standards, and that systems will work with systems, will be critical to success, officials said.

“One of the big challenges when we go into this new phase of disruptive technologies is how do you keep all allies on the same hymn sheet when it comes down to communicating with each other, using the same technology, being interoperable,” David van Weel, NATO assistant secretary general for emerging security challenges, told Defense News in March 2021. “So that’s a big part [of the strategy] and a big role for NATO to play.”

Article link: https://www.c4isrnet.com/artificial-intelligence/2022/05/18/nato-launches-ai-initiative-to-ensure-tech-advantage/

About Colin Demarest

Colin Demarest is a reporter at C4ISRNET, where he covers military networks, cyber and IT. Colin previously covered the Department of Energy and its NNSA — namely Cold War cleanup and nuclear weapons development — for a daily newspaper in South Carolina. Colin is also an award-winning photographer.

https://www.rand.org/pubs/research_reports/RRA1190-1.html?

Research Questions

1. What responses has the United States considered in the past to cyber compromises of U.S. government systems?
2. Has the United States been able to materially affect adversary behavior through its past responses?
3. How should the United States respond to similar cyber incidents in the future?
4. Should the United States expect those responses to achieve its objectives in the future in light of prior responses?

Cyber-enabled espionage against the United States has been a challenge for more than 20 years and is likely to remain so in the future. In the aftermath of the 2020 SolarWinds cyber incident that affected U.S. government networks, policymakers, lawmakers, and the public asked: “Why does this keep happening, and what can the United States do to prevent it from reoccurring?” It is these questions that motivate this effort. Specifically, this report summarizes three cases of Russian cyber-enabled espionage and two cases of Chinese cyber-enabled espionage dating back to the compromise of multiple government agencies in the late 1990s up to the 2015 compromise of the Office of Personnel Management. The purpose of this inquiry is to address whether U.S. responses have changed over time, whether they led to changes in adversary behavior, and what the United States can learn from these cases to inform future policymaking. The authors show that policymakers typically consider a narrow set of response options, and they often conclude that not much can be done beyond trying to improve network defenses, because the United States “does it too.” The authors suggest that the U.S. government could broaden its policy response options by increasing focus on diplomatic engagement, including working with partners and allies to call out malicious cyber behavior; expanding the use of active defense measures to root out adversaries; and employing more-sophisticated counterintelligence techniques, such as deception, to decrease the benefits that adversaries derive from cyber espionage.

Key Findings

Available response options are not limited to the cyber domain, and no one should expect them to be

• The response options that U.S. policymakers consider for cyber espionage cases do not appear to have changed much over the past two decades — and, in some respects, they may be even more constrained today.

The benefits of cyber-enabled espionage continue to outweigh any perceived repercussions for such countries as Russia and China

• The historical record suggests that the United States has felt constrained in its ability to respond vigorously against Russia or China because of the notion that cyber espionage is a standard and accepted practice by nations.
• The record also suggests that the United States would not want to take steps to constrain its own ability to engage in similar intelligence activities in cyberspace.
• U.S. policymakers have assessed that breaches of confidentiality, although damaging in the long term, did not rise to the same level of acute damage to national security that another, more destructive form of cyber operation might entail.
• The United States has proved especially vulnerable to cyber incidents, and a lack of response appears to have emboldened the Russians and Chinese to continue and expand their cyber espionage activities over the years.
• Improving the U.S. ability to deter by denial — by strengthening the cybersecurity of the U.S. government — remains an elusive but vital priority.

Recommendations

• The United States should pursue expanded diplomatic efforts, including with its partners and allies, to call out indiscriminate cyber espionage and establish guardrails for acceptable cyber espionage.
• The United States should also expand its use of active defense measures on U.S. government networks to hunt for adversary activity and offer similar support to partners and allies.
• The United States should make better use of counterintelligence, particularly deception operations, to reduce the benefits that countries might derive from cyber espionage.
• The role of diplomacy should not be diminished, and more-recent multilateral efforts to call out malicious cyber behavior have the potential to lay a foundation for shaping international norms.

Table of Contents

• Chapter OneIntroduction
• Chapter TwoCyber Espionage, Deterrence, and Response
• Chapter ThreeRussia Case Studies
• Chapter FourChina Case Studies
• Chapter FiveConclusion and Recommendations

Check out this video comparing public vs. private #5G networks. #DOD and National Telecommunications and Information Administration (NTIA) have teamed up to create a video series explaining the telecommunications technologies that impact the #5GChallenge. The United States Department of Defense and NTIA launched the challenge to advance 5G interoperability toward true 5G plug-and-play operation. https://lnkd.in/ggGm_8J8

By VINCENT BERKMAY 23, 2022 09:00 AM ET

Lessons from Germany’s World War II code machine, Enigma, show that even “unbreakable” encryption can be cracked eventually.

