Generative AI is Revolutionizing Federal Government Operations
By Darren Guccione, CEO and Co-Founder of Keeper Security
Generative Artificial Intelligence (GenAI) offers innovative applications that could help the federal government adapt to changing times. Some use cases are experimental, exploring new ideas, while others are already delivering positive results by enhancing human effort for difficult projects. GenAI also has the potential to streamline tedious, yet essential, tasks through automation.
Within federal agencies, pilot programs are testing how artificial intelligence that can generate content could modernize outdated processes. Some forward-thinking trials are hatching ambitious concepts by tapping into machine-learning capabilities. In some agencies, generative models have already been deployed to boost mission-critical initiatives that had become stagnant. However, one of GenAI’s most transformative uses may be automating repetitive tasks that can bog down workflows.
GenAI Enhancing Federal Operations
Within the federal government, GenAI is being utilized in various scenarios to enhance operations. It assists in deciphering complex regulatory frameworks that can be difficult to interpret. GenAI is also helping to reduce costs by optimizing processes and minimizing errors that can lead to inefficiencies. Another valuable application is retaining the knowledge of skilled civil servants approaching retirement by capturing their expertise in digital form.
For federal IT professionals, GenAI presents an opportunity to modernize outdated systems and bring emerging technologies into government operations. It represents an avenue for positive change – leveraging advanced AI to enhance efficiency and knowledge management across agencies.
Navigating Evolving Defense Cybersecurity Regulations
Regulatory frameworks in the federal sector continue to expand and evolve, making it crucial for agencies and contractors to remain up-to-date with the latest changes. This includes maintaining high levels of information security to maintain compliance with programs such as the Federal Risk and Authorization Management Program (FedRAMP), System and Organization Controls (SOC), the International Organization for Standardization (ISO), the Cybersecurity Maturity Model Certification (CMMC) and Defense Federal Acquisition Regulation Supplement (DFARS).
Recently, FedRAMP updated its guidance with new controls through NIST 800-53 Revision 5 (Rev.5), which requires cloud service providers selling to the federal government to enhance their cybersecurity practices even further. These rules present a complex landscape to navigate.
AI-Driven Compliance Assistants
A GenAI chatbot trained on regulatory frameworks can distill compliance requirements into easily digestible information. This can help users grasp the sometimes complex regulatory compliance language without needing to be experts, thus reducing the risk of non-compliance.
AI-driven compliance assistants make strategic recommendations regarding regulatory requirements, processes and practices, which help drive efficiencies. Cloud service providers in the federal marketplace would benefit from AI-driven compliance assistants as they must comply with regulatory frameworks to do business with the government.
Example: CMS Leveraging Large Language Models
The Centers for Medicare & Medicaid Services (CMS) illustrates how GenAI helps train new CMS staff in aligning and translating technical documentation from federal marketplaces with CMS accounting systems. This challenge proves daunting for new civil servants navigating the complex federal healthcare systems.
The Financial Management Systems Group / Division of Program and Data Management used a Large Language Model (LLM) to address several challenges: capturing legacy knowledge from a retiring workforce, maintaining operations during hiring freezes, training new recruits, and processing millions of claims to ensure Medicare recipients receive their benefits. Using Llama 2, Meta’s open-source LLM, the finance team obtains fast, precise information with context for the CMS consumer-facing front end.
GenAI Usage and Trust in the Government Sector
Microsoft’s Azure AI services, powered by OpenAI’s language models, now offer benefits for the U.S. government sector, indicating that AI systems will continue to streamline tasks and processes, like those faced by the CMS. In 2022, Microsoft announced plans to make Azure OpenAI Service available for U.S. government customers, bringing large language model capabilities to Azure Government cloud.
Additionally, OpenAI’s latest GPT-4 model has advanced capabilities that support its use in highly regulated environments. While many government agencies have already experimented with AI for smaller workloads, GPT-4’s enhanced performance on sensitive tasks with limited input/output data will be advantageous. GenAI capabilities can streamline numerous processes and repetitive tasks, allowing organizations to focus more on mission-critical operations.
Government technologists are exploring the use of large language models like GPT-4 to assist in drafting control language for various cybersecurity frameworks that ensure contractor compliance with standards. As a Governance, Risk and Compliance (GRC) tool, GenAI can help draft policies and interpret evolving compliance requirements. However, technology leaders and GRC staff still play crucial roles in testing, verifying and documenting the AI-assisted outputs.
Best Practices for AI Safety and Security
To ensure the safe and appropriate use of GenAI tools, agencies should implement stringent best practices for AI safety and security. Top references include the Executive Order on the Safe, Secure and Trustworthy Development and Use of Artificial Intelligence, and the NIST AI Risk Management Framework: AI RMF 100-1.
Conclusion
Government agencies are leveraging numerous use cases of GenAI technology, but only a few have scratched the surface of what’s possible. In this sector, organizations must exercise an extremely high level of caution and diligence when applying AI tools to ensure ethical and technically rigorous best practices for the safe and effective use of GenAI.
Hundreds of resources help organizations understand regulatory compliance frameworks. Zoya Schaller, CISSP, CGRC, Director of Cybersecurity Compliance at Keeper Security, used OpenAI to create a Cybersecurity Regulatory Compliance Advisor to answer questions about compliance with FedRAMP, SOC, ISO, CMMC and DFARS.
Implementing GenAI capabilities in a secure and strategic manner will be critical for long-term success and continued innovation. This will help U.S. government entities stay competitive, maintain a cutting-edge position with emerging technologies, and meet the stringent standards and practices required for the ethical and safe adoption of artificial intelligence.
While the potential benefits are substantial, the public sector’s adoption of GenAI must proceed with prudence and adherence to robust governance frameworks. Upholding the public trust through responsible AI oversight, as well as human oversight over critical processes, is paramount as these technologies are judiciously integrated into government operations.