“Technology Watch List” reveals the Pentagon's vision for the future digital battlefield

WASHINGTON – Lt. Gen. Robert Skinner stood outside the theater awaiting his signal.

When she arrived, the USAF officer and director of the Defense Information Systems Agency grabbed the microphone, pressed it to his mouth and walked into the spotlight at AFCEA TechNet Cyber, a defense conference in Baltimore, Maryland.

As he walked forward, a strange sound came over the sound system. It sounded like Skinner, who leads thousands of military and civilian workers in the Pentagon's de facto IT authority. But the rhythm was weird and the tone was off.

As those who were sitting close enough to the stage in May noticed, his mouth wasn't moving much.

Skinner would later reveal that the first 45 seconds of his keynote were machine-generated audio—the product of 30 minutes of training and free tools for sound reproduction and smart event production.

“I'm definitely not good at lip syncing, but think about it,” Skinner said. “Generative AI is perhaps one of the most disruptive technologies and initiatives in a very long time.”

This move sparked laughter and applause from the audience, but it also had serious implications for national security.

Related

Those who harness AI “and can understand how to best benefit from it, but also how to best protect against it, will be the ones who stand high,” Skinner said at the time. For its part, the Pentagon is seeking $1.8 billion for artificial intelligence efforts in its latest budget blueprint, as it competes with global powers, such as China, for supremacy.

Generative AI, specifically, captured the world's attention in November, when OpenAI introduced ChatGPT. Trained on a vast array of data, including web pages and books, the program can carry out human-like conversations and produce computer code with little prompting.

Its direct impact and potential survivability have also caught the attention of DISA. It quickly landed on the agency's so-called technology watch list, a catalog of the latest technologies. It is updated every six months or so and provides a look at the Department of Defense's technological endeavors.

Segmented list

DISA's latest watchlist includes more than two dozen areas of focus divided into five lines of effort, or LOE. They are further divided by their mass adoption or popularity, which is defined as observation, plan, prototype, or deployment. Topics of interest include:

• Generative artificial intelligence
• Quantum-resistant encryption
• Edge computing
• Self-penetration test
• Tagging data
• Big data analytics and visualization
• Infrastructure as code
• Telepresence
• Zero Trust Thunderdome
• Connecting to the 5G network

The list helps visualize “all the technology areas that DISA will look at over the next 12 months, or even several years,” said Bill Grenzer, technical director in DISA's Emerging Technology Directorate.

“If you start from the outer ring there, the screen ring, these technologies are completely new to us. They will likely be several years away before they are deployed,” Grenzer said at the conference where Skinner spoke. “The state we are in is that we are trying to wrap our heads around technology and we get a better understanding of the state of the industry.

“When you start moving toward the center, we feel more comfortable with the technology and the state of maturity.”

Generative AI is a new addition for FY2023 and appears in the LOE 5 planning loop in the DISA graphic. Others, such as Quantum Resistant Cryptography and Thunderdome Zero Trust, have received updates and remain in the prototype layer.

Quantum-resistant encryption aims to protect sensitive information from prying eyes and code-breaking attempts. Military data is currently guarded by a set of complex algorithms, but sufficiently mature quantum computing capabilities powered by subatomic particles could crack them open and reveal pearls of vulnerable data.

“If you're not watching what's happening in the world of quantum computing, it's going to be pretty fascinating,” said Stephen Wallace, chief technology officer at DISA. “A few of us had the opportunity a few weeks ago to go to New York and see some quantum computing in action. It was very impressive.”

In a similar vein, Thunderdome's approach to zero trust cybersecurity — where users, devices, and need for access are constantly scanned — is designed to ensure hackers have only broad access. DISA in January 2022 awarded Booz Allen Hamilton a $6.8 million contract to develop a Thunderdome prototype.

The Department of Defense and its suppliers are under constant threat from digital attacks or foreign influence. Since 2015, the department has seen more than 12,000 cyber incidents, with an annual total decline since 2017, according to a study by the Government Accountability Office.

Skinner said last March that Congressional hackers backed by China, Russia and other US adversaries were exerting “very high” levels of effort to infiltrate, monitor and escape with technical plans and intelligence closely held by defense companies.

Self-penetration testing, or pen testing — another item on DISA's technology watch list — aims to identify these vulnerabilities more effectively.

“What we're looking at here in this space is trying to automate a lot of the functions that a team of pen testers would do for us within the agency,” said Eric Mellot, chief technical strategist at the Emerging Technology Directorate. “These resources are becoming more and more limited, so to speak, where you can have a team of highly skilled pen testers.”

Inducing and urging virtual defenses is critical to understanding vulnerabilities and supporting vulnerabilities. Regular testing is key, according to Melott, as is thinking “like a hacker.” AI can be trained to do this, and it can fill the gap in human effort or interest.

Apply updates

DISA's Emerging Technology Watchlist has evolved over time—in content, purpose, and appearance. What was once used primarily to communicate concerns with industry is now also used to communicate needs to a broader audience within and outside the agency.

“It's changed a little bit,” Wallace said. This year, it received “a bit of a facelift visually.”

Several technologies have successfully moved through the scheme, taking it from observation to widespread deployment. They include cloud-based internet isolation, or CBII, and identity, credential and access management, also known as ICAM.

The former also isolates networks from intrusion by hosting web browsing in an isolated cloud environment, thus moving traffic away from the user's device. Officials in 2020 told C4ISRNET that the program is especially important given the spread of remote work associated with the coronavirus pandemic.

Related

The latter is a way to customize the information available to a person while also monitoring who is connected. Maj. Gen. Jeth Rai, director of the Army's cross-functional network team, likened it to a banking app.

“You're securing the connection to the data environment. It identifies you through your eyes, your biometrics, and then allows you to access the data that your credentials will allow,” he said in a 2022 interview. It can't go well. “It's your quarantine.”

The Pentagon published its ICAM strategy in 2020, in which the department acknowledged its failures to “maximize the strategic, operational, and tactical benefits of information sharing.” Leaders have since said that ICAM is central to joint command and control across all domains, an ambitious vision for seamless connectivity across land, air, sea, space and cyberspace.

Overall, the technology watchlist has proven to be “very useful for us, in terms of how we want to focus on technology and how we want to ultimately deliver it,” Wallace told C4ISRNET. “This has helped a lot with our thinking within the agency.”