ELC 2016: Artificial Intelligence Can Help Analyze Security Threat Data

The federal government is awash in data related to cybersecurity threats, but needs better tools to make sense of all of that information. It may get some help in the cloud, according to federal officials and cybersecurity experts, but artificial intelligence and cognitive computing technologies may hold the key to aggregating and analyzing all of that data — and turning it into actionable intelligence.

During a session on disruptive technologies in cybersecurity at the 2016 ACT-IAC Executive Leadership Conference in Williamsburg, Va., the panelists discussed how automation, the cloud and ever-growing amounts of data are changing the way agencies approach security.

Automation is becoming more prevalent and agencies are changing how they interact with data, according to Rob Palmer, deputy chief technology officer at the Department of Homeland Security, who moderated the panel.

Tapping AI to Analyze Data

Agencies can use AI to look through massive amounts of data to find anomalies, said Christina Ayiotis, co-chair of the Cybersecurity Law Institute at Georgetown. “A lot of government agencies are really trying to create and incentivize the best technology to do that in the most privacy-protected ways” but also in ways that benefit the agency, she said.

Meanwhile, agencies need to be able to “aggregate information in an easier and better way” and use that to engineer security by design — with protections built into their IT systems from the start, according to Michaela Iorga, senior security technical lead for cloud computing at the National Institute of Standards and Technology. That, she said, “is what we all want,” an IT environment in which components are able to function without constantly needing to be patched.

Agencies should ideally be able to use cognitive computing and AI to link data from DHS’s Continuous Diagnostics and Mitigation program and other databases of cybersecurity threats, Iorga said. If they were able to do so, AI would then analyze that information, rank threats and notify human overseers of the vulnerabilities. “It’s a dream that I have. It’s not there [yet],” she said. “Cognitive systems working for us, not instead of us.”

For agencies, one of the challenges of incorporating AI into cybersecurity is the transparency of the proprietary algorithms behind such AI technologies, or the lack thereof, Ayiotis said.Cybersecurity analysts and policymakers will need to know why certain threats have been ranked in a particular manner and why certain mitigation actions or responses have been recommended, she said.

“We need to categorize if it is cyber vandalism or an actual attack that rises to the level of an act of war,” she said.

Barry Barlow, chief technology officer of Vencore, a cybersecurity contractor that works with intelligence agencies, the Defense Department and other agencies, added that he has seen case studies where such aggregation has worked and that “machine learning is going to be key.” Barlow added that the kind of AI technology that could enhance cybersecurity is already in the market.

Such AI will come from the private sector and will also be developed inside federal agencies, Iorga said. “To be able to evaluate the solution and know how to use it, you need some knowledge in house,” she added.

The federal government will likely get more involved in AI development. President Obamasaid earlier this month in an interview with Wired that, in terms of AI, the government should invest “heavily in research and making sure there’s a conversation between basic research and applied research.”

Security Benefits of the Cloud

The panelists also discussed whether the cloud is truly a disruptive technology and whether the federal government has been too conservative in adopting it.

If agencies are looking for greater efficiencies and more security, commercial cloud providers can help, Ayiotis said. “That’s all they do; their lifeblood is to keep that information as safe as possible,” she said, noting that the firms would suffer deep reputational blows if they did have a security breach.

Both Ayiotis and Iorga noted that commercial cloud firms also have the resources to invest in enhanced security. “That’s their business,” Iorga said.

The cloud simply means storing data on someone else’s computer, and that there is the risk of “garbage in, garbage out” with the cloud if the data itself is jumbled or unprotected, according to Ayiotis. That’s why it’s imperative that records and privacy officers at agencies are able to effectively manage the data they do have, she said.

David De Vries, who took over as CIO of the Office of Personnel Management in August, said the government is still trapped in a system that forces many employees to use forms that were created in the 1960s and 1970s. Moving to the cloud and employing mobile applications, he said regretfully, hasn’t helped agencies get beyond that.

The key factors to focus on, he said, are twofold: the kinds of data are agencies storing and trying to protect, and where the data resides. The federal government could take lessons from the commercial world and apply it to data security and authentication, he suggested, noting that the insurance industry takes such matters seriously because fraudulent claims are financially crippling. “There have been pockets of success,” he said.

This content is made possible by FedTech. The editorial staff of Nextgov was not involved in its preparation.