Applications of Artificial Intelligence (AI) for Protecting Software Supply Chains (SSCs) in the Defense Industrial Base (DIB)

The application of artificial intelligence (AI) to software supply chains (SSCs) within the defense industrial base (DIB) holds promise to improve cybersecurity posture, ensure stricter compliance with National Institute of Standards and Technology (NIST) controls, and increase user confidence in software built in part upon modules and libraries from outside repositories. AI can provide analysts with suggested frequencies for (re)scanning, supplement threat assessments of infrastructure, automate threat intelligence processing, and expedite cybersecurity risk management. Moreover, the security of SSCs in the DIB can benefit from similar uses of AI as a recommendation engine for communicating the probability of compromise. For U.S. Department of Defense cybersecurity analysts, AI-driven automation can provide insight into how closely software capabilities deployed on military and government networks adhere to NIST compliance standards. The ability to reflect the most up-to-date set of vulnerabilities within a system security plan could significantly improve upon the existing practice of relying on manual internal scanning. AI can enable human-in-the-loop workflows to optimize the integration of processed threat intelligence and better identify vulnerabilities per software and/or operating system. This report presents and discusses how AI can protect SSCs purpose-built for the DIB ecosystem.