Many Federal agencies are looking to use AI as a key cybersecurity tool, but before agencies get too far ahead of themselves, U.S. Air Force Deputy Chief Information Officer (DCIO) Winston Beauchamp said on Tuesday that the number one thing agencies can do to improve their cybersecurity posture is to modernize their IT architecture.
“I continue to say that the single biggest thing we can do to improve our cybersecurity is modernize our architecture, get rid of our tech debt,” Beauchamp said at the Google Public Sector Summit, presented by Scoop News Group, on Oct. 17. “Because our decrepit, older systems that are out of service by the vendors that built them can’t provide the cybersecurity that we need to survive in today’s environment.”
The deputy CIO said that cybersecurity and AI have something in common, which is that they are both “strapped on after the fact” to legacy systems. This means that cybersecurity and AI capabilities are “really limited” by their infrastructure and the data they have access to, he explained.
However, Beauchamp said that “another thing that they both have in common is that both cybersecurity and artificial intelligence are baked in.” According to Beauchamp, these capabilities are baked into the tools, infrastructure, and basic internet appliances that we use to modernize our networks.
For this reason, he said that “modernizing is number one,” when it comes to improving agencies’ cybersecurity.
“When you modernize, you bring in capabilities that for cybersecurity and artificial intelligence that are baked in, they’re inherent to what you’re delivering,” Beauchamp said. “So, we’re very optimistic about what that future brings.”
“And then the nice thing about it is from an infrastructure perspective, we don’t have to think about designing it. It comes out of the box,” he added. “We’ll tailor it, and we’ll customize it for the mission.”
Nevertheless, Beauchamp said that AI also needs to be on the list of cybersecurity to-dos in order to keep up with our adversaries, who are using AI to tailor their attacks to “basically work around our signature management approach.”
“They can do so at speed faster than we can update our signatures, so we have to run faster,” he said. “And that means using AI to try a different approach other than signature management … I think there’s going to be a ‘guns versus armor’ back and forth for some time on AI’s use in cybersecurity, and we just have to be better and faster than our adversaries.”