Peraton Cyber President Tom Afferton on AI-Driven Defense & the Future of Cyber Ops

Tom Afferton, president of Peraton’s cyber mission sector, continues to lead the company’s charge to secure the nation’s digital frontlines through applied innovation and mission-driven technology.

When ExecutiveBiz last spoke with Afferton in late 2024, he discussed Peraton’s growing use of automation and AI to help analysts process vast amounts of data and tailor cybersecurity solutions to specific mission needs. One year later, the conversation has evolved from AI-assisted analysis to AI-enabled operations, as Afferton and his team focus on bringing intelligent autonomy and real-time decision support to the front lines of cyber and information warfare.

In his latest Spotlight interview, Afferton examines the mounting risks of nation-state infiltration across critical infrastructure, the government’s push to make “secure by design” an operational reality and how Peraton is advancing military cyber modernization through initiatives like the Golden Dome for America. He also discusses the company’s IRIS platform, which is transforming counter-influence and information operations through agentic AI capabilities.

ExecutiveBiz: What do you think is the biggest threat facing U.S. cyber systems today, and what can be done to protect against that threat?

Tom Afferton: Certainly, one of the most critical threats today is the compromise of critical infrastructure systems by national state adversaries. Numerous public domain advisories have indicated the prepositioning of nation state actors in critical infrastructure with apparent intent to disrupt and damage the systems, potentially in coordination with a conflict. Critical infrastructure providers often have limited resources skilled in cybersecurity and are balancing priorities between security, safety and daily operations.

Peraton is focused on making it easier for government agencies, like CISA, to assist in identifying and mitigating threats to critical infrastructure. Peraton applies edge processing technologies, combined with agentic AI analysis automation capabilities, to create software-defined tools that can readily be deployed into critical infrastructure. This capability is used for threat detection, leveraging indicators of compromise—a.k.a. IoCs—and known cyber signatures to triage, classify and remediate cyber intrusion attempts in near real-time. These capabilities do more than just alert teams with agents autonomously analyzing network anomalies and executing countermeasures, such as isolating compromised segments or deploying decoys, while continuously learning to enhance defenses in real-time.

EBiz: With CISA’s approach to “secure by design” now a federal priority, what should the government be doing to strengthen critical infrastructure and how can industry help?

Afferton: To harden critical infrastructure, government must make proactive analysis of end-of-life, or EOL, and end-of-service, or EOS, devices a standard security practice. Many edge appliances in the field (routers, VPNs, firewalls) are at or near their end of life yet remain mission critical. CISA’s Secure by Design principles already emphasize transparency and patch-ability, but the next step is ensuring analysts can safely emulate and test retired systems before adversaries exploit them. Regular red-team exercises on physical and virtualized EOL builds can expose vulnerabilities early and allow threat hunters to generate defensive signatures faster (avoiding recent incidents like Ivanti and Cisco).

Second, lawmakers need to codify cooperation beyond disclosure. Current frameworks, like CIRCIA and the FAR Cyber Incident Reporting proposal, focus on reporting breaches. We need legislation that requires timely vendor assistance when government systems are compromised, mandating access to firmware, virtual equivalents, logs and software bills of materials under secure legal frameworks. If a firewall or router at a federal agency is breached, responders shouldn’t have to wait weeks for vendor decryption or image access. Expanding mechanisms, like DFARS 252.204-7012, to all critical infrastructure suppliers would make this cooperation automatic, not optional. 

Systems integrators, like Peraton, could make this vision operational by partnering with government to establish contractual frameworks that allow lab testing of critical infrastructure devices for real-time analysis while protecting OEM intellectual property.  Trusted environments can be used for exploit reproduction, reverse engineering and detection engineering directly tied to government advisories. This kind of sustained, cross-vendor collaboration shortens dwell time, accelerates patch validation and turns “secure by design” from a slogan into an active defense ecosystem that evolves as fast as the threats we face.

EBiz: What unique cyber challenges have you observed with military operations and what should we anticipate from the future?

Afferton: This is a dynamic mission space that’s only going to expand. Multidomain operations will increase as a growing focus for the government. The need for supporting cyber capabilities that transform from exquisite to scalable, diverse and resilient will also remain a priority. Infrastructure, operator skill sets (offensive and defensive), processes and policies will all need to evolve rapidly to outpace adversaries.

Peraton is at the forefront of transforming military cyber operations, supporting customers including the U.S. Army, Air Force, and Cyber Command. Our work spans defensive cyber operations across multiple contracts providing operations, management, and defense of the DOD Information Network, ensuring the availability, integrity and confidentiality of the information used in planning, coordinating, directing, controlling and sustaining military forces.

We also support full-spectrum cyber operations from planning to the development of next-generation cyber infrastructure and advanced non-kinetic effectors. Our mission contributions are about to expand, as Peraton was recently awarded an other transaction authority prototype contract by the U.S. Air Force Life Cycle Management Center to advance cyber infrastructure enabling critical Air Force and joint cyber operations.

The Golden Dome for America initiative has potential to drive significant advancements in military cyber operations and Peraton is ready to support the government once again. While most of the conversation revolves around “right of launch” kinetic capabilities, such as space-based interceptors, military cyber operations will play a very important role in the “left of launch” defense of our homeland. The U.S. government will benefit from partners who possess mature capabilities and a proven ability to integrate systems of systems to meet the aggressive GDA timelines, and Peraton is excited about the opportunity to contribute our cyber capabilities to that important national security effort.

EBiz: What’s a federal cyber vulnerability that is under-discussed and needs more attention from industry partners and integrators?

Afferton: I want to expand beyond cyber vulnerabilities and highlight a critical threat in the broader information warfare space that demands urgent attention: foreign influence campaigns undermining the United States’ global interests. Adversaries are exploiting digital platforms to wage industrial-scale influence campaigns in regions vital to U.S. priorities, often outspending the U.S. by margins as high as 60 to 1. Without deliberate, timely counter-messaging, these adversaries’ narratives dominate and leave U.S. forces decisively outgunned in the information war — a vulnerability that is as dangerous as any cyber-related breach.

Peraton has directly tackled this challenge by developing an Interactive Real-Time Information System, known as IRIS. Equipped with AI/ML and co-developed by information operation experts and data engineering teams at Peraton Labs, IRIS bridges the gap between overwhelming adversary influence tactics and decisive U.S. action. Leveraging expertise from intelligence, cyber, public affairs and information operations veterans, coupled with vast amounts of cutting-edge data, IRIS transforms analog workflows into secure, mission-critical capabilities that reclaim U.S. dominance in the information environment.

IRIS has demonstrated exceptional impact during operational deployments: enabling decision-making 10 times faster, cutting planning cycles by 60 percent, and reducing human labor on reporting workflows by up to 90 percent. These gains empower teams to act in seconds, outpacing adversaries and shifting from defense to offense in the information domain.

To protect U.S. interests, industry must step beyond defensive postures and actively support government customers with game-changing technology to maintain successful, offensive momentum in the information warfare space.