Generative AI is Revolutionizing Federal Government Operations

By: MeriTalk Staff

Blogs

Aug 28, 2024 | 8:45 am

By Darren Guccione, CEO and Co-Founder of Keeper Security

Generative Artificial Intelligence (GenAI) offers innovative applications that could help the federal government adapt to changing times. Some use cases are experimental, exploring new ideas, while others are already delivering positive results by enhancing human effort for difficult projects. GenAI also has the potential to streamline tedious, yet essential, tasks through automation.

Within federal agencies, pilot programs are testing how artificial intelligence that can generate content could modernize outdated processes. Some forward-thinking trials are hatching ambitious concepts by tapping into machine-learning capabilities. In some agencies, generative models have already been deployed to boost mission-critical initiatives that had become stagnant. However, one of GenAI’s most transformative uses may be automating repetitive tasks that can bog down workflows.

GenAI Enhancing Federal Operations

Within the federal government, GenAI is being utilized in various scenarios to enhance operations. It assists in deciphering complex regulatory frameworks that can be difficult to interpret. GenAI is also helping to reduce costs by optimizing processes and minimizing errors that can lead to inefficiencies. Another valuable application is retaining the knowledge of skilled civil servants approaching retirement by capturing their expertise in digital form.

For federal IT professionals, GenAI presents an opportunity to modernize outdated systems and bring emerging technologies into government operations. It represents an avenue for positive change – leveraging advanced AI to enhance efficiency and knowledge management across agencies.

Navigating Evolving Defense Cybersecurity Regulations

Regulatory frameworks in the federal sector continue to expand and evolve, making it crucial for agencies and contractors to remain up-to-date with the latest changes. This includes maintaining high levels of information security to maintain compliance with programs such as the Federal Risk and Authorization Management Program (FedRAMP), System and Organization Controls (SOC), the International Organization for Standardization (ISO), the Cybersecurity Maturity Model Certification (CMMC) and Defense Federal Acquisition Regulation Supplement (DFARS).

Recently, FedRAMP updated its guidance with new controls through NIST 800-53 Revision 5 (Rev.5), which requires cloud service providers selling to the federal government to enhance their cybersecurity practices even further. These rules present a complex landscape to navigate.

AI-Driven Compliance Assistants

A GenAI chatbot trained on regulatory frameworks can distill compliance requirements into easily digestible information. This can help users grasp the sometimes complex regulatory compliance language without needing to be experts, thus reducing the risk of non-compliance.

AI-driven compliance assistants make strategic recommendations regarding regulatory requirements, processes and practices, which help drive efficiencies. Cloud service providers in the federal marketplace would benefit from AI-driven compliance assistants as they must comply with regulatory frameworks to do business with the government.

Example: CMS Leveraging Large Language Models

The Centers for Medicare & Medicaid Services (CMS) illustrates how GenAI helps train new CMS staff in aligning and translating technical documentation from federal marketplaces with CMS accounting systems. This challenge proves daunting for new civil servants navigating the complex federal healthcare systems.

The Financial Management Systems Group / Division of Program and Data Management used a Large Language Model (LLM) to address several challenges: capturing legacy knowledge from a retiring workforce, maintaining operations during hiring freezes, training new recruits, and processing millions of claims to ensure Medicare recipients receive their benefits. Using Llama 2, Meta’s open-source LLM, the finance team obtains fast, precise information with context for the CMS consumer-facing front end.

GenAI Usage and Trust in the Government Sector

Microsoft’s Azure AI services, powered by OpenAI’s language models, now offer benefits for the U.S. government sector, indicating that AI systems will continue to streamline tasks and processes, like those faced by the CMS. In 2022, Microsoft announced plans to make Azure OpenAI Service available for U.S. government customers, bringing large language model capabilities to Azure Government cloud.

Additionally, OpenAI’s latest GPT-4 model has advanced capabilities that support its use in highly regulated environments. While many government agencies have already experimented with AI for smaller workloads, GPT-4’s enhanced performance on sensitive tasks with limited input/output data will be advantageous. GenAI capabilities can streamline numerous processes and repetitive tasks, allowing organizations to focus more on mission-critical operations.

Government technologists are exploring the use of large language models like GPT-4 to assist in drafting control language for various cybersecurity frameworks that ensure contractor compliance with standards. As a Governance, Risk and Compliance (GRC) tool, GenAI can help draft policies and interpret evolving compliance requirements. However, technology leaders and GRC staff still play crucial roles in testing, verifying and documenting the AI-assisted outputs.

Best Practices for AI Safety and Security

To ensure the safe and appropriate use of GenAI tools, agencies should implement stringent best practices for AI safety and security. Top references include the Executive Order on the Safe, Secure and Trustworthy Development and Use of Artificial Intelligence, and the NIST AI Risk Management Framework: AI RMF 100-1.

Conclusion

Government agencies are leveraging numerous use cases of GenAI technology, but only a few have scratched the surface of what’s possible. In this sector, organizations must exercise an extremely high level of caution and diligence when applying AI tools to ensure ethical and technically rigorous best practices for the safe and effective use of GenAI.

Hundreds of resources help organizations understand regulatory compliance frameworks. Zoya Schaller, CISSP, CGRC, Director of Cybersecurity Compliance at Keeper Security, used OpenAI to create a Cybersecurity Regulatory Compliance Advisor to answer questions about compliance with FedRAMP, SOC, ISO, CMMC and DFARS.

