The state of federal cybersecurity, AI governance, and cloud strategy

As cutting-edge technology emerges, government agencies must navigate the new cybersecurity threats that come along with it—while continuing to mitigate existing risks.

What are agencies doing to manage this threat landscape? What cyber skills do their teams need? What have they learned from past cybersecurity attacks?

We partnered with MeriTalk to survey 150 federal cybersecurity leaders and answer these questions. Here’s what we discovered about the current state of federal cybersecurity, the rapidly changing cyber landscape, and what agencies need to succeed.

• The current federal cybersecurity landscape
  • Agencies still need a cloud strategy for security
  • AI services are on the rise
• How can agencies improve their cybersecurity strategy?
  • Continue to defend against cybersecurity threats
  • Understand new AI governance and regulation
  • Develop cybersecurity skills with workforce development
  • Learn from past federal cybersecurity attacks
• Boost your agency’s cybersecurity skills with workforce development

We asked government IT leaders about the current cybersecurity landscape. Perhaps unsurprisingly, cloud skills and AI governance topped the list.

Despite the security and compliance challenges of cloud computing in the public sector, agencies have been adopting cloud services to improve their efficiency and resilience. 

To do so successfully (and securely), though, they need a cloud security strategy. We found that 43% of federal IT leaders say their agency has a mature, well-defined cloud security strategy. And 56% are in the process of developing a strategy or say their basic cloud security policy requires an update.

This isn't bad compared to private organizations. After all, a whopping 69% of private sector leaders say their organization doesn’t have a clearly defined cloud strategy. But as cloud continues to grow, agencies build multicloud environments, and new regulations arise, cloud security remains a priority for public sector organizations.

The whole world is watching AI technology, and the federal government is no exception. While the public sector isn’t generally praised as early adopters, over half of federal leaders surveyed are already using AI and ML for cybersecurity needs.

64% are beginning to apply AI/ML to user activity and authentication analysis. Another 63% are using AI for automated threat detection and analysis and predictive analytics for proactive threat hunting.

Government agencies that get a jumpstart on AI technology can use these services to improve their security posture, increase efficiency, and encourage innovation. But threat actors are also taking advantage of this new technology. ChatGPT’s first data breach likely won’t be its last. While agencies can use AI services to strengthen their cyber defenses, they also need to stay on top of new threats and changing governance to stay secure and compliant.

Cloud and AI technologies present unique cybersecurity challenges and opportunities for federal agencies. As we look to the future, the federal IT leaders we surveyed identified a few key areas for agencies to focus on.

We asked federal IT leaders, “Where should agencies build their cyber capabilities?” A few key ideas emerged.

65% said agencies should focus on developing and implementing advanced threat detection and incident response. 65% also highlighted the importance of implementing proactive security measures for cloud-based infrastructure and service. 61% said agencies need to enhance the recruitment and retention of highly skilled cybersecurity professionals.

The common themes here include strengthening existing cybersecurity measures and proactively addressing new cybersecurity threats. By leveling up your tech and your people, your agency will be well positioned to navigate the constantly changing cybersecurity landscape.

AI programs are pushing the boundaries of cybersecurity and technology in general. But as an emerging technology, government guidelines and regulations have been struggling to keep up. 

Finding the balance between leveraging this new technology and using it securely is a challenge for agencies. You want to boost innovation and efficiency, but you also need to stay compliant. Other concerns, such as privacy, ethics, and data quality, add to this balancing act.

Luckily, guidance such as the NIST AI Risk Management Framework can help. Following this framework is optional, but it’s designed to help agencies lessen the risk associated with developing and implementing AI programs.

New tools and policies alone won’t strengthen your security stance. You need people with cybersecurity skills and knowledge to defend against constantly changing threats. 

To upskill the cyber workforce, 68% of agencies are supporting continuous learning through subscriptions to cybersecurity learning platforms and resources. And 67% are encouraging participation in cybersecurity conferences, workshops, and industry events.

This is undoubtedly a good start. But to ensure those skills stick, your employees need a variety of workforce development opportunities like hands-on labs and instructor-led training. And to ensure they actually use the learning resources you provide, create upskilling programs, study groups, and communities of practice to turn skill development into a cycle of continuous learning.

Check out our blog post Upskilling the public sector workforce to fill the tech talent gap to learn more.

Cybersecurity attacks threaten every organization, but they can be especially dangerous for government agencies due to the nature of the data you may possess. A recent attack underlined this concern. 

According to Microsoft, a threat actor referred to as Storm-0558 forged authentication tokens to “access user email from approximately 25 organizations, including government agencies and related consumer accounts in the public cloud.”

Following this attack, 65% of federal IT leaders plan to develop additional cybersecurity training and awareness programs. 65% also plan to collaborate with industry experts and academia for research and innovation.

Cyber attacks are never pleasant, but agencies that use them as learning opportunities will continuously strengthen their security stance and better equip their org to deal with future threats when they arise. 

Pluralsight’s workforce development platform helps federal agencies advance their cybersecurity goals through mission-critical skills, process improvements, and data insights. 

Develop the best defense by developing your people first. Learn more about how we help federal agencies build security skills.