In a series of panel discussions at the “Federal Innovation Series: Leading in the Era of AI” event, agency officials and technology experts from Microsoft touched on ways government agencies are harnessing AI to enhance mission support, ensure responsible innovation, and bolster cybersecurity. The event was presented by FedScoop and sponsored by Microsoft.

Candice Ling, senior vice president of Microsoft’s federal business, kicked off the conference with a call to action for government agencies to embark on a transformational journey through a process of co-innovation and collaboration to modernize government operations. Ling highlighted Microsoft’s commitment to responsible and ethical AI solutions to safeguard government systems. She stressed how the company’s principles for responsible AI — including accountability, inclusiveness, reliability, safety, fairness, transparency, and privacy and security — and Microsoft’s experience working with federal agencies can help agencies capitalize on AI to innovate faster and more effectively.

Eileen Vidrine, chief data and AI officer at the Department of Air Force, outlined the department’s goals to provide the necessary framework to “operationalize data and AI for decision advantage” and to be “AI-ready by 2025 and AI-competitive by 2027.” She also reiterated the importance of partnerships across the Air Force, the Defense Department, industry and academia to keep pace with AI’s potential.

Federal Reserve System Chief Innovation Officer Sunayna Tuteja spoke about the importance of problem-solving and the need for appropriate guardrails when designing AI solutions. She encouraged government leaders in the audience to understand but get comfortable with the risks of AI and embrace innovation’s inherent uncertainty. The public sector doesn’t spend enough time thinking about the risk of not doing something, she told the audience.

Chris DeRusha, Federal CISO at OMB, Ginny Badanes, senior director at Microsoft Democracy Forward, and Glen Johnson, chief technology officer at the Department of State, delved into AI’s role in revolutionizing government cybersecurity. AI dramatically expands the capacity of federal agencies to detect anomalies, analyze data, and automate responses to cyber threats, they said.

Pritha Mehra, CIO of the U.S. Postal Service, revealed how USPS is leveraging AI to provide “accurate predictions of where your package is, when it’s going to be delivered and within the exact time.” AI is also helping USPS to document and rewrite legacy code, automate customer calls concerning passport applications and increase its ability to detect fraud, she said.

Brian Abrahamson, associate laboratory director and chief digital officer at Pacific Northwest National Laboratory, urged attendees to educate themselves on the possibilities of AI. He emphasized the importance of pilot projects and shared examples of AI’s transformative applications.

Michael Pencina, chief data scientist at Duke Health and vice dean for data science at the Duke University School of Medicine, joined Jennifer Rostami, assistant commissioner at the General Services Administration’s Technology Transformation Services unit, to discuss the need for ground rules around AI. They underscored the importance of ensuring transparency, trustworthiness, and fairness in applying AI in government. Building trust through governance frameworks and developing blueprints for employees and partners are critical steps public sector leaders need to take, they said.

Also speaking at the event were Patricia O’Neill-Brown, senior advisor at the Defense Intelligence; Kimberly Sablon, principal director for trusted AI and autonomy at the Department of Defense; and James-Christian Blockwood, executive vice president at the Partnership for Public Service. Adding additional perspective from Microsoft were Corporate Vice President, U.S. Government Affairs Fred Humphries; Microsoft Federal General Manager Brian Keith; Director for AI Public Policy Danyelle Solomon; Federal Security CTO Steve Faehl; and Vice President Federal Civilian Heidi Kobylski.

The innovation summit came on the heels of a landmark executive order focused on artificial intelligence and new OMB guidance issued by the Biden administration earlier in the week.

Also noted during the event was a new research report, “Gauging the impact of Generative AI on Government,” released by FedScoop last month, which examined how federal agency leaders are preparing to adopt AI. Microsoft underwrote the report.

Learn more about how AI can support government services from Microsoft.

The post Government leaders share strategies for embracing AI at federal innovation summit appeared first on FedScoop.

A new report, “Gauging the impact of Generative AI on Government,” finds that three-fourths of agency leaders polled said that their agencies have already begun establishing teams to assess the impact of generative AI and are planning to implement initial applications in the coming months.

Based on a new survey of 200 prequalified government program and operations executives and IT and security officials, the report identified critical issues and concerns executives face as they consider the adoption of generative AI in their agencies.

The report, produced by Scoop News Group for FedScoop and underwritten by Microsoft, is among the first government surveys to assess the perceptions and plans of federal and civilian agency leaders following a series of White House initiatives to develop safeguards for the responsible use of AI. The U.S. government recently disclosed that more than 700 AI uses cases are underway at federal agencies, according to a database maintained by AI.gov.

