Combating the Rise of Federally Aimed Malicious Intent

Tony Holmes, Practice Lead, Practice Lead for Solutions Architects in the Public Sector, Pluralsight

November 15, 2024

4 Min Read

Source: Stuart Miles via Alamy Stock Photo

COMMENTARY

The public sector is facing a security crisis. The acceleration of deepfake videos, AI-generated threats, and nation-state cyberattacks has put the federal government under increasing pressure to protect its employees, agencies, and the general public. Last year, the FBI, the National Security Agency (NSA), and the Cybersecurity and Infrastructure Security Agency (CISA) released details on the “growing challenge” that deepfake threats present to a range of federal agencies.

According to the three groups, “threats from synthetic media such as deepfakes have exponentially increased — presenting a growing challenge for users of modern technology and communications.” In addition to national critical infrastructure owners and operators, these users include the National Security Systems, the Department of Defense, and the Defense Industrial Base.

What’s more, in 2023, the NSA reported that deepfake threats pose “a new set of challenges to national security.” According to the NSA, “organizations and their employees need to learn to recognize deepfake tradecraft and techniques and have a plan in place to respond and minimize impact if they come under attack.”

Effectively managing the combination of cyber threats, misinformation, and disinformation requires coordination across federal agencies. The workforce within these agencies must possess the most up-to-date cybersecurity skills possible. Agencies can position themselves to future-proof cybersecurity strategies and maintain an advantage against threats by training teams on how to outmaneuver malicious actors. Regularly practicing simulated cyberattacks and leveraging predetermined incident response plans to mitigate breaches is crucial.

**The Public Sector’s Cyber-AI Skills Gap **

Against the backdrop of this intricate threat landscape, federal agencies need tech-proficient employees with a unique set of skills to ensure protection. As 90% of surveyed IT leaders said they don’t completely understand their teams’ AI skills and proficiency, there is a clear need for agencies to take action. By promoting training to improve team members’ confidence and enhance their skills, leaders can engage themselves in the process and better understand the workforce’s strengths and weaknesses.

As the country transitions into the post-election period, deepfake threats remain a pressing concern, capable of shaping public perceptions through deceptive content. Federal employees and the agencies they serve must continue to bolster defenses against this and other cyber threats by prioritizing strategic skills development and training.

These programs should consider existing proficiencies their teams possess and also foresee what skills are necessary to mitigate threats that may be detrimental to their agencies and the voting public. Agencies can arm their technologists with the tools they need to stay one step ahead of threats by prioritizing skills and implementing active, enterprisewide cybersecurity measures.

Efforts to combat cyberattacks at the federal level coincide with the federal government’s campaign to promote high-tech career paths across all of its agencies to address tech talent shortages. Last year, the Biden administration launched its National AI Talent Surge to fill open agency positions by recruiting technology professionals who can “bring their experience, expertise, and vision into government.” This program brings the deficit of skilled technologists in the public sector into sharp focus.

Agency Workforces Need the Skills to Be Vigilant Against Attacks

As cyber threats against government organizations continue, it’s critical that agency workforces have the skills they need to recognize threats, and have the know-how to respond when an attack occurs. Earlier this year, Ashley Manning, the US assistant secretary of defense for cyber policy, told a congressional subcommittee about measures the Department of Defense is taking to counter cyber threats.

According to Manning, the US faces cyber challenges, including China’s targeting of US networks in prolonged espionage campaigns, Russia’s use of cyberspace to target critical infrastructure networks, and for-profit cybercriminals who target an array of vulnerable sectors with ransomware attacks that impact American citizens.

To guard against cyberattacks, federal agencies must take a holistic approach to ensuring that their teams have the skills to keep their networks and data secure. This includes addressing skills gaps in the workforce, leveraging best practices in cybersecurity, and creating a culture of continuous learning and upskilling. By arming their teams with the best possible defense against threats, agency leaders can empower employees to counteract cyberattacks effectively.

Create an Enterprisewide Knowledge Base to Ensure Cybersecurity

It’s critical for agencies to better understand their teams’ current cybersecurity knowledge by benchmarking the skill sets of their workforce. Training resources that align with their skills gaps and technologists’ needs include providing content created by industry experts, tracking skill acquisition, creating forums or community support, and providing hands-on labs. By implementing individualized learning programs that ensure every employee receives the necessary training, agencies can build a workforce equipped with the skills needed to keep their networks and data as secure as possible.

About the Author

Practice Lead, Practice Lead for Solutions Architects in the Public Sector, Pluralsight

Pathological problem solver, and serial question asker, a lifelong student of mental models, experienced in creating innovative solutions where analogical ideas meet rigorous socratic method. For more than two decades Tony Holmes has been solving complex problems for some of the largest, and most forward-thinking technology organizations in the world, including British Broadcasting Corporation, Digital Equipment Corporation, Microsoft Research, Opsware, Hewlett Packard, Oracle, and, currently, Pluralsight, the Technology Skills platform for the Government.