Over the last two years, the Department of Defense's Cyber Crime Center Vulnerability Disclosure Program, or VDP, has grown substantially, both in size and in public recognition. For its efforts throughout the 2022 Defense Industrial Base-VDP Pilot, the program earned a Cyber and IT Excellence Teams Award from the Office of the Department of Defense Chief Information Officer.
The overwhelming success of the pilot produced a scalability challenge. Increased demand for the program's services necessitated an uptick in workforce requirements. Identifying publicly accessible assets to automate these processes, while useful, is time-consuming and labor-intensive.
Luckily, through the National Security Innovation Network Capstone program, VDP Director Melissa Vice was able to enlist the help of Brian Ngac, Dean's Teaching Fellow at George Mason University Information Systems and Operations Management. Along with his team of four stellar GMU students, the group analyzed top lessons learned from the pilot to address scalability for the size and needs of the Defense Industrial Base.
The National Security Innovation Network is a government program office within the Office of the Secretary of Defense for Research and Engineering that collaborates with major universities and the venture community to develop solutions that drive national security innovation.
Through the network's Capstone program, student technologists and entrepreneurs serve our country by providing solutions to the Department while solving real-world national security challenges through existing university Capstone courses. Together, these portfolios form a pipeline of activities and solutions that accelerate the pace of defense innovation.
The network's federally funded program provides government agencies with the opportunity to compete for either talent or technology-based services by nominating problem sets. The organization seeks "to build a more agile and adaptive resource to meet the unpredictable threats of the future" by cultivating partnerships between and among defense, academia, and venture communities.
"The Capstone project is a win-win for federal agencies and university students alike. Students gain valuable insight by working with professional organizations on real-world problem sets, and organizations like VDP are able to leverage motivated minds primed by the academic environment to take on the rigorous research necessary to answer challenging questions," said VDP Director Melissa Vice.
Introducing outsiders' perspectives on organizational processes, such as the DOD Cyber Crime Center's onboarding procedures, often leads to creative ideas that challenge established norms.
In this case, George Mason University students considered the center's VDP labor-intensive challenges, reviewed current processes, and looked for ways automation via artificial intelligence could reduce the resources required while facilitating smoother client acquisition and communication. The resulting recommendations included creating an onboarding cloud-based portal where Defense Industrial Base companies are guided with chat-bot assistance while onboarding its Vulnerability Disclosure Program.
At the end of eight weeks, recommended changes boosted scalability from 50 Defense Industrial Base companies up to 1,000, while decreasing labor hours by 50 to 89 percent, and lowering processing time-per-company onboarded from eight hours to only one–all for the same budget.
The well-researched recommended solutions included cybersecurity triad methodology and FedRAMP-approved products. Programs such as Capstone demonstrate the value academia can offer federal organizations, even when limited to the unclassified environment.
