Let’s ditch the government’s ‘tech for tech’s sake’ approach

d3sign/Getty Images
COMMENTARY | Agency leaders need to consider key questions before rushing to adopt AI.
By now, we’ve all heard about how artificial intelligence will revolutionize the way the federal government operates. A quick scan of recent headlines shows how the government is applying AI in ways it has not done before. For example, the Food and Drug Administration has begun using AI to assist in research reviews while the Army is using a generative AI workspace to improve daily operations and the State of Wisconsin is applying AI to attract business investors to the state.
AI will undoubtedly improve efficiency and provide benefits to government workers and the citizens they serve. However, with the push to win the AI race and leverage the promises of AI and other emerging technologies, agency leaders must adopt a careful and mindful approach with an eye on security and productivity.
AI initiatives are promising, but they can also increase the government’s risk of cyber threats. Ensuring these initiatives and others like them support the human decision process and narrow the decision window should be one of the primary motivators.
Before jumping into new technology deployments with both feet, government leaders must first address the gap between what technology can do, and the capabilities and capacity of humans to make smart decisions based on the implementation of those technologies.
The first question leaders should ask before implementing new technology is, “What exists within my environment, and how are these assets behaving?” AI tools can help them answer these questions by giving them access to data on their attack surface, threats and perceived vulnerabilities much faster. But paradoxically, the risk of introducing new tools can also create greater confusion due to an overload of alerts and threat data.
Tech for tech’s sake is not enough. Rather than rushing to embrace the latest technology peaking in the hype cycle, leaders should not forget the often-neglected work of ensuring they have a platform that augments and assists the capacity of the teams of workers who need to make important decisions.
Technology must be aligned with the mission and needs of each agency and integrated into the environment where efficiencies and response time matter. For example, a state government office or small executive agency may need more decision support than a large federal agency within the Department of Homeland Security.
To most efficiently adopt and implement new technologies, agency leaders should consider four points before jumping in:
- Understand the organization’s mission and environment. Organizations cannot create an efficient response model if they don't know how many licenses of a given technology are deployed, if the technology is operating the way it should or what gaps exist within the organization’s growing attack surface. Agencies should be rushing toward automating functions that track what exists within their environments and when there might be misconfigured or misaligned relationships and behaviors between assets, all in real time. The mission of the organization cannot rely on manual processes.
- Figure out where redundancies are and eliminate them. Many environments have duplicative technologies or functions and have legacy contracts and models based on yesterday’s reality. After agencies undertake a thorough inventory of their operations, leaders must make the final decisions on where to eliminate redundancies. This new administration has ushered in a wave of vendor messaging around the term “efficiency.” But the reality is, if there are blind spots in an environment and assumptions made around deployment and duplicate functions without real insight, efficiency is not easily within reach.
- Ask, “So what?” Before the organization adopts the latest technology, leaders must be sure to ask, “So what?” How does it align with the mission and further the organization’s objectives? If the response is not satisfactory, leaders should rethink their plans.
- Stop enhancing a legacy model by “adding” new functionality to legacy systems. Keeping a vendor’s offering in an environment because of longstanding relationships and internal skill sets can do more harm than good. Agencies are suffering from a shortage of talent that also brings with it a reliance on legacy skillsets, which in turn leads to a tendency to enhance legacy models by repeatedly layering on new functionality to legacy contracts. This worked in the past, but the attack surface continues to grow at a rate beyond what we have seen even one year ago. In response, agencies need to embrace a model in which emerging technologies are elevated to meet emerging threats and a procurement process that is updated to treat cybersecurity not as an IT buy, but as an emergency response.
At the end of the day, we have to understand what efficiency means. A resilient, responsive and automated model can accelerate the objectives of an agency’s mission. Technology needs to serve the organization and empower decision-makers at all levels.
Agencies may be able to see what is in their environments. What’s even more important, though, is being able to understand if their operating environments are behaving the way they should or if there are vulnerabilities and misalignments with their ultimate goals.
Spending taxpayer dollars on technologies that make a difference is crucial, but buying technology for technology's sake is not only inefficient — it is wasteful.
Tom Guarente is vice president of external and government affairs at cybersecurity firm Armis.
NEXT STORY: Streamlining the Path to FedRAMP High