Clearing roadblocks to AI-enabled cybersecurity: the President’s 2021 Cybersecurity Order and AI Innovation

A path to cybersecurity innovation in government

The US government faces a rapid expansion of cybersecurity threats, in terms of both scale and complexity. In fiscal year 2020, US government agencies recorded more than 30,000 cyber incidents, an 8% increase from 2019.¹ Several specific cybersecurity intrusions reinforce the seriousness of this challenge. The December 2020 SolarWinds hack² led to network breaches at several US government agencies, and the log4j vulnerability discovered in December 2021 may already have been exploited hundreds of thousands of times.³

Because of this growing problem, demand for cybersecurity professionals has increased and will likely remain elevated. According to the US Bureau of Labor Statistics, the number of employed information security analysts will grow 33% over the next decade, roughly four times faster than the labor market as a whole.⁴ With such high demand, US government agencies may struggle to fill positions, increasing the burden on already overworked cybersecurity professionals.

Due to ever-evolving, sophisticated cyberattacks orchestrated by nonstate and rogue state threat actors, and a widening gap between the demand for and supply of information security analysts, the need for cybersecurity innovation within the federal government is immediate and ongoing. 

Artificial intelligence (AI) is critical in achieving this innovation. However, before government agencies can begin to fully leverage AI in cybersecurity, three constraints should be addressed. Until now, AI deployment for cybersecurity in the federal government has been stymied by inadequate data access, cumbersome on-premises infrastructure requirements, and limited workforce capabilities. Fortunately, the White House’s May 2021 Executive Order 14028 (EO14028), “Improving the Nation’s Cybersecurity,” may help address these constraints, enabling a new age of cybersecurity in the federal government. 

Although the cybersecurity EO does not explicitly outline or require AI’s future deployment within federal agencies, its requirements do open a path forward. Section 3, “Modernizing Federal Government Cybersecurity,” paves the way for agencies to overcome current roadblocks and broaden AI’s deployment in the cybersecurity domain. Specifically, Section 3(a) calls for: 

• Centralizing and streamlining data access
• Accelerating movement to secure cloud services
• Investing in personnel (and technology) to meet modernization goals 

Once agencies adapt to the parameters outlined in the Executive Order, their cybersecurity programs can be poised to facilitate the deployment of AI-enabled workflows. Removing hurdles and harnessing AI can help improve the underlying infrastructure, allowing mission cybersecurity workforces to be more efficient, reduce burnout, and pivot agencies’ cybersecurity postures from reactive to proactive. 

Endnotes

1. The White House, Federal Information Security Modernization Act of 2014 Annual Report to Congress: Fiscal Year 2020, 2020.

2. Lily Hay Newman, “A year after the SolarWinds hack, supply chain threats still loom,” Wired, December 8, 2021.

3. Danny Palmer, “Log4j flaw: Attackers are making thousands of attempts to exploit this severe vulnerability,” ZDNet, December 13, 2021.

4. Bureau of Labor Statistics, US Department of Labor, Information Security Analysts, Occupational Outlook Handbook, last modified April 18, 2022.

Get in touch