The 2023 NDAA reflects DOD’s maturation in unleashing AI, experts say

The annual defense policy bill for fiscal 2023, agreed upon in Congress and released late Tuesday, includes multiple provisions that will shape how the Pentagon and other federal agencies govern, organize and deploy artificial intelligence capabilities in the near term.

Authorizing almost $858 billion in spending, the latest National Defense Authorization Act spans 4,408 pages and, in a keyword search, makes at least 135 explicit references to AI. Experts say, broadly, those inclusions reflect the government’s position in a complex, still-unfolding scheme to responsibly and quickly adopt and operationalize the technology.

“Looking through the legislation, I read many times ‘accelerate the adoption,’” Alexandra Seymour, a former Defense Department official now serving as an associate fellow for the Center for New American Security’s Technology and National Security Program, told DefenseScoop. In her view, NDAAs of the recent past largely focused on and included “a lot more about the ethical considerations, the workforce challenges, some of the just broader structuring and how the U.S. government should approach artificial intelligence across the board.” 

But Seymour said this 2023 bill seems to place a sharper concentration on “bringing things together and focusing on how we can actually start using the technology that we’ve invested in.”

The policy bill includes, for instance, a new requirement that mandates the defense secretary to establish repositories containing DOD datasets “relevant to the development of [AI] and technology.” 

Further, the department must also enable “appropriate public and private sector organizations to access such data repositories for the purpose of developing improved [AI] and machine learning software capabilities that may, as determined appropriate by the secretary, be procured by the department to satisfy” its needs and technology development goals, according to the bill. The secretary of defense is directed in that section to brief congressional defense committees on the types of information determined feasible for those repositories — and progress that’s made in this overarching effort — by next July.

That inclusion addresses a major challenge companies, and particularly smaller startups, are presently confronting, Seymour said.

“When they don’t have relevant datasets, it makes it very difficult to be able to train your models in a way to show that they would have the best model suited for the use case, as well,” she explained. “And so, creating this type of data repository that the private sector would also have access to would I think enhance the coordination and be able to elevate some more of those really promising capabilities and to make sure that their adoption is accelerated because they’re finally being trained in a way.”

This legislation also proposes a number of new activities to strengthen the nation’s cyber defenses involving AI — notably using it to boost defenses, as well as exploring how to deter adversaries’ applications of the evolving tech.

“You can see that it is being approached in, kind of, two different ways. One, is it’s making sure that we can use AI to protect cyber networks — but then also making sure that we’re protecting the AI itself, too,” Seymour noted. 

She pointed to section 1554, which directs the U.S. Cyber Command director, DOD chief information officer, undersecretary for research and engineering, heads of the Defense Advanced Research Projects Agency and National Security Agency, and the department’s Chief Digital and AI Officer to work with the Defense Intelligence Agency director to produce a comprehensive assessment of “the threat posed by adversaries’ use of artificial intelligence to the cyberspace operations and the security of the networks and [AI] systems of the department in the next five years, including a net technical assessment of [U.S] and adversary activities to apply [AI] to cyberspace operations, and actions planned to address that threat.” 

That section also requires most of those DOD components to collaboratively “develop a five-year roadmap and implementation plan for rapidly adopting and acquiring [AI] systems, applications, and supporting data and data management processes for the Cyberspace Operations Forces of the” DOD.

Greg Allen, director of the AI Governance Project at the Center for Strategic and International Studies, told DefenseScoop that “it was back in October 2016 that Adm. Michael Rogers, then the head of the NSA and [Cyber Command], said ‘[AI] and machine learning — I would argue — is foundational to the future of cybersecurity […] We have got to work our way through how we’re going to deal with this.’” 

Allen added: “Congress has been hearing about the implications of AI for cybersecurity for a while now, and this directive is Congress telling DOD ‘don’t tell me that it’s going to happen. Tell me how you’re going to make it happen.’”

The DOD has been making gradual strides in introducing AI capabilities across its organization since its Joint Artificial Intelligence Center (JAIC) started to come together around late 2017. In early 2022, the JAIC was among multiple organizations absorbed into the Pentagon’s new Chief Digital and Artificial Intelligence Office (CDAO).

Allen — previously the director of strategy and policy at the JAIC — said, to him, “this legislation shows that Congress is on board with the DOD’s establishment of the Office of the Chief Digital and Artificial Intelligence Officer.”

“In multiple program authorizations and Congressional taskings, organizations across DOD are being directed to coordinate with and support the CDAO,” Allen said. “It’s fair to say that Congress wants to see the CDAO succeed.”

“It’s been a couple of years now that the department has been serious on [AI],” Seymour also noted. “We just saw the restructuring and the creation of the CDAO, trying to streamline efforts.”

“So, aside from just a general pivoting to wanting to adopt emerging technologies — I think that AI has been at the forefront for the DOD, and I think it has come a long way in the past couple of years,” she added. “And I think that these are big steps too, to operationalizing some of the investments that we’ve made.”

The AI experts who briefed DefenseScoop on the legislation also noted how several provisions in the NDAA will guide not only how the Pentagon applies AI capabilities in this decade — but for other agencies as well.

Section 7224, Allen pointed out, mandates the Office of Management and Budget to issue new policies and procedures for how AI can be better bought and protected across the entire government. 

“The requirement goes beyond DOD — [and] I think that’s the point,” he noted. “There’s been a great deal of work around AI ethics and AI policy in the DOD, and Congress would like to see other federal agencies, such as the Department of Homeland Security, do the same.”

Section 7225 requires OMB to also create, maintain, and share AI inventories for federal agencies. Allen said this move expands a prior NDAA requirement for a DOD AI inventory to more agencies across the government. 

“Clearly Congress has found it useful to have a list of DOD AI initiatives and now they want the same thing for other federal agencies. Helpfully, this requirement is centered around ‘use cases’ rather than ‘projects,’ which will give more flexibility to government organizations in determining what is significant enough to merit inclusion in the inventory,” he said.

Emelia Probasco researches military applications of AI as a senior fellow at Georgetown’s Center for Security and Emerging Technology (CSET), and previously served as a Surface Warfare Officer in the U.S. Navy, deploying twice to the Indo-Pacific. 

“Where I think you see a lot of institutions right now is they declared high-level principles, which are good, and it’s great that we have listed these out and made clear values. But we’re at that point where you have to translate those principles into actionable steps that folks in the acquisition community or in training, or in operational development can start to implement them,” Probasco told DefenseScoop.

The Pentagon over the last year has released specific guidance on responsibly applying AI — but, Probasco added, now “everybody’s trying to get to that next level of specificity that allows for the entirety of the bureaucracy to implement those principles.”

In their separate conversations with DefenseScoop, the experts also noted how significant fiscal investments in this annual defense bill reflect where the DOD is functioning in its journey towards fully realizing AI capabilities in the back office and on the battlefield.

The legislation authorizes an additional $50 million to develop AI systems at Cyber Command, and an increase of $75 million for the Defense Advanced Research Projects Agency to execute certain recommendations of the National Security Commission on AI. 

Seymour noted that she “almost immediately recognized” a trend reading through the NDAA’s proposed funding amounts associated with AI. 

“You could see that with the Army specifically — there was a little bit less for just basic research than on applied research,” she said. “And I think that that just speaks to where we are with the technology to where there’s this increased emphasis where we spent a lot of money on research and development efforts. Those aren’t going to go away, but there is a desire now to actually make sure that we’re adopting that technology.”