Artificial intelligence offers almost unlimited potential to reshape traditional methods of achieving business and mission objectives. While many detractors will point to the potential threats that AI poses to privacy and security, another potential positive application of AI is rapidly gaining traction: Organizations can employ AI as a cybersecurity powerhouse.
Agencies can harness AI against adversaries through the same strengths AI brings to other applications. In its ability to analyze massive datasets, identify patterns and provide actionable insights, AI can identify and neutralize threats with astonishing speed and accuracy.
In particular, based on our experience at CGI, AI can be especially helpful in:
Continuous diagnostics and mitigation: Machine learning, for example, can increase the accuracy of fundamental cybersecurity concepts like asset and vulnerability management. As AI relies on continuously tuning machine learning algorithms to become more accurate over time, initial tests and trials might not produce the expected results. As the tools are trained through repetition and tuning, however, their understanding of the parameters within which they are working will sharpen, vastly increasing the accuracy and speed of analyzing and correlating massive datasets of software and vulnerability inventories.
Forensic analysis: Leveraging its ability to rapidly ingest and analyze large data sets, AI can potentially isolate the source or cause of a data breach quickly – often in minutes. Understanding the vulnerability that a cyber criminal exploited, and analyzing the exploit itself, enables teams to rapidly respond and remediate active threats, while also making the system that much less permeable. It also enables the organization to help others cover the same security hole proactively, by sharing forensic information through common machine learning models.
Finding risk vectors and vulnerabilities: Turning that same big data analysis capability to a preventative purpose, organizations can harness AI to identify vulnerabilities before adversaries do. Analyzing line after line of code looking for subtle weaknesses is painstaking work without AI. With it, organizations can find and mitigate software weaknesses quickly. This may be especially useful for custom solutions where support from vendors (and their suppliers) may not account for all of the possible vulnerabilities and breach points.
Upskilling for security
In order to turn AI to cybersecurity purposes effectively, cybersecurity leaders need to understand how it works, its limitations and why it is a good fit for some use cases and not others. For all the attention devoted to upskilling the workforce, it is important to not focus too tightly on the tools themselves.
Recognizing how to address a particular pain point with a given AI tool and/or model is perhaps the biggest obstacle to effective AI. Different kinds of AI tools and implementation models have strengths and weaknesses, and choosing the right approach for the task is a key decision. Once that is done, however, the people who adapt and tune the tool need to understand how it works, how to interact with it, and how to interpret and apply the outputs for maximum effect.
Cybersecurity of the future, available now
CGI Federal supports the security operations center at the Nuclear Regulatory Commission. We also support the Department of Homeland Security's Continuous Diagnostics and Mitigation Dynamic and Evolving Federal Enterprise Network Defense groups C (DEFEND C) and F (DEFEND F).
In response to the 2021 Executive Order on Improving the Nation’s Cybersecurity, I led an initiative to rapidly identify, evaluate and implement a set of industry-leading endpoint, detection and response (EDR) tools for the shared services platform, culminating in creating an integrated, fully managed EDR capability with real-time alert and incident response and remediation for the DEFEND F program. Today, through CGI’s Managed EDR offering, more than 25 federal agencies have benefited from increased CDM AWARE scoring, EO and OMB compliance, and, most importantly, have significantly strengthened their cyber posture as threats against the nation’s IT infrastructure continue to evolve.
More broadly, traditional EDR tools have rapidly pivoted to AI-powered extended detection and response (XDR) models that integrate endpoint, network and cloud technologies to enhance threat detection and response capabilities.
Already a powerful tool for threat detection, XDR becomes faster and stronger with AI—but only if the agency employees and contractors who use it know how best to interact with it.
From our work at NRC, DHS and other federal agencies, we know it is certain that cybercriminals and nation-state adversaries will harness the power of AI to hone their attacks. Their target organizations, within the federal government and elsewhere, are well-advised to do the same for defense. The technology is growing ever more powerful, opening a new phase of the ongoing cyber arms race.
For more on how CGI can help shore up your defenses, visit our cybersecurity and AI pages.
Back to top