CISA Leverages AI Automation to Enhance Threat Analysis and Mission Support

The Cybersecurity and Infrastructure Security Agency (CISA) has achieved its most substantial gains from artificial intelligence (AI) automation in its security operations unit, where it accelerates threat analysis for analysts. However, the benefits extend across the agency, CISA officials confirmed on Tuesday.

Speaking at the UiPath FUSION Public Sector event hosted by Scoop News Group, Tammy Barbour, acting chief of application management at CISA, highlighted the impact of automation:

“It’s really allowing those analysts to do triage very fast, so they focus on what matters versus the noise. They’re able to do a lot of real-time, quick looks before events happen in most places.”

Barbour also noted that automation has significantly improved operations at CISA’s Technology Operations Center:

“The top analysts are able to quickly respond to customers who are reaching out to talk and asking questions, and be able to get real-time efficiencies with that.”

Additionally, automation has streamlined data migration processes, she added.

Laura Wind, acting deputy chief technology officer at CISA, emphasized the broader applications of automation within the agency, including human resources, contracting, and finance:

“So we can continue to drive mission, but also accelerate the mission-supporting functions. We really want to ensure that our cyber analysts are focusing on the things that matter, like malware.”

Despite these advancements, both officials acknowledged ongoing challenges in adopting AI automation:

“We’re still kind of in our infancy,” Barbour said. “But we still struggle with the legacy workflows, processes. We still have some systems that need to be modernized, that we’re currently working towards adoption. People love their spreadsheets. I just can’t force it out of their hands, especially the — sorry, all the accountants in the room, I apologize, but you’ve got to let it go.”

Wind stressed the importance of transparent AI governance, particularly in data and AI management:

“One of the biggest things is ensuring that the CTO is driving governance, whether that’s for data, whether that’s for AI. I think we’re pretty good on generative, and everyone’s a little bit catching up to industry on agentic.”

She also highlighted the critical role of structured data platforms in enabling effective automation:

“Whether you’re on the cloud and you’re serverless or you’re still on prem, if you haven’t figured out what your structure of your data platform looks like, it makes automation a lot more difficult.”

The insights from Barbour and Wind provide a glimpse into CISA’s internal approach to AI, with recent initiatives focusing on safe deployment practices for agentic AI and evaluating how AI is intensifying cyber threats.