Aiding Air Combat Command (ACC) in blocking information flow from compromised sources and sorting intelligence, surveillance, and reconnaissance (ISR) information to benefit analysts are two prime use cases for artificial intelligence/machine learning (AI/ML), the commander of U.S. 16th Air Force at Joint Base San Antonio, Texas said on Nov. 13.
“My opinion is there are two place we’ll see it [AI/ML] first and a third where I think there’s opportunity,” Air Force Lt. Gen. Kevin Kennedy, the head of 16th Air Force, told a Mitchell Institute for Aerospace Studies’ virtual forum on Nov. 13. “The first is ‘Zero Trust,’ having a level of autonomy and leveraging AI to understand–‘Ok, these behaviors are different’–stopping networks/stopping information from flowing at this level in certain types of situations, but I think it’s lower impact and less risk of putting AI [there] than in a targeting solution. I think that’s where we’re gonna see more artificial intelligence–on the defensive side of our networks. We’re engaging with Air Combat Command and the [Air Force] CIO [chief information officer, Venice Goodwine], as we think through this.”
16th Air Force, the Air Force’s information warfare component, is under ACC and also collaborates with the National Security Agency and U.S. Cyber Command at Fort Meade, Md., and the DoD office of the undersecretary for intelligence and security.
The second priority use case for AI/ML is sorting through ISR to highlight significant data for analysts, Kennedy said. AI can aid in “triaging” terrestrial, air, and space sensor data to “highlight–‘Ok. This is outside of baseline’–and using AI to highlight that to our analysts who are then ‘on the loop’ to help in the processing,” he said. “I think it’ll be fairly down the road before targeting decisions are made through this type of activity.”
In addition, the Air Force may use AI/ML in the future to develop offensive cyber designs so that the Air Force is “not as reliant for C2 [command and control] at distance,” while using personnel as C2 overseers, Kennedy said. “We have to think about command and control, the rules of engagement, and how we do that in a combat environment, how we ensure compliance with the rules of war. LOAC [law of armed conflict] still applies in cyber so we’ve gotta make sure that we’re doing that in a way that is legal and aligned with our values.”
Since 2020, ACC’s Directorate of Cyberspace and Information Dominance (A6) has taken the lead on Zero Trust Architecture to use Identity Credential Access Management (ICAM) and Common Access Card (CAC) credentials to help identify those trying to access Air Force information systems, which systems, and the source point of the access (Defense Daily, July 16, 2020).
On Nov. 13, Kennedy also discussed Russia’s use of cyber warfare in its assault on Ukraine, including a hack of Viasat [VSAT] systems on Feb. 24 last year just before Russia’s invasion. In that cyber attack, Russia used AcidRain malware to disable Viasat modems and routers, operated by Ukrainian military forces and civilians and commercial concerns throughout Europe, including wind farms.
“Russia was fairly indiscriminate,” Kennedy said. “If you think about the Viasat hack that they did that took down 40,000 terminals across Europe, it had a pretty significant impact to economics, but they were fairly careless on how they would have executed that operation–accepting a lot of collateral effects that did not meet the same level of precision that we would want to use to create an effect that would have a battlefield outcome.”
Kennedy served as the J-3–director of operations–at U.S. Cyber Command at Fort Meade, Md., from July 2020 until July last year.