This paper examines the influence of artificial intelligence on the future performance of cybersecurity functions within the Department of Homeland Security (DHS). It summarizes the key policies and regulations—including the Cybersecurity and Infrastructure Security Agency Act and relevant federal statutes—that govern DHS cybersecurity operations. The paper then analyzes how current technologies such as cloud computing, blockchain, and biometric authentication are used across government, public, and private sectors. It further explores how emerging AI and machine learning capabilities, including behavioral analytics and natural language processing, are transforming DHS cyber efforts. Finally, it identifies opportunities, challenges, and risks posed by AI adoption and offers standards-based recommendations to help the agency, its staff, and stakeholders adapt effectively.
Cybersecurity is a crucial aspect of Homeland Security in the Digital Age. Under the Department of Homeland Security (DHS), cybersecurity efforts focus on combating cybercrime, developing and implementing a cyber incident response function, maintaining the cybersecurity of networks within the federal government, securing critical infrastructure, implementing cybersecurity governance, and sharing information in a safe and effective manner (DHS, 2018). There is a great deal of overlap between cybersecurity efforts and other functions of the DHS, particularly with respect to infrastructure security, border security, cargo screening, and the facilitation of legal immigration. In virtually every modern process and function, digital tools are utilized to enhance processes and create more efficient ways to achieve the Department's security goals.
Since 2018, the DHS has been tasked with stepping up its cybersecurity efforts. It was in the fall of that year that President Trump "signed into law the Cybersecurity and Infrastructure Security Agency Act… [elevating] the mission of the former National Protection and Programs Directorate (NPPD) within DHS and [establishing] the Cybersecurity and Infrastructure Security Agency (CISA)" (DHS, 2018). CISA now plays a crucial role in the security of the nation by bolstering the nation's cybersecurity program. CISA (2018a) provides around-the-clock, 24/7 "cyber situational awareness, analysis, incident response and cyber defense capabilities to the Federal government; state, local, tribal and territorial governments; the private sector and international partners." Preventing tragic events like the Parkland shooting through the implementation of cybersecurity technology is developing one aspect of DHS functions in the Digital Age (CISA, 2018b). The gathering of Big Data and the processing of that information is another (Best, 2007).
This paper summarizes the policies and regulations that govern and influence how DHS's cybersecurity function is implemented and overseen. It discusses the role that current technology plays in how the government, the public, and the private sector are organized, trained, and equipped to engage in national security. It also examines how emerging technology shapes DHS cybersecurity efforts, and what opportunities, challenges, and risks that emerging technology poses to DHS cybersecurity processes.
CISA is in charge of enhancing the nation's security, resiliency against cyber attack, and the reliability of the nation's cyber communications infrastructure. However, its scope of governance is even wider than that. For instance, it oversees rumor control efforts and did so in 2020 by managing misinformation and disinformation campaigns via CISA's Countering Foreign Influence Task Force (CISA Rumor Control, 2020). CISA is situated within DHS, and within CISA is situated the National Risk Management Center (NRMC), which focuses on analyzing and collaborating with other stakeholders to identify and assess risks to national security. CISA itself, however, is a standalone agency, acting in the capacity of an operational component and falling under DHS oversight. CISA reports to DHS, and its operations are authorized by the National Protection and Programs Directorate (NPPD).
The federal Computer Fraud and Abuse Act provides the government with the ability to prosecute cybercrime. The Act prohibits unauthorized access to a computer or security information. The Electronic Communications Protection Act and the Stored Communications Act have both made it a criminal offense to access information without authorization. DHS similarly has the purview to monitor and counter cybersecurity intrusions.
Current technology plays a tremendous role in how the government, public, and private sectors interact to secure the nation. Automation is one of the primary tools currently being used. Cybersecurity partnerships among the various agencies and sectors are crucial. The DHS Science and Technology Directorate (S&T) cyber mission focuses on analyzing the full spectrum of cyber threats, such as adware, malware, phishing scams, zero-day attacks, rootkits, ransomware, and anti-spyware. Cybersecurity teams in all sectors and in the government are trained to monitor and defend against these various types of attacks. Yet attackers are also training and learning to overcome defensive measures. It is a constant back-and-forth between aggressors and defenders that never stops.
Greater integration among the various sectors and government agencies has been called for, and cloud computing technology has enabled greater facilitation of this integration (Hunt, 2018). The cloud enables a data-centric approach to information operations, providing better encryption opportunities as well as increased cyber resiliency through segmented throttle access (Hunt, 2018). Ross, McEvilley, and Oren (2018) note that integrated operators must "conduct periodic reviews of project quality assurance activities for compliance with the security quality management policies, standards, and procedures" (p. 51). However, security system engineering is very much still a work in progress—and will remain so for as long as the Digital Age lasts.
Current technology includes Big Data readers, blockchain technology, digital signatures, multi-factor authentication, centralized identity repositories, and digital surveillance (Crossler & Posey, 2017). Biometric authentication is also a current technology designed to strengthen security on the end-user end of the spectrum, as it does away with passwords, which can be lost, stolen, or shared (Carman, 2014). However, technology in the Digital Age never stops advancing, which means there is a constant need to update and modernize approaches to cybersecurity processes. That is where artificial intelligence (AI) comes into play.
AI has brought machine learning into the picture, which means computers are now able, through pre-written algorithms, to increase their understanding of data based on patterns in information sets collected over time. This reduces reliance upon human intervention and can speed up the rate at which risks or threats are identified and assessed. Every type of data can be gathered and processed, allowing both the state and private/public sectors to manage their systems more effectively and securely.
Some examples of how machine learning is being integrated into operations include: Context-Aware Behavioral Analytics, which allows computers to identify unusual file movements in order to detect bad actors attempting to steal or manipulate information; Next-Generation Breach Detection systems, which counter zero-day exploits that mine information by tracking the exploit to its source; Virtual Dispersive Networking, which uses enhanced encryption to prevent attacks; and Smart Grid technology, among others (ECPI, 2020). AI and machine learning are making the biggest impact in this space, as these tools can operate through automated functions, adapt on their own, build on their own information to become more efficient, and streamline security operations (Heckman, 2019).
"AI improving threat detection, data processing, and hiring"
"AI benefits, talent gaps, legal risks, and foreign exploitation"
"Five-standards framework to guide AI cybersecurity policy"
You’re 40% through this paper. Sign up to read the remaining 3 sections.
Sign Up Now — Instant Access Already a member? Log inAlways verify citation format against your institution’s current style guide requirements.