Artificial intelligence is one tool that federal agencies are discovering holds significant promise in helping to deal with the compounding amounts of cybersecurity data being generated by an ever-increasing amount of endpoints. Hemant Baidwan, chief information security officer for the Department of Homeland Security, said AI and machine learning has been helping to do that for a while now. But it’s not a be-all and end-all.

“I see great amount of value in that,” Baidwan said on Improving Cybersecurity Through Autonomous Endpoint Management. “I would say that still there’s need for human intervention and and for the right folks to be analyzing what these AI tools are providing. But can it help speed things up? Certainly. And it has been doing that for a while. Can that continue? I completely believe that it can.”

And doing so is necessary, Baidwan said, because it’s not just federal agencies using these tools. While cybersecurity experts in government are using them to detect patterns and identify anomalies that indicate malicious action within systems and networks, bad actors are also using them to initiate those malicious actions.

“The technology is evolving with AI now,” he said. “The bad actors are also evolving. We are no longer facing — and by we I don’t mean just DHS; I mean private, public sector, all of us as citizens of this country — everyone is facing different threats than we were facing years ago. We are dealing with sophisticated AI-driven attacks that can automate phishing attempts. It can launch deepfake impersonations, and it can even predict, in some cases, defense strategies. So these adversaries, they’re getting smarter, they’re getting faster. They are adaptive, using AI to enhance their capabilities.”

That’s why it’s necessary for federal agencies to be using the same tools; cybersecurity is functionally an arms race, and AI is the latest and greatest weapon, both for offense and defense.

Responsible, secure AI

But like any weapon, whether offensive or defensive, AI needs guardrails around it to ensure that government agencies wield it responsibly. While DHS Secretary Alejandro Mayorkas specifically created the department’s AI Task Force to examine these issues and determine how DHS could best move forward with AI responsibly and securely, Baidwan said the CISO council took on that challenge as well.

That led to the CISO council releasing an AI cybersecurity strategy that was aligned with both the AI Task Force and DHS’ overall AI roadmap.

“Both of these really kind of helped us, as the CISO council body, to look at how do we want to apply cybersecurity to the use of AI within the department? How do we ensure that the AI that we are using within the department is secure?” Baidwan said. “It is really targeting the secure part of deployment of AI for our mission. So that led to us then issuing, which I believe we were one of the first few agencies that issued AI cybersecurity policy last year.”

Targeting cyber weaknesses

When it comes to applying AI — or any other cybersecurity tool — DHS developed a unique approach to determine where the need is greatest, and how to best answer that need. The Unified Cybersecurity Maturity Model (UCMM) is a framework that helps DHS analyze the cybersecurity maturity for any given program, system or agency. This allows the department to prioritize those vulnerabilities, especially when they may show up in various systems with different degrees of criticality.

For example, if the UCMM identifies common areas of weakness throughout the department, it can also look for examples where that weakness has been mitigated. Identifying these common areas of maturity allows DHS to “copy and paste where possible to other systems and components,” Baidwan said.

“So it is not only helping us prioritize our cybersecurity, our risk management framework and all those functions, but it is also helping us as we add these new layers to UCMM … that is going to add that known next layer of visibility that is really needed for the organization,” he said. “So when we look at the top level view of DHS as a whole, or when a component CISO Is looking at it just for their component, they’re able to really look at both areas where they can prioritize to remediate weaknesses, but also look at areas of growth that they have seen that they can replicate across other systems.”

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.