As adversaries are increasingly leveraging AI and deepfakes in their cyberattacks, the chief information security officer (CISO) for the U.S. House of Representatives on July 29 stressed the importance of adapting security awareness training to keep up with the emerging technologies.
Densmore Bartly stepped into the CISO role about two and a half years ago, but he said advances in AI technologies over the past few years have made it increasingly difficult to secure the information of all 435 House members.
“Human error is our biggest challenge,” Bartly said on Tuesday at the Workforce Technology Workshop in Washington, presented by Government Executive and Nextgov/FCW.
“I like to refer to it as the ‘hiddle,’ or the human in the middle,” he added. “If the government gave you unlimited money and you could buy all of these cyber tools, the hiddle will find some way to break it … The hiddle always compromises the best security features.”
Therefore, the CISO said that user awareness training is crucial to address those hiddle problems.
“We must get their buy-in. Often, our security awareness training, it’s outdated. You go in there and it just talks about phishing, you know, the usual stuff,” Bartly said. “We have to advance our security awareness training because the hiddle is our biggest risk, that human in the middle. They have to start learning about AI, deepfake attacks, which are going on big on Capitol Hill.”
Bartly pointed to the incident that made headlines earlier this month in which a person or people used artificial intelligence to impersonate Secretary of State Marco Rubio, sending text and voice messages to foreign diplomats and U.S. officials.
“I can’t tell you how many people fell for that,” Bartly said. “So, security training is, you have to keep it abreast of these new developments, and so that’s the biggest strategy that you have here.”
“It’s not just the device anymore, it’s our third-party supply chains. It’s, you know, cloud solutions, vulnerable software code and applications. It’s all these different things. It’s AI-enabled attacks,” he added. “All of these things can compromise access, because that’s all the adversary wants. They want access to your data, access to your crown jewels.”