I had the chance to attend an engaging discussion at today’s Cyber AI Breakfast focused on leveraging AI for better Cyber Defense, which couldn’t have been more timely given the recent Executive Order on Safe, Secure, and Trustworthy Artificial Intelligence. Each panelist brought a unique perspective to the table, tackling the complexities and potential of AI in cyber defense strategies. For those unable to attend, I have noted some of the key points and insights from the discussion.

Panelist Insights on AI and Cyber Defense

The collective insights from the panel painted a detailed picture of the current landscape and future trajectory of AI in cybersecurity. Here are some of the major themes and ideas that emerged from the engaging session from each panelist.

Mark Montgomery, Executive Director at CSC 2.0, shared his candid analysis of the recent AI Executive Order, highlighting its strengths and areas for improvement. Some of his key insights:

  • Who will cover the costs of these AI security measures?
  • Where is the implementation guidance?
  • And how will underfunded local agencies do it?

He also noted the need for a change in our security approach, proposing that we gear up to collaborate and contribute to the expansion of red teaming and advanced cyber solutions that surpass the fundamental NIST measures currently in place. He acknowledged the significant role that NIST plays in establishing standards but underscored our obligation to assist them in developing the enhanced standards.

Steven Hernandez, CISO of the U.S. Department of Education, highlighted businesses need to educate employees on spotting bias in Generative AI. He emphasized the need to adopt Zero Trust as a way to really plug AI into keeping our data safe. He’s also highlighted the need for CISOs to collaborate with data and AI experts to address the challenges associated with managing and securing vast quantities of data within log management systems.

Randy Soper, Chief of Artificial Intelligence at the Internal Revenue Service (IRS), painted a great picture of how AI is both a hero and a villain in cybersecurity. The solution? Let our defenses be as automatic as the attacks they’re fighting off. He’s big on making sure data scientists have the tools they need without causing a security nightmare or breaking role-based access to data.

Steve Faehl, Security CTO at Microsoft Federal, discussed Microsoft’s comprehensive integration of AI throughout its product suite, providing insights into the strategies employed by their internal red teams. He candidly discussed the challenges faced by clients, especially government agencies, in securely managing large volumes of security data in adherence to mandates such as OMB M-21-31. He also underscored the critical importance of diligent risk management during these AI advancements.

Key Themes & Takeaways

  1. Zero Trust: Everyone seems to agree that Zero Trust is the backbone of data security, and AI is the brain, helping us spot the good guys from the bad based on their digital behavior patterns.
  2. Red Teams and Shared Security Responsibility The big finish focused on the importance of red teams in staying a step ahead of security threats. They also drove home the point that we’re all in this together — securing AI is everyone’s job.
  3. Architecture Matters: Steve Faehl stressed that not all AI solutions are made or secured equally. This means it’s crucial to pick the right AI solution and really understand the risks involved and how you’re using it. Just because a vendor offers security doesn’t mean all your security needs are covered—security is a team effort and everyone has a part to play.
  4. Lessons Learned: Businesses need a crash course on AI risks and benefits, especially with all the free tools out there. LL suggests that businesses should speak up during public comment times, especially on topics like AI and FedRAMP. He’s also noted the tug-of-war between CISOs wanting strict security and CTOs wanting to have data available more broadly across organizations.

The panel wrapped up with some calls to action: let’s knock down the barriers holding teams back, be smart about how we build our AI, partner up across organizations and with domain experts to share experiences, and keep pushing the conversation on AI’s role in our digital defense. I found the entire discussion very insightful and appreciate all the insights shared.

How AIS Can Help with Complementary Cybersecurity Services

For those interested in discovering how AIS can support secure AI deployment and create use cases that align with your business goals in both private and public sectors, please feel free to contact us to learn more about our security and AI services.

For Microsoft customers utilizing more than 500 licenses on Azure or M365, eligibility for complimentary cybersecurity services through a Microsoft Security Partner may be available. As a certified Security Partner with Microsoft, AIS stands ready to provide these security services to qualifying organizations. These engagements are designed to assist security teams in assessing challenges, including risk assessment within Microsoft cloud environments and the implementation of advanced security controls and services. Fill out this brief funding form to start the process and see if you qualify.