The previous two years have proven the importance of proactively working to secure our data, especially as organizations underwent digital transformations and suffered increased cyberattacks as a result. For those organizations that have been breached, but their data hasn’t yet been exploited and released to the wild, it may already be too late. 

Organizations that have already experienced a data breach may become victims of “harvest today, decrypt tomorrow” or capture-now-decrypt-later attacks. These attacks, also referred to as “harvesting” for short, capitalize on known vulnerabilities to steal data that may not even be truly accessible using today’s decryption technologies. 

These attacks require long-term planning and projections on the advancement of quantum-computing technologies. While these technologies may still be years away from being commercially available and widely used, organizations should look to protect against these threats now to prevent themselves from becoming a future casualty.

Before getting into more detail on the future threat posed by quantum computing, we should look to a historic example to inform our present decision-making. 

Lessons from the Enigma

In 1919 a Dutchman invented an encoding machine that was universally adopted by the German army, called “the Enigma.” Unbeknownst to Germany, the Allied powers managed to break the coding scheme, and were able to decode some messages as early as 1939, when the first German boots set foot in Poland. For years, however, the German army believed the Enigma codes were unbreakable and was communicating in confidence, never realizing their messages were out in the open. 

History may already be repeating itself. I can’t help but think that most organizations today also believe that their encrypted data is safe, but someone else may be close to, or already, reading their “secure” mail without them even knowing. 

Today’s modern cryptography is often deemed unbreakable, but a big, shiny black building in Maryland suggests that governments may be better at this than is widely believed. Although a lot of credit goes to the magical and elusive quantum computer, the reality is different: poor implementations of crypto suites are the primary vector for breaking encryption of captured traffic. So are certificates captured through other means, brute-forced passwords and even brute-forced crypto, because insufficient entropy is used to generate random numbers.  

All these techniques are part of the arsenal of any nation who wants to strategically collect information on the happenings of other international players—whether government or private companies. These techniques also require higher levels of coordination and financial backing to be a successful part of an intelligence strategy. As I continue to see, when the value of the captured information is high enough, the investment is worth it.  Consider then the vast data centers being built by many governments: they are full of spinning disks of memory storage just in case current approaches don’t yield access. Data storage has become an investment in the future of intelligence gathering. 

Looking towards the future

Harvesting attacks does not just work as a strategy for quantum computers. We will likely have more powerful processors for brute-forcing in the future.  Additionally, other types of stochastic computation machines, such as spintronics, are showing promise and even the de-quantification of popular algorithms may one day see a binary computer version of Peter Shor’s algorithm. The latter helps us explain how quantum computing may help to make quick work of current encryption techniques. This will allow breaking of Diffie-Hellman key exchanges or RSA on a conventional computer in smaller time frames.

So how do we shield ourselves?  It is hard to imagine armoring oneself against any possible threat to encryption. Just like it is difficult to predict exactly which stocks will do well, and which ones won’t.  There are too many factors and too much chaos. One is left with only the option of diversification: using an out-of-band key distributing strategy that allows multiple paths for key and data to flow, and a range of algorithms and keys to be used. By diversifying our cryptographic approaches we are also able to minimize the damage in case a particular strategy fails us. Monocultures are at risk of pandemics, let’s not fall victim to encryption monoculture as we move into the future.

It is past time to take steps now that will protect organizations from future threats. This includes developing actionable standards. Both federal agencies and the private sector need to embrace quantum-safe encryption. Additionally, they should look to develop next-generation, standards-based systems that will address current encryption method shortcomings and poor key management practices. This will help to ensure not only quantum-safe protection from future threats, but also stronger security from contemporary threats. 

Organizations face a dizzying array of threats and need to constantly remain vigilant to thwart attacks. While looking to protect against current threats is certainly important, organizations should begin projecting future threats, including the threat posed by quantum computing. As technology continues to advance each day, one should remember that past encryption, like the Enigma machine, didn’t remain an enigma for long and was broken in time. The advent of quantum computing may soon make our “unbreakable” codes go the way of the dinosaur. Prepare accordingly.

Article link: https://www.nextgov.com/ideas/2022/05/back-future-protecting-against-quantum-computing/367231/

Some worry that the chatter around these tools is doing the whole field a disservice.

By Melissa Heikkiläarchive page May 23, 2022

Earlier this month, DeepMind presented a new “generalist” AI model called Gato. The model can play the video game Atari, caption images, chat, and stack blocks with a real robot arm, the Alphabet-owned AI lab announced. All in all, Gato can do 604 different tasks. 

But while Gato is undeniably fascinating, in the week since its release some researchers have gotten a bit carried away.