Implementing GenAI capabilities in a secure and strategic manner will be critical for long-term success and continued innovation. This will help U.S. government entities stay competitive, maintain a cutting-edge position with emerging technologies, and meet the stringent standards and practices required for the ethical and safe adoption of artificial intelligence.

While the potential benefits are substantial, the public sector’s adoption of GenAI must proceed with prudence and adherence to robust governance frameworks. Upholding the public trust through responsible AI oversight, as well as human oversight over critical processes, is paramount as these technologies are judiciously integrated into government operations.

Cookie	Duration	Description
AWSALBCORS	7 days	Amazon Web Services set this cookie for load balancing.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie records the user consent for the cookies in the "Advertisement" category.
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	1 year	CookieYes sets this cookie to record the default button state of the corresponding category and the status of CCPA. It works only in coordination with the primary cookie.
JSESSIONID	session	New Relic uses this cookie to store a session identifier so that New Relic can monitor session counts for an application.
PHPSESSID	session	This cookie is native to PHP applications. The cookie stores and identifies a user's unique session ID to manage user sessions on the website. The cookie is a session cookie and will be deleted when all the browser windows are closed.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
_pxhd	1 year	PerimeterX sets this cookie for server-side bot detection, which helps identify malicious bots on the site.

Cookie	Duration	Description
lidc	1 day	LinkedIn sets the lidc cookie to facilitate data center selection.
li_gc	5 months 27 days	Linkedin set this cookie for storing visitor's consent regarding using cookies for non-essential purposes.
UserMatchHistory	1 month	LinkedIn sets this cookie for LinkedIn Ads ID syncing.
__cf_bm	30 minutes	Cloudflare set the cookie to support Cloudflare Bot Management.

Cookie	Duration	Description
AWSALB	7 days	AWSALB is an application load balancer cookie set by Amazon Web Services to map the session to the target.
_gat	1 minute	Google Universal Analytics sets this cookie to restrain request rate and thus limit data collection on high-traffic sites.

Cookie	Duration	Description
AnalyticsSyncHistory	1 month	Linkedin set this cookie to store information about the time a sync took place with the lms_analytics cookie.
CONSENT	2 years	YouTube sets this cookie via embedded YouTube videos and registers anonymous statistical data.
ln_or	1 day	Linkedin sets this cookie to registers statistical data on users' behaviour on the website for internal analytics.
pardot	past	The pardot cookie is set while the visitor is logged in as a Pardot user. The cookie indicates an active session and is not used for tracking.
UID	1 year 1 month 4 days	Scorecard Research sets this cookie for browser behaviour research.
vuid	1 year 1 month 4 days	Vimeo installs this cookie to collect tracking information by setting a unique ID to embed videos on the website.
_ga	1 year 1 month 4 days	Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.
_ga_*	1 year 1 month 4 days	Google Analytics sets this cookie to store and count page views.
_gcl_au	3 months	Google Tag Manager sets the cookie to experiment advertisement efficiency of websites using their services.
_gid	1 day	Google Analytics sets this cookie to store information on how visitors use a website while also creating an analytics report of the website's performance. Some of the collected data includes the number of visitors, their source, and the pages they visit anonymously.
__gads	1 year 24 days	Google sets this cookie under the DoubleClick domain, tracks the number of times users see an advert, measures the campaign's success, and calculates its revenue. This cookie can only be read from the domain they are currently on and will not track any data while they are browsing other sites.

Cookie	Duration	Description
anj	3 months	AppNexus sets the anj cookie that contains data stating whether a cookie ID is synced with partners.
bcookie	1 year	LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser IDs.
bscookie	1 year	LinkedIn sets this cookie to store performed actions on the website.
GoogleAdServingTest	session	Google sets this cookie to determine what ads have been shown to the website visitor.
IDE	1 year 24 days	Google DoubleClick IDE cookies store information about how the user uses the website to present them with relevant ads according to the user profile.
li_sugr	3 months	LinkedIn sets this cookie to collect user behaviour data to optimise the website and make advertisements on the website more relevant.
muc_ads	1 year 1 month 4 days	Twitter sets this cookie to collect user behaviour and interaction data to optimize the website.
personalization_id	1 year 1 month 4 days	Twitter sets this cookie to integrate and share features for social media and also store information about how the user uses the website, for tracking and targeting.
test_cookie	15 minutes	doubleclick.net sets this cookie to determine if the user's browser supports cookies.
uuid2	3 months	The uuid2 cookie is set by AppNexus and records information that helps differentiate between devices and browsers. This information is used to pick out ads delivered by the platform and assess the ad performance and its attribute payment.
VISITOR_INFO1_LIVE	5 months 27 days	YouTube sets this cookie to measure bandwidth, determining whether the user gets the new or old player interface.
YSC	session	Youtube sets this cookie to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the user's video preferences using embedded YouTube videos.
yt-remote-device-id	never	YouTube sets this cookie to store the user's video preferences using embedded YouTube videos.
yt.innertube::nextId	never	YouTube sets this cookie to register a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	YouTube sets this cookie to register a unique ID to store data on what videos from YouTube the user has seen.
_mkto_trk	1 year 1 month 4 days	This cookie, provided by Marketo, has information (such as a unique user ID) that is used to track the user's site usage. The cookies set by Marketo are readable only by Marketo.
__gpi	1 year 24 days	Google Ads Service uses this cookie to collect information about from multiple websites for retargeting ads.

Archives