While artificial intelligence is becoming indispensable to proactive cyber defense strategies, federal cyber leaders warned on Sept. 4 that agencies must pair AI-driven detection with strong response planning and resilience measures to withstand inevitable cyberattacks.
Speaking at a GDIT event in Washington, officials from the Central Intelligence Agency (CIA) and Cybersecurity and Infrastructure Security Agency (CISA) said AI is already helping agencies move beyond compliance-driven security by spotting anomalies faster, accelerating response times, and guiding decisions in real time.
“I really think there is a lot of opportunity as we gather more telemetry data, more metrics, to be able to leverage AI to identify anomalies much more quickly, to be able to react to those threats in a much more proactive way,” said Daniel Richard, associate deputy director of digital innovation at the CIA.
“But I think that is required, because I think we are seeing the time between the release of the zero bit exploit to actually being exploited – that window is shrinking significantly,” he continued. “So, AI for us, I think isn’t something that’s sort of a nice to have, to dabble with …I think you have to go all in because the threat is rapidly standing in this place.”
Part of that preparedness includes having a response team at the ready to understand AI-discovered threat indicators, Richards explained, saying that the human in the loop must understand what was found and how to respond to that specific threat.
“You are going to get hit, you are going to be sort of a target from these adversaries, so I think it is prudent for you to have an incident response team, incident response plan, who the incident commander is, and to have that muscle memory on how you’re going to react to that and how you’re going to act in a degraded environment,” said Richards.
Chris Butera, acting deputy executive assistant director for cyber at CISA, echoed similar sentiments, saying that while there has been progress in threat detection, more work is needed in resiliency.
“We do a lot of work in prevention, we want to have people start thinking more about resilience,” said Butera.
Specifically, that means running exercises that test how systems can continue to run without access to the internet or other critical mission systems,” Butera explained.
“You should be assuming that your organization will get hit, and how can you actually respond when you get hit and recover from an incident,” he said.
Improvements can also be made to the way that agencies prevent cyber threats, Richards added, saying that while cybersecurity is a team sport across various departments within an organization, it should also include those outside of an agency or organization.
“You know, we have the benefit of gathering a lot of this threat information and intelligence and being able to sift through that and see that in terms of how to rack and stack your threat levels,” said Richards, adding that he also thinks “we need to work more closely with our private sector partners.”