One of DeepMind’s top researchers and a coauthor of the Gato paper, Nando de Freitas, couldn’t contain his excitement. “The game is over!” he tweeted, suggesting that there is now a clear path from Gato to artificial general intelligence, or ‘AGI’, a vague concept of human or superhuman-level AI. The way to build AGI, he claimed, is mostly a question of scale: making models such as Gato bigger and better. 

Unsurprisingly, de Freitas’s announcement triggered breathless press coverage that Deepmind is “on the verge” of human-level artificial intelligence. This is not the first time hype has outstripped reality. Other exciting new AI models, such as OpenAI’s text generator GPT-3 and image generator DALL-E, have generated a similar amount of grand claims. For many in the field, this kind of feverish discourse overshadows other important research areas in AI. 

That’s a shame because Gato is an interesting step in AI. Some models have started to mix different skills, like DALL-E, which generates images from text descriptions. Others use a single training technique to learn to recognise pictures and sentences. And DeepMind’s AlphaZero learned to play Go, chess and shogi. 

But here’s the crucial difference: AlphaZero could only learn one task at a time. After learning to play Go, it had to forget everything before learning to play chess, and so on. It could not learn to play both games at once. This is what Gato does: learns multiple different tasks at the same time, which means it can switch between them without having to forget one skill before learning another. It’s a small step but a significant one.

But Gato performs tasks worse than models that can only do one thing. Robots still need to learn “common sense knowledge” about how the world works from text, says Jacob Andreas, an assistant professor at MIT who specializes in artificial intelligence and natural language and speech processing.   

This could come in handy in robots that could help people around the house, for example. “When you drop [a robot] into a kitchen and ask them to make a cup of tea for the first time, they know what steps are involved in making a cup of tea and in which cabinet tea bags are likely to be located in,” says Andreas. 

Some external researchers were explicitly dismissive of de Freitas’ claim. “This is far from being ‘intelligent’,” says Gary Marcus, an AI researcher who has been critical of deep learning. The hype around Gato demonstrated that the field of AI is blighted by an unhelpful “triumphalist culture,” he says.

He argues that the deep learning models that often generate the most excitement about the potential to reach human-level intelligence make mistakes that “if a human made these errors, you’d be like, something’s wrong with this person,” Marcus says.

“Nature is trying to tell us something here, which is, this doesn’t really work, but the field is so believing its own press clippings, that it just can’t see that,” he adds. 

Even de Freitas’s DeepMind colleagues, Jackie Kay and Scott Reed, who worked with him on Gato, were more circumspect when I asked them directly about his claims. When asked about whether Gato was heading towards AGI, they wouldn’t be drawn. “I don’t actually think it’s really feasible to make predictions with these kinds of things. I try to avoid that. It’s like predicting the stock market,” said Kay.

Reed said the question was a difficult one. “I think most machine learning people will studiously avoid answering. Very hard to predict, but, you know, hopefully we get there someday.”

In a way, the fact that DeepMind called Gato a “generalist” might have made it a victim of the AI sector’s excessive hype around AGI. The AI systems of today are called “narrow” AI, meaning they can only do a specific, restricted set of tasks such as generate text.

Some technologists, including at Deepmind, think that one day humans will develop “broader” AI systems that will be able to function as well or even better than humans. Some call this artificial “general” intelligence. Others say it is like “belief in magic.“ Many top researchers, such as Meta’s chief AI scientist Yann LeCun questionwhether it is even possible at all.

Gato is a “generalist” in the sense that it can do many different things at the same time. But that is a world apart from a “general” AI that can meaningfully adapt to new tasks that are different from what the model was trained on, says MIT’s Andreas. “We’re still quite far from being able to do that.”

Making models bigger will also not address the issue that models don’t have “lifelong learning”, meaning they can be taught things once and they will understand all of the implications and use it to inform all of the other decisions that they are going to make, he says.

The hype around tools like Gato is harmful for the general development of AI, argues Emmanuel Kahembwe, an AI/robotics researcher and part of the Black in AI organization co-founded by Timnit Gebru. “There are many interesting topics that are left to the side, that are underfunded, that deserve more attention, but that’s not what the big tech companies and the bulk of researchers in such tech companies are interested in,” he says.

Tech companies ought to take a step back and take stock of why they are building what they are building, says Vilas Dhar, president of the Patrick J. McGovern Foundation, a charity that funds AI projects “for good.” 

“AGI speaks to something deeply human—the idea that we can become more than we are, by building tools that propel us to greatness,” he says. “And that’s really nice, except it also is a way to distract us from the fact that we have real problems that face us today that we should be trying to address using AI.”

Article link: https://www.technologyreview.com/2022/05/23/1052627/deepmind-gato-ai-model-hype/