How Agencies are Justifying Budget Growth in AI, Zero Trust

Agency leaders said embracing artificial intelligence and zero-trust architecture will be critical cybersecurity priorities in fiscal year 2025 budgets. The comments come as agencies are releasing AI strategies in light of the White House executive order directing them to prioritize ethical AI development while also balancing security and safety of those systems.

The Department of Homeland Security, which recently released its AI Roadmap, recognizes that AI tools are here to stay and wants to ensure those systems are safe for its employees to use.

“I think about it a lot — like using a search engine. Our employees are using Google, Bing or other tools that are not officially sanctioned all the time as part of their job,” said DHS CIO and Chief AI Officer Eric Hysen during ZScaler’s Public Sector Summit in Washington, D.C., last week. “We trust them to use those appropriately, and we’re applying a similar model with appropriate training and oversight to the use of generative AI.”

Gerald Caron, CIO at the International Trade Administration, said he’s applied the same thought process to zero trust. By understanding what users, administrators and executives needed, Caron said he was able to create smoother processes.

“It’s more of a modernization effort than a security effort, and looking at it like that made a difference,” Caron said at the summit. “Including those user requirements, it makes it a much smoother path because you understand how they want to work.”

After understanding what the workforce needs, Hysen acknowledged the importance of slowly testing new technologies in the field. Hysen referenced three pilot programs using AI to advance the DHS mission.

“We’re going to continue to see our employees looking to use the latest and greatest,” Hysen said. “Our responsibility as CIOs and CISOs and in the IT community is to figure out how to responsibly allow our employees to access the tools that they need to do their jobs.”

State Department CIO Kelly Fletcher said she initially viewed cybersecurity and user experience as two battling concepts. But after learning how some State employees working in areas of low bandwidth had been using risky private networks that can expose sensitive data, Fletcher began viewing both as a necessity.

“It is driving exactly the behavior we want to stop. As we modernize our network to get to a more zero trust posture, we are going to see improved user experience,” Fletcher said at the summit. “There’s going to be less clicking and waiting and increased security.”

The fear of personal networks being used to combat experiencing poor user experience is a common one across agencies. Hysen said he worries about the policies surrounding personal devices, networks and the influence they may have.

“One of the biggest fears that I have is our own IT and cybersecurity policies will drive our employees off to their personal devices. If we don’t make it as easy as possible to get your job done, we are incentivizing bad behavior,” Hysen said.

A challenge agencies face alike is how to budget for the tools as their use and need to secure them grow. Federal CISO and Deputy National Cyber Director Chris DeRusha cited a strategic approach to the budget proposal process.

“In 2022, we were looking at about $10 billion for federal civilian agencies in cyber funding requests, and we’re up to almost $13 [billion],” DeRusha said. “Here’s a 30% increase that we’ve been justifying over the past few years.”

One resource open to agencies is GSA’s Technology Modernization Fund, which despite a decrease in overall proposed funding proposed from President Joe Biden’s budget, plans to invest in AI-related modernization projects across government in its current call for proposals.

“Americans are frustrated that lots of our government systems are not working the way systems in the private sector do. … This is a really clever and important way to get targeted money to agencies where it ought to be and we’re going to keep doing that,” said TMF Acting Executive Director Jessie Posilkin.