Homeland Security's AI Journey Starts with Trusting its Data

Homeland Security's AI Journey Starts with Trusting its Data

But at times, the urgency to detecting threats is too great to wait, and machine learning algorithms are the answer.

Artificial intelligence can empower the defense and intelligence communities to make faster and smarter decisions about national and cybersecurity, but agencies have to first trust their data and their users. 

The Homeland Security Department’s mission hasn’t changed, but there is a rising need for tools that can help with the inevitable amount of incoming data.

“From an intelligence perspective, the mission has always been and I think always will be, deliver the best information available for our customers,” said David Bottom, chief information officer for the Office of Intelligence and Analysis at DHS. He spoke at the June 27 Splunk AI and machine learning event in Washington, D.C.

DHS customers range from analysts and operators to policymakers, service members and law enforcement officers, and they need this information to make the best decisions possible, according to Bottom.

“The challenge is, we have more data than ever before,” he said.

And with that comes expectations from customers for DHS to leverage all of the data available to it, get that information to the right person, at the right time, at the right security level, and with all the right privacy and civil liberties guidelines in tact.

So, the challenge is the expectation, according to Bottom, and DHS is going to leverage the tools to overcome that challenge. But to do so, DHS has to think differently and create the processes and change management across the board to deliver those capabilities. While the mission or output of the mission hasn’t changed, the way DHS gets there will.

What’s Driving AI in Cybersecurity?

From a cybersecurity perspective, AI and machine learning can help the intelligence community respond to threats in real-time. According to Jim Travis, chief of the Cyber Situational Awareness and CyberNetOps Solutions Division at the Defense Information Systems Agency, the nation’s currently in a reactive mode, where at times analysts are turning over data from months ago finding threats they didn’t have time to respond to.

“The future, though, is going to require us to have an ability to respond in real-time, and against things we didn’t know were coming, and so from a machine learning-artificial intelligence perspective, I would offer that’s where we have to get to,” Travis said on a panel with Bottom.

But AI and machine learning make decisions based on the data they’re fed, so this will require thinking about decision criteria — what kinds of problems to solve and what data could inform those decisions. Then, “you got to find the system that can ingest it in the timeframe that makes for a usable decision,” Travis said, and ultimately (especially when using neural networks), “how do you prove that was the right decision?”

Do You Trust Your Data? 

Public servants are accountable for explaining why they made the decisions they made to the public and to Congress, especially when cybersystems enable auto orchestration response to take action (within department boundaries).

“Are we doing the right thing when we do that?” Travis asked.

Part of the solution is asking industry to create solutions that can explain decision-making, and improving the acquisition process in government so when agencies need AI or machine learning solutions, they can get them.

But Bottom explained a different challenge associated with AI and machine learning — trust. How can CIOs trust the environment to respond in a way that provides the outcome an agency is looking to achieve, or that the potential risk associated with that solution is worth it?

Bottom said there are two barriers to getting there: identity management and data integrity.

Identity Management

For DHS, Bottom’s referring to the identity of users, analytics and the customer.

Identifying users, whether they are analysts or operators, means making sure they are properly described in the system to build the trust factor. Identifying customers, even if it’s voice recognition requesting a service, means knowing the identity of that user. That could mean tracking voice patterns or biometric data, with consideration to privacy.

But assigning identity to an algorithm, analytic, a code or software is something DHS hasn’t come to closure on. For example, in self-driving cars, that piece of software in the car is an identity. And because that software or code, which is using machine learning, is reasoning without programming and making a decision so-to-speak, the identity needs to be characterized.

“And we want to understand when that code made that decision, and what decision was recommended to the user,” Bottom said.

Data Integrity

There needs to be data integrity and strong quality of recommendations. Bottom uses recommendation to express that humans will always be at the forefront of making the final decision, though there will be times, particularly in the cyber realm, where automation will take action. So, because a person will be using that recommendation to make a decision, there needs to be confidence in the data.

For example, it’s easy to fool imagery recognition software by changing the pixels in a picture, but this won’t fool a human.

“So, how are we guarding against protecting that data integrity so we get the outcome that were expecting from the analytic?” Bottom asked. Perhaps a confidence assessment of how that decision was arrived at would help.

For Bottom, those are the two essential challenges DHS is working on in the department, with the intelligence community and its partners across government.

Accepting Risk

But at times, the urgency to detecting threats is too great to wait, and machine learning and AI algorithms are the answer.

“The crisis was so great in terms of the number of events that are anomalous today, that folks just said, ‘we have no shot at this without turning this stuff on,’” Travis said. And in the cyberrealm, there’s just too much data for humans to sift through.

The operational urgency creates the willingness to take risk, and Travis believes for the government to get where it needs to be, agencies will need to become more risk-accepting. And just as the private sector’s consequence or penalty of failing is money, government needs to figure out what its incentive is.

Because ultimately, the effort to implementing smart solutions is a collective one.

“[DISA] and Homeland Security, especially in the cyberworld, are in fact dealing with some of the potential exponential threats to the nation . . . and collectively we’re trying to stay linked together at a working level to do that . . . with us working together, learning from each other, and how these solutions make sense for the federal government and American people," Travis said.