The findings show that a majority of respondents are actively exploring the application of generative AI. An overwhelming 84% of respondents indicated that their agency leadership considers understanding the impact of generative AI as a critical or important priority level for agency operations. Significantly, 71% believe that the potential advantages of employing generative AI in their agency’s operations outweigh the perceived risks.

However, the survey also highlights several areas of hesitation that warrant attention. The top concerns related to the risks of using generative AI include a lack of controls to ensure ethical/responsible information generation, a lack of ability to verify/explain generated output and potential abuse/distortion of government-generated content in the public domain.

These are unquestionably valid concerns that agencies must confront head-on. Encouragingly, many agencies are already taking proactive steps to address these challenges, with a significant proportion (71%) having established enterprise-level teams or offices devoted to developing AI policies and resources—a testament to their commitment to effective AI governance.

Impact on agency functions

Regardless of concerns, generative AI is poised to significantly impact various agency functions and use cases. A significant portion of agencies (nearly half) are gearing up to explore generative AI’s potential within the next 12 months.

In particular, leaders are eyeing improvements in their business operations and workflows, with 38% expressing confidence that generative AI can enhance efficiency. Close to two-thirds of respondents said they believe generative AI was likely to give employees the ability to reduce the time required to complete work processes and free up time to produce more valuable work.

Another domain where generative AI is gaining traction is mission intelligence and execution. Over half of the respondents are either assessing or planning to evaluate its impact, with a similar percentage looking to implement AI to support mission activities. Confidence levels in generative AI’s ability to deliver value and cost savings in this realm are encouraging.

Interestingly, the survey underscores differing points of view about implementation priorities between business and IT executives. Roughly half of the agency business executives polled expect one or more generative AI applications will be rolled out in the next 6-12 months for data analytics, IT development/cybersecurity, and business operations. In contrast, roughly two-thirds of IT executives, presumably closer to implementation rhythms, see business operations getting new generative AI applications in the next 6-12 months, followed by case management cybersecurity use cases.

However, the findings suggest a deeper story about the need for training, according to Steve Faehl, federal security chief technology officer at Microsoft, after previewing the results. Half of all executives polled (and 64% of those at defense and intelligence agencies) cited a lack of employee training to use generative responsibly as a top concern but only 32% noted the need to develop employee training programs as a critical employee concern, suggesting a potential disconnect in how organizations view AI training.

“Effective training from industry could close one of the biggest risks identified by the U.S. government in support of responsible AI objectives and government employees,” he said. “Those who develop controls having an understanding of risk from their own use cases will create a fast path for controls for other use cases,” he said. As a best practice, “experimentation, planning, and policymaking should be iterative and progress hand-in-hand to inform policymakers of real-world versus perceived risks and benefits.”

Recommendations

As government agencies balance innovation and responsibility in serving the public’s interest, generative AI will require agency leaders to confront a new set of dynamics and begin recalibrating several strategic decisions in the near term, the study concludes. Among other conclusions from the findings, the study recommends agency executives prepare for a faster pace of change and establish flexible governance policies that can evolve as AI applications evolve. 

It also recommends facilitating environments for experimentation. By allowing a broad range of employees to experience generative AI’s potential, agencies stand to learn faster and address lingering worries about job security and satisfaction.

In addition to prioritizing use cases, the study recommends that agency leaders devote greater attention to training employees to use generative AI responsibly and capitalize on emerging resources, including NIST’s AI Risk Management Framework and resources assembled by the National AI Initiative.

Download “Gauging the Impact of Generative AI on Government” for the detailed findings.

This article was produced by Scoop News Group for FedScoop and sponsored by Microsoft.

The post Government gears up to embrace generative AI appeared first on FedScoop.

It’s a lot of data — and by law, all of it must be kept confidential and protected. That keeps Beau Houser, the bureau’s chief information security officer, and his team of roughly 100 security specialists and developers focused not only on daily security threats but also on many projects to modernize the security of the bureau’s complex IT infrastructure.

When Houser joined the Census Bureau in the fall of 2019, following security stints at the Department of Homeland Security, the Centers for Medicare & Medicaid Services, and the U.S. Small Business Administration, he recognized several challenges faced by many federal agencies that needed immediate attention.

Among other concerns, improving and enhancing visibility into the bureau’s IT environment was needed to strengthen the ability to detect and respond to cybersecurity threats. The bureau also faces burdens with managing a large number of servers supporting enterprise log management, which requires extensive maintenance and resources. Additionally, the bureau’s security practices were centered primarily around compliance, which had become increasingly ineffective at protecting against new and rapidly evolving cyber threats.

Focusing on the challenge

While the Census Bureau had been actively migrating many IT operations to the cloud, Houser determined that one critical area to address was the need to “implement a different approach to enterprise audit and log management.”

