A top Government Accountability Office (GAO) official said on Tuesday that the emergence of AI technology is helping to bring data security “to new heights” in the Federal government.
Jennifer Franks, the director of GAO’s Center for Enhanced Cybersecurity and a director in GAO’s Information Technology and Cybersecurity (ITC) team, explained that part of her role is to determine whether or not Federal agencies are properly assessing privacy-related AI risks.
“When we’re talking about integrating AI into all of our environments, there’s cybersecurity executive orders, and there’s [Office of Management and Budget] guidance, and there’s [National Institute of Standards and Technology] regulations and recommendations of what that really looks like,” Franks said during a May 7 event hosted by Nextgov/FCW and Route Fifty.
“AI is really wanting us to look at how we bring data security to new heights,” she added. “We want to look at capabilities of threat detection and prevention – and all of that is always important because managing the data is always at the center of why that’s important.”
For instance, Franks said that GAO is looking to utilize AI to flag whether or not something is an insider threat or an outside threat actor. She said it also wants to flag any threats that could be attacking the data, as well as block malicious addresses or vulnerabilities as they come in.
GAO wants to program continuous learning models that can look at how to properly secure data within its information systems and AI. However, with the algorithms that GAO is programming, Franks said that means Federal agencies will “have to learn what those anomalous behaviors look like.”
“So, we want to make sure that we have information and processes to continuously learn from. We want to have protective threat protection efforts and real-time monitoring and analysis,” Franks said. “All this can be done with AI, but it’s how we have to program the AI to be able to read through the analytics and the data through the network monitoring of the traffic so that we can pick up on all these types of behaviors.”
To wrap up her conversation, Franks encouraged Federal agencies to embrace AI technologies, but also warned them to “not be naive.”
“Yes, let’s embrace the technology. Yes, let’s take advantage of all the opportunities and the benefit that it can bring to our organizations, but not be naive about some of the mitigating risks that we’re going to have to consider as we bring in these different technologies,” she concluded.
