The head of the National Security Agency’s (NSA) data science and artificial intelligence (AI) efforts said that government agencies should consider how to apply AI to cybersecurity operations but warned that they also need to heavily focus on how adversaries will leverage the emerging tool against them.
“We really have to think about where we are to apply different AI to the entire lifecycle and business cycle for our cybersecurity operations,” NSA’s Chief Data Scientist for Operations Vinh Nguyen said on Sept. 6 at the Billington Cybersecurity Summit.
“But we really also have to watch what our adversaries are doing as well,” he said. “Because they are going to think how are they going to apply [AI] to scale a cyber kill chain.”
“If our adversaries were to understand that they can apply AI to power up social engineering, do better command and control, do better malware, building better tradecraft – then those will gain power and those will crush you,” he warned.
Nguyen continued, adding, “You need to be strategic on how you want to implement, and what problems you’re trying to solve, but at the same time prepare for the future and what the adversaries are using against you as well.”
The NSA AI lead said that agencies need to first identify areas that make up the “main choke points” in their business processes. That’s where AI should be applied – rather than generally applying the tool to malware analysis, Nguyen cited as an example.
“I think a lot of people want to have the AI to solve your cybersecurity problems, but to be honest, it’s going to be really hard,” he said. “You really have to go back to the business processes [and] identify where your main choke points are.”
Nguyen explained that using AI and automation to solve the main choke points will free up a lot of people to further the mission objectives.
A big piece of this equation, Nguyen said, is the people involved.
“I would recommend everyone to also invest in people as well. And upskilling their people, because I think a lot of time, we assume that our cyber analysts know how to do data science, and that’s false,” he said.
“If you want to invest in your data scientists, hiring people, hiring skills, because if you have a lot of data and don’t know how to extract insight, it’s just going to come with cost and risk as well,” he continued, adding, “Think how to do your data management, but also how to hire the talent so that they can extract insights from data using statistical machine learning or AI.”