The Cybersecurity and Infrastructure Security Agency (CISA) is looking to expand its use of artificial intelligence (AI) across operations after initial gains in administrative applications, according to CISA Chief Information Officer (CIO) Bob Costello.
CISA first used AI in back-office functions and to summarize documents, Costello said on Friday, Nov. 21, speaking at an ACT-IAC event in Reston, Va.
Now, he said, the agency tasked with overseeing the nation’s security is looking to ramp up its use of the technology, such as helping with faster penetration testing on some systems.
Those new uses are being spurred in part by efforts made by recent White House executive orders to expand agencies’ use of AI.
“I really feel a lot of freedom right now to experiment, fail fast; try out new technologies a lot faster,” Costello said.
Costello added that CISA is looking to experiment with using more automated patch management on low-risk systems and attack path visualizations, which he said “are super helpful.”
He explained that using AI can help with patch management as it identifies which vulnerabilities actually pose real risk, allowing teams to focus on truly critical issues instead of spending time patching everything with a high Common Vulnerability Scoring System score.
Other AI success stories for CISA so far include partnering with original equipment manufacturers to activate AI features to improve tasks ranging from query writing to threat hunting, which reduces the need for staff to master multiple proprietary query languages.
However, before applying AI and automation to speed up processes, Costello noted that CISA considers whether those processes should exist at all and if they still serve the mission.
“I don’t want to just automate a process that … we then find out, it’s like one person you know, he’s a GS-15, he just hit 50 years of service, and is just insisting that this process exists,” Costello explained.
“So, I always ask a question: If we stop doing that, what happens? Often, you’ll find out – nothing,” he added.