The Cybersecurity and Infrastructure Security Agency (CISA) looks at AI from three perspectives: how the agency itself can use it to accomplish its mission to protect critical infrastructure, how critical infrastructure stakeholders plan to deploy AI, and how adversaries may use AI.
Martin Stanley, Branch Chief for Strategic Technology at CISA, said these three perspectives anchor CISA’s strategy to incorporate AI into cybersecurity practices and processes.
“We're building out an infrastructure where we can rapidly deploy and determine the feasibility of various analytics and use them against live data and collaborate with our partners in critical infrastructure and the federal civilian space,” Stanley said during the closing fireside chat of GovernmentCIO Media & Research’s AI Gov: National Security virtual event Nov. 3.
Cybersecurity and national security are interwoven and often synonymous in national strategies as nation-state actors increasingly use cyberspace to undercut American critical infrastructure. Stanley said CISA wants to use AI to “reduce the burden on cyber defenders” as the rate of cyberattacks soars.
“The time to respond is getting below what humans can actually do,” he said at the event. “So obviously automation, AI is going to support our leadership to get the information they need to determine decisions and direct response and put in place protections and mitigations when threats are realized. The best thing we can do for our leadership today and tomorrow is put in place an infrastructure that gives them the information they need to make good and effective decisions in our mission space.”
AI is also an instrumental tool at Special Operations Command (SOCOM), where it could help analysts detect threats and make decisions in milliseconds, said SOCOM Chief Data Officer Thomas Kenney.
"The human solution doesn't exist anymore," he said on a prior panel at the event. "The capabilities that we need to be able to deploy on the cyber warfare landscape in particular have got to be intelligent systems ... that have the ability to learn, to see trend analysis, to be able to recognize in seconds, even milliseconds, the potential for an attack, a foreign attack or a breach and be able to make decisions."
From an acquisition perspective, SOCOM is thinking about AI technologies in terms of how they are are actually learning. This means getting the foundations in place first to train models on complete and accurate data.
Over the past 20 years, CISA and more broadly the Department of Homeland Security have integrated cybersecurity into their IT systems. The lessons learned from this work informs CISA’s strategy for incorporating AI.
“We need to determine, what are the skillsets that we need, and we're actually doing that as part of the DHS AI strategy,” Stanley said. "We're doing implementation plans around that now. A lot of those … mirror the lessons learned from cyber and make sure we mitigate some of the things that didn't work so well. We're going to have entirely different teams when this technology gets integrated into operations.”
For federal agencies interested in implementing AI, Stanley advised developing use cases and “rules of the road” for successful implementation.
“Choose high-impact and low-regret kinds of scenarios to automate [with AI],” Stanley said. “If it doesn't go well you don't want to regret it big time. You want to identify use cases that are easily understandable so you can deal with that ‘explainability’ concern and things that don't have a lot of complexity.”