How agencies can balance AI’s potential and risks for cyber attacks

Cybersecurity remains a top priority for state and local leaders, and technology like artificial intelligence has emerged as one tool in governments’ arsenals to thwart cyber attacks. But leaders must find a balance between AI’s potential and its risks in order to effectively use the technology, speakers said at the Engage Public Sector Summit hosted by GovExec, Carahsoft and Check Point last week in Washington, D.C. 

Bad actors have increasingly targeted critical government functions from elections to public transit systems and schools. The growing threat landscape presents government leaders with the opportunity to explore innovative solutions like AI to combat cyber attacks, Keith Hartung, chief security officer at the Pennsylvania Treasury Department, said.

“AI and security are a natural fit … because we’ve been leveraging [them] for years,” said Hartung. While generative AI is a newer concept to tech and cyber leaders, “deep learning and machine learning that [AI] is built on are the same baseline technologies that we’ve used to analyze emails and sort the logs in our SIM tools for forever,” he said. 

Now, tech staff can do more and do it faster because AI has become more advanced, Hartung said. As an example, he explained that the Pennsylvania Treasury Department has 360 employees, but only three of them — including Hartung — make up the agency’s security team. 

That’s where AI in cybersecurity has functioned as a “force enabler” for the trio in charge of managing the approximately $120 billion that flows through the Treasury Department annually, Hartung said. Without AI, the team would not be able to keep up with sorting the thousands of log files that they need to stay on top of in order to monitor and address cyber threats. 

The team also leans on an AI model to predict cyber threats because the system can scour social media, dark web sources or public websites to alert staff of potential vulnerabilities that could be exploited by bad actors, Hartung said. Such insights enable the security team to “create a beautiful little report that I can hand off to my [chief information officer] and say, ‘This is a threat we saw, this is the action we’ve taken and this is what we think we may have mitigated proactively.’ Talk about a win,” he said. 

But keeping a human in the loop when implementing AI tools, particularly when it comes to generative AI solutions that recommend action steps to users, remains “super critical for all of us,” he said. “I don’t want people in my agency to think of it as artificial intelligence. I tell them every day, ‘Stop thinking in that term, think of it as augmented intelligence. [AI] is not there to replace, it is there to make you better.’”

Indeed, government agencies should break down how they want to implement AI in cybersecurity to mitigate concerns about the tech’s impact on critical operations and infrastructure, said Glen Deskin, head of engineering and cybersecurity evangelist at Check Point Software Technologies. 

Many people are hesitant to explore AI cybersecurity options in the first place because they haven’t taken time to determine which tasks they want an AI tool to assume and which ones can remain under human responsibility, he explained. For example, agencies can configure an AI solution to help analyze data without progressing to making automated decisions or actions that a human with cyber expertise and experience is better suited to do. 

“The big thing is not the technology, it’s actually the people that will run these technologies,” said Suneel Cherukuri, chief information security officer for the District of Columbia. 

An agentic security operations center, for example, could help governments field cyber threats by leveraging agents to triage and address attacks, he said. Such tools can not only streamline the process of identifying a cyber attack, they can provide educational resources for staff to further beef up agencies’ cybersecurity. 

For instance, agency leaders can take data insights from an SOC to curate training resources that “I can take back to my school districts and university partnerships to say, ‘Here is how we can train our kids [for] real scenarios,” Cherukuri explained. 

Indeed, SOCs are gaining traction as a way for state and local governments to partner with nearby educational institutions to build a cyber talent pipeline. Louisiana State University, for example, offers an SOC program that trains students on how to protect institutions across the state from cyber threats while also building a workforce capable of dealing with today’s evolving threat landscape.