The country’s intelligence agencies need to enhance their cybersecurity as well as their oversight of artificial intelligence tools, according to an inspector general’s report.
The semiannual report from the Office of the Inspector General of the Intelligence Community (ICIG) has as its No. 1 recommendation that the Office of the Director of National Intelligence (ODNI) must focus on “improving the efficiency and effectiveness” of its “cyber posture, modern data management and IT infrastructure.” A key element of the report’s recommendation is for the intelligence community to improve security to guard against insider threats.
Additionally, improving oversight of AI tools will require changes to IT management and governance, as well as training and collaboration among the 17 agencies that make up the intelligence community, the report says.
The report covers the period from April to September 2019 and uses metrics developed by the Office of Management and Budget, the Department of Homeland Security, and the Council of the Inspectors General on Integrity and Efficiency.
Intelligence Agencies Need to Prevent Security Breaches from Insiders
The intelligence community has identified cybersecurity as one of its most important priorities, as reflected in the 2019 National Intelligence Strategy, the DNI’s IC2025 Vision and Foundational Priorities, the 2018 Management and Performance Challenges for the Office of the Director of National Intelligence, and budget requests spanning multiple fiscal years.
The report notes that the intelligence community is home to privileged users who are authorized and trusted to perform security-related functions over IT systems that ordinary users are not authorized to perform.
“Privileged users have important roles in protecting ODNI information security due to their broad administrative and technical privileges,” the report says. “The misuse of privileged user functions increases the risk for compromise of the confidentiality, integrity, and availability of ODNI information systems.”
Auditors from the inspector general’s office found that ODNI needs to guard against insider threats. Specifically, the report says, ODNI must “improve controls to efficiently and effectively manage and mitigate the risk that a trusted privileged user could inappropriately access, modify, destroy, or exfiltrate classified data.”
The report includes nine recommendations, six of which are significant. ICIG auditors also made an observation on the ODNI compliance monitoring of internal policies.
Agencies Must Enhance Oversight of AI Activities
The ICIG selected artificial intelligence as an objective for review due to the presence it has played in multiple documents and reports published by ODNI. The inspector general’s office took initial actions to build general awareness and common understanding of AI tools among intelligence community oversight authorities in several areas.
The ICIG has begun exploring the viability of creating an Intelligence Community Offices of Inspectors General Community of Interest as a forum for follow-on discussion on oversight of AI tools. The ICIG intends to leverage the perspectives of 30 session participants who expressed their interest in future collaboration.
Additionally, the ICIG is continuing to look for ways for offices of inspectors general to advance their understanding of AI and their capabilities to audit, investigate, inspect and evaluate its implementation.
The ICIG is working with subject matter experts and stakeholders across the intelligence community, the federal government, academia and industry to “begin mapping the landscape” of research related to the Augmenting Intelligence using Machines (AIM) Initiative and of planning, implementation and governance activities.
The ICIG has also started to create a list of existing and projected efforts being pursued under the banner of AI. The office will work to “advance Intelligence Community Offices of Inspectors General’s ability to develop criteria and measures for evaluating investments in oversight of artificial intelligence in terms of personnel, training, and technology.”
Additionally, the ICIG is going to continue its efforts to support information exchanges around AI oversight. The ICIG has also started to research and compile an initial list of government and academic entities with “existing classes, courses, and seminars that could substantively broaden and deepen Intelligence Community Offices of Inspectors General’s expertise in addressing data and artificial intelligence-related issues and topics.”