The National Geospatial-Intelligence Agency (NGA) is diligently working to assess and implement AI technology into its technology ecosystem, but an agency official said today that the process of weaving AI into the tech mix also points to possible risks in supply chain management and data integrity issues.
Monica Montgomery, deputy chief information security officer (CISO) for management and strategy and deputy director of the cybersecurity office the NGA, discussed how the agency is sizing up those concerns during today’s Qualys Public Sector Cyber Risk Conference.
“I think one of the biggest challenges that we face right now, especially with AI [is] in supply chain risk management,” she said. “You can’t go anywhere right now without talking about that, and especially in AI when you think about how those large language models (LLMs) are being developed, how they’re being maintained, [and] what to do if there is data poisoning.”
“If you just start to poison your data model, you’re going to go off real quick into left field, and that’s maybe not where you want to be,” Montgomery said. “So data integrity is part of it.”
“But then when you kind of take a step back and you look at it, really this is about acquisition,” she continued. One of the main concerns is the speed at which government acquisitions work, which has historically not been “exactly timely,” Montgomery said.
“That’s a hard challenge when you have AI capabilities to do this so fast, but our acquisition schedule doesn’t allow for that,” said Montgomery. “And so how do you change some of these processes, these policies when you know it takes three years to change a policy? … How can you keep up?”
But even as the agency wrestles with these challenges, Montgomery also made clear that adopting AI technologies is not optional for NGA, but rather a question of when the agency will do so.
“We have to have AI in our cyber mission,” she said. “Looking at how we can use AI to red team internally, [as well as] how will the adversary look at things, and now I can have AI help me with that. Threat analysis, forensics, all the things that you think of when you think of incident response rate, we can leverage AI to be better, faster, stronger,” Montgomery said.
