Adoption of AI has been widespread in recent years, touching every area of life because of its potential to improve operations. For government agencies’ cybersecurity operations, AI holds especially great promise.
For instance, AI can automate and enhance cybersecurity practices by recognizing and remediating threats faster than a human could. These capabilities are more important than ever because as attackers weaponize AI, agencies need to respond by implementing defensive AI in their networks.
“It will be an essential technology and tool that really every security professional is going to eventually need to master,” said Robert Imhof, Consulting Systems Architect at Fortinet Federal, which delivers modern, secure infrastructure to government agencies.
Where AI Can Help
Imhof highlighted several uses for AI in cybersecurity operations. The most profound is anomaly detection, or finding unusual patterns in behavior in network traffic, user activity or application usage that may indicate a compromise.
“We have these in a lot of tools right now, but this is really going to become more sophisticated and more advanced,” he said.
AI can also assess risk by quickly analyzing large amounts of data. Eventually, it could even suggest ways to better design security systems. “The speed of AI to accomplish these tasks, while ingesting that significant amount of data, is going to give it that distinct advantage over traditional tools,” Imhof said.
What to Watch Out For
Because use of AI is relatively new, agencies must take care to avoid missteps with it. The biggest is replacing support staff with AI tools, said Imhof. “Sometimes you have issues like hallucinations” with AI, where it gives false positives, he said. “You still need those security professionals to be able to parse that data and really put it into context.”
They also must understand how AI conducts its analysis. “Does it remain local to the agency, or is it sending that data back to somewhere else?” Imhof said. “If it’s being sent somewhere else, how is that [controlled unclassified] data being protected?”
AI Best Practices
Whenever a new technology is involved, there’s a learning curve — and there’s always new technology, Imhof said.
“It’s going to be worth investing the time and effort to learn this technology,” he said. “Security professionals that can master utilizing AI in addition to their other technical skills are going to be highly sought after by employers.”
That will also help separate fact from hype, which is rampant because of the excitement around the technology. That’s where cybersecurity operations officials come in again, Imhof said. “They’re going to have to learn how the AI itself works to assess how it fits in [a given] environment,” he added.
To do that, he recommends using a test environment to determine how AI-powered defenses work within the network one at a time.
Ultimately, Imhof said, remember that “AI is a tool that can be used to enhance the security of a network, so it should be used in that correct context.”
This article appears in our guide, “Getting Practical with AI.” For more examples of how agencies are making real-world use of AI technology, download it here:
Leave a Reply
You must be logged in to post a comment.