Jan 07 2020

Agencies Are Cautious About Using AI for Cybersecurity

Artificial intelligence tools can help spot security anomalies and close the talent gap, but skepticism remains.

Federal agencies are always looking for ways to stay on top of cybersecurity as much as humanly possible, whether that’s via endpoint security or file integrity monitoring. But what about a level of security that’s not humanly possible? 

Agency CIOs, CISOs and other IT leaders are increasingly taking a look at artificial intelligence-based solutions to enhance cybersecurity. Benefits to this approach include gaining the ability to spot threats more quickly, saving time and money, and closing cybersecurity skills gaps through automation. 

That said, feds are definitely still in the early stages of using AI for cybersecurity and are not fully embracing it — at least not yet. 

“We are in the very early stages” of AI and machine learning adoption, Transportation Department CIO Ryan Cote said in December at an industry event presented by Fortinet, MerITalk reports. Speaking about AI and ML broadly, he said that “marketing hype is at a 10, but delivery is at a 1.” 

For cybersecurity, Cote said, “the best we can do is look at machine learning to improve cyber hygiene” and automate “the simpler tasks” in IT security operations

The Benefits of AI in Cybersecurity

While some IT leaders are clearly skeptical of AI’s role in cybersecurity, others are more bullish. There are some proven benefits to adding AI into IT security environments that agencies are starting to take advantage of. 

Agencies, for example, can model how humans interact with data so that the model can determine when there is anomalous behavior. 

“You can’t have just a human being looking at hundreds or thousands of employees interacting with data. But you can rely on machine learning and data analytics to look at the behaviors,” George Kamis, CTO at Forcepoint, tells FedTech.

At the Small Business Administration, Deputy CIO Guy Cavallo says that the agency is a strong believer “in the power of cloud and AI to do cyber.” 

“The biggest impact we’ve seen of AI, especially in our cyber operations, is it can look at millions and millions of logs of what’s going on in SBA at the second-by-second description, and then the AI tools tell my analysts what to look for,” he says. “That type of work would take a long time for a human analyst to sort through the logs to find. Now, they’re getting those responses immediately from AI.”

For example, the tools can flag for analysts if a user is logging into an agency’s network from an unusual (or impossible) location, or if they are downloading more data than usual. 

“Those have really helped us pinpoint what our Security Operations Center looks at today, versus just watching screens and trying to piece together information,” Cavallo says. 

AI and automation tools can also help identify the presence of malicious actors as soon as possible, if and when they do penetrate agency firewalls. “Automation shrinks the time between somebody being able to penetrate an environment and the time they can exfiltrate the data,” Rishi Bhargava, vice president of product strategy at Palo Alto Networks, tells FedTech. 

This kind of automation can also help address cybersecurity personnel gaps in the federal government. According to a report by security research group ESG, 71 percent of cybersecurity professionals feel that there’s a shortage of people with cybersecurity skills. Of the 504,000 cybersecurity positions open in the U.S., about 33,000 are in the public sector, according to CyberSeek, a National Initiative for Cybersecurity Education online tool that collects employment data.

MORE FROM FEDTECH: Find out how to choose between software-defined perimeters and VPNs.

Skepticism Remains on AI in Cyber

Despite the benefits, there is still a great deal of hesitancy when it comes to using AI tools for cybersecurity, both at defense and civilian agencies.

The issue of cybersecurity is “much larger than any of these small pinpoint efforts” that are being developed with AI and ML tools, Air Force CTO Frank Konieczny said at the Fortinet event, according to MeriTalk.

“We are going down the path” with such tools, “but it takes time,” he said. Some of the “easy stuff” in terms of IT tasks has already been achieved via robotic process automation technology, “but when you get to cybersecurity, it’s tough.”

Cote said that the DOT is “trying to take that first step to put our toe in the pool” and launch its first application of AI or ML for cybersecurity. 

AI for cybersecurity will continue to mature. As it does, and as more agencies become familiar with how to use it and its benefits, expect to see an uptick in adoption.

This article is part of FedTech’s CapITal blog series. Please join the discussion on Twitter by using the #FedIT hashtag.

CapITal blog logo

DKosig/Getty Images