North Carolina’s cybersecurity office is taking it slow on AI
Artificial intelligence holds promise for cybersecurity, but at the state and local government levels, organizations should be measured in incorporating it into their operations, North Carolina’s top cybersecurity official said Wednesday.
Speaking during a Scoop News Group AI Week event, Maria Thompson, the state’s chief risk officer, said her office uses some machine learning technologies to sift through the data that local governments send her way, but that there are still some reasons not to fully embrace the technology.
“Introducing new technologies, especially something as forward leaning as AI, you have to take the time to tune it,” she said. “Consider it a new employee. To bring that employee into your organization you have to bring them in and sit them down. If you’re not willing to put in the work and make them understand, you’re going to have a lot of noise.”
Thompson added that such caution applies especially for less-mature government organizations, which should “dip [their] toe in the water” of emerging technologies before diving in. Still, she said, there’s room for AI to help states ratchet up their defenses.
“When it comes to AI and cybersecurity, we’re behind,” she said. “We need solutions that can give us a more proactive stance. AI can take the heavy lifting off our analysts and allow them to respond to an event faster.”
During the pandemic, North Carolina, like many other states, has made heavy investments in AI technologies, like chatbots and virtual help desks, though they’ve been targeted more toward programs like unemployment insurance and vaccination delivery.
But the North Carolina Department of Information Technology’s machine-learning assets are helpful to repel and respond to cyber incidents, especially as the state forges closer partnerships with its local governments. Thompson oversees the North Carolina Information Sharing and Analysis Center, which shares advisories and intelligence with local governments that in turn report incidents and indicators of compromise.
“You think about the amount of data we need to parse through to find that needle in the haystack of the anomalous activity,” said Thompson, who’s advocated for a “whole-of-state” cybersecurity strategy.
Making the leap to more robust, true AI, though, is also a matter of resources, she said.
“We want to reap the benefits, but we also have competing priorities,” she said. “I say that to say we really want to focus heavily on being innovative, but we know we have a resource issue we have to manage.”
When the resources and maturity levels are right, though, she said AI could have dramatic effects.
“The work we’re doing with local government, we have all this data coming in,” she said. “We’re giving them tools and capabilities that will allow us to have more visibility into their organizations. That data’s coming fast and furious, and I look at AI as that game-changer that’s able to normalize that data so we can make actionable decisions and be a little more proactive.”