An official website of the United States government
Here's how you know
A .mil website belongs to an official U.S. Department of Defense organization in the United States.
A lock (lock ) or https:// means you’ve safely connected to the .mil website. Share sensitive information only on official, secure websites.

DTRA News

News | Feb. 18, 2021

DTRA Cyber Security Project Using AI and ML to Save Time, Protect Data

By Daniel Gaffney Defense Threat Reduction Agency

FORT BELVOIR, Va. – The Cybersecurity experts at the Defense Threat Reduction Agency (DTRA) are on the cusp of implementing a new system, called Bird Dog, that has the potential to greatly enhance the cybersecurity defenses of not just the agency, but DoD community as a whole.

“We generate about 3.5 terabytes of data every day; that’s 3.5 million gigabytes, or approximately 250 million pages of data, every single day,” said Jason Phillips, chief of DTRA’s cybersecurity department. “It is a daunting task trying to figure out what data requires immediate attention in order to determine whether a compromise has occurred. Without a significant infusion of resources (money and qualified subject matter experts), we simply can’t look at everything. We need to prioritize our limited resources to focus our efforts and attention on the events that really need to be inspected or analyzed.” Using artificial intelligence (AI) and machine learning (ML), Bird Dog might be able to do the most time-consuming part of a cyber-investigation in the blink of an eye.

DTRA is one of about two dozen Cyber Security Service Providers (CSSP) across the DoD. That means the agency provides its own multi-layered cyber defense, and is certified and accredited to protect its portion of the DoD network, other 4th Estate components, and cleared defense contractors that require access to DoD Networks. The current practice is to use a layered defense that filters out most of the cyber events that don’t require a human analyst to investigate. However, the human analysts still have a mountain of data to look at as they monitor our networks.

“It’s like panning for gold – once we can move the big rocks out of the way, we can start sifting the dust,” said Phillips. “But out of about 1.5 million events generated every day, we still have 20-30 thousand events that we actually need to investigate, which requires a human analyst to review and determine what has or is occurring. To do this, analysts follow a systematic approach of identifying the who, what, and when of a cyber-event by performing queries. These queries can range from 50 – 150 questions depending on the specific event being investigated, and the ensuing results can cause things to get very complicated very quickly.”

The Bird Dog system, which DTRA is now working with the DoD’s Joint Artificial Intelligence Center (JAIC) to bring online, should be able to start the investigation before the events are sent to the analysts. Using AI and ML to train our systems what to look for, what to ignore, what connections to make and when to ask more questions, Bird Dog could turn what would normally take about three hours of human analyst work and get the answers in less than a minute.

“This problem isn’t unique to DTRA,” said Chris Paulson, DTRA’s CSSP team lead. “It’s the same problem not just in the DoD, or the U.S. government, but even across the private sector – how much can we afford, and what level of protection is reasonable?” But Bird Dog isn’t meant to save money or replace human analysts – it makes them more efficient. “From the technical standpoint, we’re maximizing the ROI (return on investment) of our human analysts… they’ll spend much less time trying to figure out IF there is a problem that needs to be investigated (and then fixed, blocked, contained, or shared with other networks), and more time investigating events that may not have been previously seen. ”

While the Bird Dog idea was first discussed several years ago, the DTRA IT team started the in-house work back in 2019, and joined up with the JAIC in the fall of 2019. The incredibly difficult task of getting a machine to not only think for itself – artificial intelligence – but to LEARN how to think for itself – machine learning – was slowed down a bit by COVID, but the team is close and eager to begin its initial piloting of the hardware and software. Similar to driving a future car prototype for the very first time, the team has both great, and realistic, expectations and knows a lot of work remain ahead.

“I’m extremely proud of this team and their foresight into solving a big data problem,” said DTRA’s chief of IT, Mario Vizcarra. “Physical attacks on DoD assets or military bases are relatively uncommon, but cyber-incidents happen around the clock. In 2020 we saw just how damaging a cyber-attack or infiltration can be, and why we need something like Bird Dog to augment the existing protections for our networks and information. We are far from declaring success, but working closely with DoD’s JAIC, we were able to rapidly transform ideas and creativity to an actual AI solution for an important cyber security issue that looks very promising for DTRA and DoD.”

“If Bird Dog can learn what it needs to do (and do it accurately), it might be able to do part of an investigation thousands of times faster than we can,” said Phillips. “But we have to teach it first.”

The Defense Threat Reduction Agency enables the Department of Defense, the United States Government and International partners to counter and deter weapons of mass destruction and improvised threat networks.

ABOUT DTRA

DTRA provides cross-cutting solutions to enable the Department of Defense, the United States Government, and international partners to deter strategic attack against the United States and its allies; prevent, reduce, and counter WMD and emerging threats; and prevail against WMD-armed adversaries in crisis and conflict.  

DTRA logo

CONNECT WITH US

Facebook Twitter YouTube LinkedIn DTRA Webmail

8725 John J. Kingman Rd., Fort Belvoir, Va. 22060-6221

Welcome to the Defense Threat Reduction Agency’s website. If you are looking for the official source of information about the DoD Web Policy, please visit https://dodcio.defense.gov/DoD-Web-Policy/. The Defense Threat Reduction Agency is pleased to participate in this open forum in order to increase government transparency, promote public participation, and encourage collaboration. Please note that the Defense Threat Reduction Agency does not endorse the comments or opinions provided by visitors to this site. The protection, control, and legal aspects of any information that you provided to establish your account or information that you may choose to share here is governed by the terms of service or use between you and the website. Visit the Defense Threat Reduction Agency contact page at Contact Us for information on how to send official correspondence.