High-Ranking Military Man holds a Briefing to a Team of Government Agents and Politicians, Shows Satellite Surveillance Footage.
Clark Anderson, Presidio Federal Security Solutions Architect, recently spoke as part of the GovernmentCIO AI National Security series, providing an industry perspective. His remarks covered the potential threats from artificial intelligence to information systems. He highlighted the coming threats to keeping data confidential (especially with legacy systems) and the relentless and well-funded attempts by hackers to infiltrate and access data. Integrity of communications can also be distorted to an adversary’s advantage with Deepfake tools. Not surprisingly, the same AI techniques used to penetrate government information systems can also be used to degrade and disrupt accessibility to mission critical systems.
Machine Learning is Maturing
The AI subset of machine learning for security is benefiting from heavy industry investment and is maturing rapidly. Machine learning can distill the few significant events in a sea of unimportant alerts by finding subtle patterns that would be missed using existing log analysis techniques. However, machine learning systems take some time to be configured to your specific environment. ML also needs vast data sets to learn from, and the set of log data available at individual agencies may not be large enough for ML to be effective. The recent Executive Order to expand the type and amount of data logs collected and sharing these logs with CISA to create a larger data set may improve this situation for federal customers. When discussing AI-based security tools, Clark acknowledged the issues that large and small government agencies have with budgets and staffing.
Planning Ahead is Possible
Machine Learning tools to defend the future federal network are seeing rapid maturity and new innovative approaches. While it is hard to plan for the types of threats AI brings given future unknowns, fundamental network redesign is needed to meet both today’s threats and the challenges of a future AI-enabled attack. Agencies need to transform their networks to create a harden environment by vastly shrinking the ability for an intruder to get in, move around, and get anything out. Planning for cloud adoption is an ideal time for this re-design and the tools to support this re-design are available today. If those steps are taken, as future AI threats emerge, agencies will be prepared with networks designed to adopt new AI capabilities that counter threats.
Changes to Make Now:
Embrace the principles of Zero Trust, Micro Segmentation, and limiting access to only what is required. Protect data by assuming all requests for access to anything is an intrusion attempt until proven wrong. And remove all passwords for users, admins, and software and require secured access. Eliminate ANY way for data to leave your cloud or prem without explicit permission.
Improve your code pipeline beginning with acquisition. Insist any software entering your environment has been designed with security baked in and know where it came from.
Realize your legacy applications may not adapt to newer security requirements. Plan for a tech refresh.
Plan and budget for future security costs. A typical federal budget for security is only 4% of the IT budget and that is not close to what is needed to protect from an AI future.
View other snippets from Clark’s remarks on our YouTube Channel:
Pure is redefining the storage experience and empowering innovators by simplifying how people consume and interact with data. Pure is delivering a modern data experience—empowering agencies to run their operations as a true, automated, storage as-a-service model seamlessly across all clouds
Subscribe
Support
Our team doesn’t disappear after delivery. Your federal workforce and systems will be supported with the right level of resourcing and thought leadership to take your systems into the future.
Execution
We leverage the knowledge and experience of our extensive partner ecosystem to create an environment of collaborative efficiency. The teaming process is agile, accountable and transparent. We work with clients to make sure that their entire chain of command is well-informed and educated. No surprises, only mission-driven delivery of innovation.
Solution
Our solutions leverage proven Knowledge Centers to repurpose relevant past experience for efficiency, but are then customized to match the moment and unique circumstances of an agency customer. We bring the right partners to the table to collaborate around architecture and design and then innovate beyond the challenge; often introducing next-level opportunities for automation, collaboration and commerce. Our solutions address those modernization challenges that require breadth, depth and a level of technical thought leadership that comes with a team that has worked both inside and outside government. We often work with agency customers as they are thinking through a problem and arm them with the tools and knowledge to articulate project scope, timing and budget.
Mission
We are wholly mission-focused, providing our government clients with broad and deep technical expertise and independent perspective on leading technology solutions. We take the time to deeply understand client challenges from the start – as well as their definitions of success. We guide them in harnessing advances in emerging technology while also looking ahead to anticipate future applications and opportunities that are entrepreneurial, ripe for automation.