Part of that was driven by new agency mandates issued in an August 2021 White House memo (M-21-31) outlining steps to establish a more mature log management system to detect, investigate and remediate cyber threats on-premises and across increasingly distributed third-party services. Prompted partly by the SolarWinds malware incident, the memo also required agencies to prepare to share incident information with other federal agencies to help the government respond to incidents more quickly.

Another factor was what Houser described in a recent interview as “a big data problem” involving multiple terabytes of data per day. Storing and analyzing that data required maintaining and patching roughly 50 aging servers dedicated to the enterprise logging service. “You’ve got logs coming from tens of thousands of devices — simultaneously feeding logs into a centralized repository. And we saw how critical it is for us to get that right to quickly recognize and respond when something bad happens.”  

Transformative solution

Houser knew the bureau needed a cloud-native enterprise logging solution aligned with its ongoing cloud migration strategy. Specifically, he sought a solution that met several critical criteria: It had to be flexible and scalable to manage and aggregate the massive amounts of log data generated by the Census Bureau’s operations during peak periods. It had to provide comprehensive visibility across the bureau’s entire IT environment. It needed to lower operating costs and complexity. Lastly, Houser wanted a software-as-a-service solution that reduced his team’s maintenance activities to allow more time to hunt potential threats proactively.

After a careful evaluation, the Census Bureau transitioned from an on-prem logging service to a cloud-native enterprise logging analytics solution, delivered and maintained as a service by one of the leading federal cloud and enterprise providers.

Improved outcomes

The transition, once complete, started paying dividends almost immediately, according to Houser, by providing:

• Full integration – “From a log source standpoint, we’ve been able to aggregate all logs from the entire enterprise,” said Houser. That includes logs from on-prem devices, the bureau’s data center, and other cloud services. “So you’re talking about a cloud-to-cloud communication from that standpoint.”

• Wider visibility – The transition provided a broader window on security data not just for security operations staff but also for operations and maintenance personnel who need this information for troubleshooting errors and communication bottlenecks. The security problems captured in the log files “are expansive,” he said, so it’s important that “there’s a lot of experts dealing with those problems and reviewing the logs to figure out exactly what’s going on. We’ve been able to improve our collaboration pretty significantly.”

• Greater granularity – Adopting advanced cloud-native solutions increases zero-trust capabilities that “allow you to be very granular with [user] access. It’s helping tremendously,” said Houser.  “Before, if you could read something, you could copy it. Now what we’re seeing is broken down even further, where you can give someone read access and deny them access to copy it.”

Zero-trust implementation

That added granularity also helps the Census Bureau apply conditional or attribute-based access policies versus role-based ones. “More and more cloud service providers are beginning to build those capabilities into their cloud natively,” Houser explained.

“Once you’ve got your authentication and policy engine in the cloud, you can configure those policies to say, ‘You’ve got to have this login with multi-factor. You have to be on this specific device. And you have to be coming from this geographic location.’ So, you open up a whole new set of attributes that you can use for that login process. We’ve seen so many attacks where someone takes over an account, and then they run through a system. If you have the conditional access set up, the account alone won’t let you in.”

Another advantage of a cloud-based software-as-a-service that Houser’s team is now working to capitalize on is the ability to configure endpoint products centrally. “So if malware hits a laptop, we can configure the automation to say, ‘Automatically download the forensics package, automatically quarantine the box, automatically do this step, and that step.’  So, you can create logic related to the workflow that the analyst would typically do.”

Lessons learned

In addition to achieving greater security practices and lowering operating costs, Houser believes working with cloud-native solutions to support zero-trust will yield additional benefits.

“As we continue moving down this path, we’re going to be able to really improve the user experience,” on par with the experience consumers routinely encounter engaging with their bank. There’s a lot of flexibility with zero trust. It sounds rigid when you say zero trust, but it’s very flexible.”

Additionally, Houser sees a longer-term benefit in picking up the tempo of technology deployment.

“The vendors in this space are all very, very capable. But at the end of the day, our IT folks have to maintain whatever we set up.” The challenge organizations increasingly face is “there’s not enough IT expertise — and certainly not enough cyber expertise” to keep up with the pace of change.

Leveraging cloud-native software-as-a-service solutions helps address that and allows new capabilities to be implemented quickly. “We’re always seeing new functions and capabilities creep into the portals we use to access the data. Queries get more optimized, intelligence gets more streamlined and integrated, and you’re able to do more AI and machine learning type activities that allow your analysts to focus on higher-level analysis.”

This report was produced by Scoop News Group for FedScoop as part of a series on technology innovation in government, underwritten by Microsoft Federal.

The post How the U.S. Census Bureau leveraged cloud services to modernize security appeared first on FedScoop.