Development, Security, and Operations (DevSecOps) concepts are critical to adopting technologies like artificial intelligence (AI) and machine learning (ML), and building a DevSecOps culture will help ensure AI architectures are secure and national security maintained, military tech leaders said today.
That was the message from Col. Sang Han, Chief of Infrastructure and Platform at the Department of Defense’s (DoD) Joint AI Center (JAIC), and Edmond Kugo, Lead Systems Engineer for DevSecOps at the Naval Information Warfare Center, at GovernmentCIO’s Disruptive DevSecOps virtual event.
“I think being able to replicate infrastructure quickly and securely, that is easily repeatable, is what we have to get right,” said Han when asked what DoD needs to get right about infrastructure.
“Just like any scientific research study, we want to be able to reproduce those conditions of an environment that AI developers can easily develop capabilities with a common set of tools and infrastructure so that developers and users will have the confidence that the capability will work, either new development or production,” he said.
According to Han, establishing a DevSecOps culture will not only help developers and cyber professionals, but aid the warfighter as well.
“I see the DevSecOps culture building the synergies among developers, cybersecurity professionals, and the operation maintainers to really kind of work together to quickly provide a capability the warfighters can trust and use,” said Han. “The culture will require people to understand the new processes and policies to enable the rapid delivery of these capabilities leveraging DevSecOps,” he added.
Kugo said it’s important to find a middle ground between industry products and government needs, and that constraints on infrastructure also lead to bandwidth constraints.
“We need to ensure that from an infrastructure perspective, infrastructure is available right as the mission needs it, and the colonel mentioned earlier, we want to be able to replicate our infrastructure using different technologies or tool sets,” said Kugo.
“I’m encouraging the industry and the product vendors to actually download [checklists] from the design on the cybersecurity side, and before they sell this product to the government, make sure that these products or these documents are part of the procurement process so then when we get these products, those least are up to date at the moment they’re produced,” he said. “We’ll save the government critical time.”