The Benefits of AI in Cybersecurity
While some IT leaders are clearly skeptical of AI’s role in cybersecurity, others are more bullish. There are some proven benefits to adding AI into IT security environments that agencies are starting to take advantage of.
Agencies, for example, can model how humans interact with data so that the model can determine when there is anomalous behavior.
“You can’t have just a human being looking at hundreds or thousands of employees interacting with data. But you can rely on machine learning and data analytics to look at the behaviors,” George Kamis, CTO at Forcepoint, tells FedTech.
At the Small Business Administration, Deputy CIO Guy Cavallo says that the agency is a strong believer “in the power of cloud and AI to do cyber.”
“The biggest impact we’ve seen of AI, especially in our cyber operations, is it can look at millions and millions of logs of what’s going on in SBA at the second-by-second description, and then the AI tools tell my analysts what to look for,” he says. “That type of work would take a long time for a human analyst to sort through the logs to find. Now, they’re getting those responses immediately from AI.”
For example, the tools can flag for analysts if a user is logging into an agency’s network from an unusual (or impossible) location, or if they are downloading more data than usual.
“Those have really helped us pinpoint what our Security Operations Center looks at today, versus just watching screens and trying to piece together information,” Cavallo says.
AI and automation tools can also help identify the presence of malicious actors as soon as possible, if and when they do penetrate agency firewalls. “Automation shrinks the time between somebody being able to penetrate an environment and the time they can exfiltrate the data,” Rishi Bhargava, vice president of product strategy at Palo Alto Networks, tells FedTech.
This kind of automation can also help address cybersecurity personnel gaps in the federal government. According to a report by security research group ESG, 71 percent of cybersecurity professionals feel that there’s a shortage of people with cybersecurity skills. Of the 504,000 cybersecurity positions open in the U.S., about 33,000 are in the public sector, according to CyberSeek, a National Initiative for Cybersecurity Education online tool that collects employment data.
MORE FROM FEDTECH: Find out how to choose between software-defined perimeters and VPNs.
Skepticism Remains on AI in Cyber
Despite the benefits, there is still a great deal of hesitancy when it comes to using AI tools for cybersecurity, both at defense and civilian agencies.
The issue of cybersecurity is “much larger than any of these small pinpoint efforts” that are being developed with AI and ML tools, Air Force CTO Frank Konieczny said at the Fortinet event, according to MeriTalk.
“We are going down the path” with such tools, “but it takes time,” he said. Some of the “easy stuff” in terms of IT tasks has already been achieved via robotic process automation technology, “but when you get to cybersecurity, it’s tough.”
Cote said that the DOT is “trying to take that first step to put our toe in the pool” and launch its first application of AI or ML for cybersecurity.
AI for cybersecurity will continue to mature. As it does, and as more agencies become familiar with how to use it and its benefits, expect to see an uptick in adoption.
This article is part of FedTech’s CapITal blog series. Please join the discussion on Twitter by using the #FedIT hashtag.