Feds Tackle the Soft Side of AI, Zero Trust Tech Priorities

Successful implementation of artificial intelligence and zero trust developments within an organization is heavily contingent upon leadership and organizational culture, said National Institutes of Health (NIH) and Veterans Health Administration (VHA) leaders during a FedInsider webinar last week.

Jothi Dugar, CISO for NIH’s Center for Information Technology, said the cultural fabric of an organization deeply impacts the adoption of zero-trust principles and AI.

“There is a term in cyber where humans are looked upon as the weakest link, but we really wanted to change that mindset and bring our people the skills, education and awareness that they need to feel empowered,” Dugar said. “We started a whole cyber champion program within NIH, where we built in security into everyone’s roles. We had to make sure that all our doctors, clinicians, nurses and law enforcement understood the role in cybersecurity and zero trust.”

VHA Deputy CTO Joseph Ronzio pointed out that changing an organization’s culture takes time and cultural shifts do not occur overnight. It’s critical to build a sense of understanding between workers’ roles and the ability to take strides in enhancing an organization’s framework, he said.

To embrace zero trust and generative AI within an agency’s culture, leaders introduced change management campaigns and their ability to help people understand how new frameworks will impact mission.

“No matter what you do, it will be difficult to quickly get culture to change, so as you are moving forward, you must give those workers that psychological safety that they understand that nothing is going to truly change their job, their goals and the mission of the organization,” Ronzio said. “What you will do is implement a technology tool that will aid them in doing the job better with higher reliability at a higher safeguard for safety.”

“As we are trying to build a culture of change, we can’t just talk about security to stakeholder groups, we have to go in with the language that resonates with them and explain the cost of not having security and how that may impact them,” Dugar added. “I had to paint pictures for them in the language that they understand.”

As more organizations begin to use generative AI and expand zero-trust frameworks, NIH and VHA leaders are also implementing a more communicative approach as they move forward, sharing success stories and failures for other institutions to learn from their mistakes.

“We have mishap reporting, and I’ve always found it amazing how people don’t want to share their bad experiences,” Ronzio said. “The more knowledge sharing we can have within, or even between, organizations and industry, I think we can all collectively do well together. I’m the first person who will say, ‘Write it up and let us share it out there.’”

Organizations can promote a culture of curiosity, learning and risk-taking when integrating AI solutions in a zero-trust environment by finding a balance between transparency and empowerment from leadership and educating their workforce.

“Any new technology, tool or mandate that comes down the pipeline adds a sense of anxiety and fear, so we must start with a holistic and integrative approach, creating a champion-type environment within your workforce,” Dugar said. “Utilize your change management procedures, empower your people, give them the space to be innovative and creative yet secure.”