As cyber threats continue to grow in complexity and scale, artificial intelligence (AI) is emerging as a critical tool for enhancing security, efficiency, and accuracy across Federal agencies, according to Federal cybersecurity experts.
During GovExec’s Cybersecurity Futures Forum on Nov. 20, cybersecurity officials spoke of the way AI can help the Federal cybersecurity workforce more efficiently and effectively conduct cyber defense operations.
Paul Blahusch, chief information security officer at the Department of Labor, emphasized that AI will be essential for future cyber defenses, as adversaries are already using the technology for AI-powered attacks.
“We’re seeing now adversaries are starting to use AI to attack, and so we’re going to have to fight the fire. We’re going to have to use AI to fight AI,” said Blahusch. “In the future, AI is definitely going to be necessary.”
For instance, AI can help identify and locate anomalous data. Blahusch explained AI can provide an initial classification of data, helping by identifying patterns.
“I could tell AI, ‘Here are examples of important data – now go find other similar instances,'” he said. “We’ll need to analyze threat intelligence and correlate all the data to enable the automation that AI can drive for protection.”
James Saunders, chief information security officer for the Office of Personnel Management, also touted the use of AI for cyber defense operations. According to Saunders, AI offers Federal agencies the speed needed to address vulnerable solutions.
According to Saunders, AI can be incredibly helpful in software development, acting as a “co-pilot” for developers by assisting in breaking down tasks and streamlining the process.
“With AI and automation, we can move quickly by applying AI at every step of the software quality chain, as well as within monitoring and package management teams, ensuring we embed secure software from the start,” Saunders said.
He further explained that incorporating AI and automation early in the process to develop secure software also checks for weaknesses that developers are not able to see on the actual code and development base.