This design sprint boasted nearly 40 participants from a diverse group of military units, professions, and 12 different industries.
Its inception began in January 2018, at Scott AFB. From an initial conversation, 6 use cases were developed to illustrate a range of realistic Risk Management situations. Design sprint teams were formed around the use cases and each team focused on re-designing a risk management approach tailored to their use case.
Solutions were narrowed down to two themes:
- Automatic Testing: Create a trusted build environment with an automatic AI-driven process for cybersecurity certification. This tool will automatically certify software as code is being written to allow for rapid granting of approvals to operate.
- Process Simplification: Develop a new RMF process that improves risk management for decision-makers, transparency for stakeholders and users, and trust for all users.
- Risk Management can be improved by shifting from controls engineering to security capability engineering, establishing a collaborative cyber threat database that includes intel in the risk analysis and operational mission owners in the process.
- Transparency can be improved by fielding a business process automation tool that tracks the RMF process.
- Trust can be improved by carrying out the former two solutions and by enforcing accountability, thereby allowing for larger degrees of delegation.