AI can help agencies enhance their cyber defense, study finds

Artificial intelligence tools can help the government better identify and defend against a host of cyber threats, according to a recent survey of federal agencies’ defensive cyber operations. 

The report, released on Tuesday by General Dynamics Information Technology, found that significant numbers of federal officials were inundated with data and concerned about the impact that human oversight and staffing challenges could have on existing cyber risks — all vulnerabilities that AI could potentially address. 

GDIT’s report surveyed 200 respondents across “defense, civilian, intelligence and homeland security agencies” that are involved in making cyber-related decisions. 

The survey found that 41% of respondents reported that an “overwhelming volume of data” made it hard for them to identify cyber threats. Officials also reported the surge in data was exacerbated by a skills gap within their respective agencies, with 36% of respondents saying they “lack the skilled personnel to manage and analyze data.”

Human oversight was also seen as the biggest cyber liability, with 42% of respondents saying that misconfigurations and human error represented the most significant threat to agencies’ digital security. Twenty-four percent of officials said malware and ransomware were the most significant cyber threats — the second-highest risk reported by the survey’s respondents. 

Respondents viewed artificial intelligence tools and enhanced automation as potentially useful resources for helping to address some of these challenges: 26% of officials said “real-time threat detection using AI algorithms” was the most significant impact that the incorporation of emerging technologies into defensive cyber operations could have, while another 21% cited AI’s benefits for “network monitoring and defense.”

AI and machine learning could serve “as a beacon for advanced threat detection and response,” the report said, but it also noted that “the challenge lies in identifying the use cases to apply these capabilities most effectively.”

Respondents also said that enhanced automation across federal agencies could help address some of the risks caused by human oversight, with 25% saying automating systems would have the greatest impact on real-time threat mitigation.

Matthew McFadden — who leads GDIT’s cyber center of excellence — told Nextgov/FCW “from a defensive cyber standpoint, it's really all about application” when it comes to agencies’ adoption of emerging technologies. He cited the ability to parse vast amounts of information and then leverage threat intelligence against that data as one of the beneficial uses of AI and automation.

President Joe Biden’s AI executive order, issued at the end of October, also established a framework for agencies to adopt trustworthy AI into their systems, including in ways that can help “improve United States cyber defenses.” Many agencies have already been working to utilize these technologies, including in ways that can reduce human error.

At the Defense Information Systems Agency's forecast to industry event on Monday, an agency official said defensive cyber operations were a “really good target” for AI’s use and estimated that approximately 80% of the data reviewed by analysts could be automated.

“From the agencies’ perspective, they've got a lot of things to do, and not more people and not more money to do them with,” Matt Hayden — vice president of cyber client engagement at GDIT and a former senior advisor to the director at the Cybersecurity and Infrastructure Security Agency — told Nextgov/FCW. “And so they're looking at these solutions to hit those marks, and we're in a world right now where AI is giving defenders an advantage.”