Public-Private Efforts Tackle Emerging Cybersecurity Threats

Federal and industry officials highlighted ways malicious actors are using artificial intelligence and what can be done to prevent them, they said at the GovCIO Media & Research CyberScape Summit Thursday.

According to Cynthia Kaiser, deputy assistant director at FBI’s Cyber Division, foreign adversaries including China and Russia are starting to experiment with AI in ways that threaten national security and that make fraud seem more realistic.

“Adversaries are using deep fakes to try to impersonate CEOs or other people in the company to try to then further be able to conduct certain fraudulent activities,” she said. “We see them seeking to use AI to try to obfuscate their activities more, and if they can hide more, it enables them to stay in a network longer. They learn more about a network, and it makes it harder to kick them off in the future.”

Thomas Schankweiler, director of cybersecurity operations at the Centers for Medicare and Medicaid Services, said there is great interest among external threat actors in the agency’s claims data.

“We’ve been working with our vendor communities for nearly 10 years and started talking about the idea of being able to find that needle in the haystack, being able to model data so we can start to see the anomaly detections,” said Schankweiler. “I’m happy to say that because we’ve been putting all those requirements out from our vendor communities, I think are well positioned to be ready for where we are with our AI community.”

Matt Berry, COO at HP Federal and who works with the FBI and other agencies, believes partnerships are extremely important.

“We’re partnered with FBI and a whole bunch of a bunch of people in things like the ICT supply chain risk management task force and other places where I think it’s incredibly important that we’re nudging each other, sharing best practices, helping shape policy,” said Berry.

Despite the threats, Kaiser said AI has more cybersecurity benefits, though it could change if we don’t protect intellectual property.

“One is a non-rule of law of the nation like the People’s Republic of China being able to actually steal our AI advances. We have great technology companies within the U.S. doing a lot of amazing development, and we want to keep it here,” said Kaiser. “We want to make sure that the people who develop that technology are able to continue to pursue that and so we’re focused on ensuring that we protect our American ingenuity from adversaries who want to profit off it and steal it.”

Scott Braus, director of cybersecurity operations at the Consumer Financial Protection Bureau (CFPB), said CISA’s Automated Indicator Sharing Program is a great example of a cybersecurity partnership in action.

“It’s a nice clean structure on how to share that data and then it also includes a transport mechanism for how you share that information out, how you can control it, who gets it,” he said. “If we can take that same kind of concept and apply that to these new tools so that you know whenever it is doing something, there’s something on the back end that’s reporting what it’s doing, who’s doing it, how it’s doing it and then our operation centers can be able to monitor and understand the concept of how does this affect the data that I’m trying to protect.”