How IBM blends AI and cyber for its federal clients

The interior of IBM's X-Force Cyber Range in Washington, D.C.

The interior of IBM's X-Force Cyber Range in Washington, D.C. Courtesy of IBM.

Artificial intelligence is one of the main priorities of Big Blue's corporate strategy and cybersecurity is a critical part of that.

IBM turns 113 years old this year and as one of the world's oldest and largest technology companies, its innovation agenda has evolved with the trends and changes in the client demand landscape.

Which means artificial intelligence leads IBM's agenda today for its own enterprise and in its work with clients. AI is also the focal point of what IBM's chief executive Arvind Krishna talks about in public speaking engagements.

How IBM carries the AI conversation and collaboration with public sector clients is not that different from how that happens in the rest of the company, including with respect to cyber.

"You can pick any of the corporate functions, we're applying all of that," said Susan Wedge, managing partner for U.S. public sector and federal at IBM Consulting. "We're taking those lessons learned and applying them to both our government and our commercial clients."

Mark Johnson, vice president of defense and intelligence for IBM's federal technology practice, said that client-facing efforts involve starting with the intended mission outcome and working from there.

Johnson cited Big Blue's work with the Veterans Affairs Department on using AI to shorten the time it takes to process veterans' claims, which is no small feat given the nature of those systems.

IBM is also helping the Federal Emergency Management Agency handle information on certain aspects of disaster relief. Then of course, there is how the company implements AI tools for the Defense Department and the national security implications that go with it.

"Getting the mission operators plugged in understanding the AI and part of the governance model is critically important," Johnson told me in the joint interview alongside Wedge. "We take large language models and other foundational models that have been-pre trained and then customize them to the specific use cases."

Discussions around governance and guardrails on AI have been equal to those regarding implementation and use, especially with respect to the generative tools Johnson alluded to.

The typically slow rate of emerging technology adoption across government is always an item everyone involved wants to reverse. But generative AI appears to be one of those unique cases where the public sector ecosystem largely wants to go slow so everyone can have trust in the tech.

Wedge said that concept comes into play in claims management and the need to automate case reviews, given the large volumes of data that entails.

"You've got to have some level of confidence in how the content was generated and the models that are being used underneath the technology, so that you have some level of confidence in the output," Wedge said.

Cyber is a second major area where again, the need to manage large swaths of data and trust how it all works with AI goes hand-in-hand. In one example with an unnamed agency, Johnson said IBM is helping pilot a tool to help analysts pull in data and procedures for when an incident happens.

The tool would also let analysts ask questions and get back what Johnson called a "plain English answer" that points to other reference materials.

But everyone involved found out that the analysts needed different skill sets for the job at hand, Johnson said. Now part of the effort also involves writing new requirements for the next team of analysts.

"It's a pure cyber kind of thing into an HR kind of thing that flowed back and forth," Johnson said.

One of IBM's tangible offerings that looks to fuse AI with computer network defense is its X-Force Cyber Range in Washington, D.C.

The range includes new custom training exercises designed to help federal agencies, their industry partners and critical infrastructure organizations more effectively respond to persistent and disruptive cyberattacks, plus threats posed by AI.

AI is also both a means by which attackers seek to do damage, including via code poisoning, and for agencies and their partners to use in the mitigation and detection efforts.

Alice Fakir, partner and head of federal cybersecurity services for IBM Consulting, described the nexus of AI and cyber as an area where industry and clients alike have to be very controlled about the data that goes into the large language models that fuel generative AI tools.

Where the X-Force range enters the equation is to help security operators and their leaders create more muscle memory for detecting the attacks and also try out how different enterprise tools work with one another.

Fakir said that in many instances, large amounts of noise get created and analysts have to spend much of their time figuring out how to reduce that noise.

"(Our range is) really going to accelerate advancement of better defenses because we're out ahead of it. We're taking less time to analyze the problem, we're reducing the mean time to detect a threat, we're able to enable actionable responses for what to do during an incident through the use of generative AI."

(EDITOR'S NOTE: This article has been updated to clarify the nature of the IBM-Veterans Affairs Department AI project)