Government agencies are increasingly overwhelmed by growing cyber threats from domestic and foreign actors. To defend against these evolving tactics and address the increase in vulnerabilities (including zero days), officials are now turning to predictive artificial intelligence (AI) and behavioral analytics for user intelligence.
Defense Information Systems Agency (DISA) Chief Technology Officer Stephen Wallace underscored predictive AI as a crucial emerging technology to bolster the government’s cyber defenses at the 2024 Rubrik Public Sector Summit. He pointed out that while generative AI plays a vital role, its predictive counterpart will have greater significance as it deals with a broader range of data, indicating attacks and future trends. For this reason, I believe government agencies must efficiently enhance the resiliency of their IT systems by deploying predictive AI and behavioral analytics. These two technologies can help predict and detect the attack methods adversaries might use and for government user intelligence.
The Threat of Zero-Day Vulnerabilities to Government Agencies
According to the most recent data, the discovery of zero-day vulnerabilities reached a record high in 2023, surpassing the total number of vulnerabilities from the previous year by over 50%. Furthermore, most of the frequently exploited vulnerabilities in 2023 were zero-day exploits. This represents an uptick from the trend observed in 2022.
As such, the threats posed by zero-day vulnerabilities are enormous, especially for government agencies, given the vast amount of sensitive data they generate. These unknown and unpatched network weaknesses can enable hackers to gain access to government networks and wreak havoc in the process.
Government agencies can open themselves up to exploitation through the unexpected and rapid nature of zero-day exploits and the very nature of government work, where the data shared may be extremely sensitive. Previous cyberattacks, such as the Stuxnet virus, showed how disastrous the outcomes can be when government agencies fail to patch zero-day vulnerabilities. The increasing prevalence and sophistication of zero-day exploits, along with a lucrative exploit market, amplify the risks. I believe this situation requires government agencies to develop robust and adaptive cyber resilience strategies that include predictive AI and behavioral analytics for user intelligence.
Creating a Strategy for an AI- and Analytics-Driven Cyber Resilient Government
Implementing any new emerging technology within government cybersecurity operations requires thoughtful preparation. To start, agency leaders must have a thorough understanding of the challenges they would like predictive AI and behavioral analytics for user intelligence to solve. By asking themselves why these emerging technologies will be used and how exactly they will benefit their agency, they can work to incorporate predictive AI and behavioral analytics into their overall cyber resilience strategy.
Predictive AI offers substantial benefits to agencies; however, users must be aware of its limitations. By understanding the potential and the limitations of predictive AI, government agencies can avoid unrealistic expectations and avoid creating a false sense of security. Furthermore, agencies should identify potential error-prone areas early on and prior to adoption.
To ensure continuous security measures in their operations, agencies must engage in rigorous and effective testing. This process will help define and monitor safe operating parameters, ultimately contributing to the successful and secure integration of predictive AI and behavioral analytics.
Integrating Predictive AI With Behavioral Analytics to Tackle Zero-Day Exploits
To tackle the increase in zero-day exploits, a multi-faceted approach to predictive AI and behavioral analytics adoption in government must be considered. This approach should include continuous monitoring of data access to identify network abnormalities or unauthorized access.
To successfully deploy predictive AI and behavioral analytics within government operations, agencies must keep in mind that these emerging technologies complement human cybersecurity skill sets rather than compete with them. Tasks that require an exorbitant amount of human labor and can easily be automated are best delegated to predictive AI. For instance, predictive AI can be used to analyze extensive data sets, such as content files and high-speed network traffic. By distilling this data, it reduces the workload for analysts, allowing them to concentrate on more critical cybersecurity responsibilities that enhance the protection of government networks and address zero-day vulnerabilities.
Once predictive AI flags malicious activity on a government agency’s network, a human analyst can provide the context needed to verify whether this suspicious activity is legitimate or requires further inspection. In an ideal situation, this would inform a feedback loop to continuously retrain predictive AI models and help improve their performance.
Furthermore, adopting an “assume breach” approach together with predictive AI and behavioral analytics can enable government agencies to build cyber resilience that aligns with the Cybersecurity and Infrastructure Security Agency’s (CISA) Cyber Resilience Review (CRR). By doing this, government agencies can enhance their abilities to recover and maintain operations after a cyberattack. This principle applies perfectly within the context of predictive AI and government functions because of the increasing sophistication of cyber threats. This approach inherently assumes that systems could already be breached. It encourages government agencies to prepare for attacks, enhancing their resilience. Furthermore, this approach helps them adapt to post-breach detections, ultimately strengthening their systems to face the evolving landscape of cyber threats.
The Critical Role of Predictive AI and Behavioral Analytics in Government Compliance Frameworks
Some government agencies that fall victim to cyberattacks may have been compliant. However, in the current threat landscape, compliance must be exceeded. One of the fundamental challenges with compliance requirements is that they artificially set the ceiling for most government agencies, though these should really be a baseline for agencies to continuously improve upon.
Predictive AI is uniquely positioned to assist as part of a broader cyber resilience strategy. Rapid threat detection, incident response, and triage, enabled by predictive AI and behavioral analytics, will enhance agencies’ cyber resilience. By doing this, these agencies can best align with CISA’s CRR and ensure compliance with requirements that evolve faster than most agencies can keep pace with.
One critical framework, the National Institute of Standards and Technology’s (NIST) Cybersecurity Framework (CSF) 2.0, highlights the importance of data integrity regarding data backups and the importance of sustained testing. By leveraging predictive AI to prioritize data recovery efforts, agencies will enhance their preparedness against dynamic, sophisticated threat actors as part of their government cyber resilience strategies.
Propelling Government Towards Zero Trust Using Predictive AI and Behavioral Analytics
Implementing CISA’s Zero Trust Maturity Model fortified with predictive AI and behavioral analytics will be imperative for government agencies in 2025 and beyond. Rolling out zero-trust architectures (ZTAs) remains crucial for agencies due to the increasing complexity and volume of data they produce. The principle of Zero Trust assumes that threats, both internal and external, are omnipresent. Zero Trust emphasizes rigorous identity verification, strict access controls, and continuous monitoring of all devices and users within an agency’s IT network. This approach is foundational for securing sensitive government data and maintaining operational integrity.
The vast amounts of data produced by government agencies require sophisticated tools for real-time monitoring and analysis. Predictive AI and behavioral analytics are crucial in this context, as they can sift through large datasets to recognize and understand typical behavioral patterns.
Moreover, the ongoing network surveillance of unusual behavior patterns through predictive AI and automation adds extra layers of data security by delivering immediate alerts to security teams when a breach is detected or underway. This automation guarantees thorough visibility into the agency’s IT infrastructure, which is essential for preventing and addressing cyber threats. For example, predictive AI and behavioral analytics can spot early signs of mass encryption within government networks and alert personnel to potential ransomware attacks.
Countering Future AI Exploitation by Cyber Adversaries
The stark reality is that cyber adversaries have few limitations when it comes to exploiting emerging technologies like AI. Cyber defenders have all the limitations: complex acquisition, too compliance-focused, slow to adapt, limited authorities or access to the systems they are defending, and siloed teams due to contracts and outsourcing. These blind spots and grey areas are where cyber threats have evolved and prefer to live to achieve their objectives.
Simply put, they have a significant upper hand for the foreseeable future.
In the future, I believe government agencies must prioritize AI, including predictive AI, to improve analytics and investments so that they can survive and recover from cyberattacks. These strategies and cybersecurity measures must be seen as transformational catalysts for government cybersecurity necessary for building cyber resilience and predicting threats before disaster strikes, ensuring all government data remains secure and properly managed in 2025.
