Governments may need to tread carefully when embracing artificial intelligence, especially general-purpose AI, which requires them to navigate the complex task of handling citizens’ personal data. As AI technology progresses at an unprecedented pace, it is imperative that organizations beef up their cyberdefenses by revisiting fundamental principles.
While organizations across both private and public sectors share concerns about safety and ethics in adopting generative artificial intelligence (gen AI), public sector entities exhibit greater expectations in these areas, as noted by Capgemini’s Asia-Pacific CEO Olaf Pietschner in a recent video interview?
Governments, being inherently more risk-averse, may require a higher level of governance and regulatory frameworks to ensure the safe development and deployment of generative AI, as suggested by Pietschner. While advocating for transparent selection methods, the individual acknowledged the need for AI-driven processes to incorporate an explanation phase.
As such, public sector organisations exhibit a diminishing patience for instances reminiscent of hallucinations and misinformation spawned by AI models, he noted.
The solution draws inspiration from modern security frameworks, according to Frank Briguglio, a public sector identity safety strategist at SailPoint Technologies, an identification and access management vendor.
As requested, when asked about the modifications safety challenges AI adoption has meant for the general public sector, Briguglio highlighted the need for enhanced measures to safeguard intellectual property and implement robust controls to prevent unauthorized access to sensitive information by AI providers.
To effectuate a fundamental transformation in the governance of digital personas, CyberArk’s Chief Operating Officer, Eduarda Camacho, emphasizes the urgent need for a paradigmatic shift in identity management, underscoring its significance for the security vendor. “It’s insufficient simply to employ multifactor authentication or rely on default security measures provided by cloud service providers,” she emphasized.
Furthermore, relying solely on enhanced security measures for privileged accounts is inadequate, as noted by Camacho in a recent interview. The relevance of this issue has become increasingly crucial in light of the advent of generative artificial intelligence (AI) and deepfakes, which have significantly heightened the complexity of verifying identities.
Briguglio advocates for an identity-centric approach, arguing that organisations must first identify where their data resides and categorise it to ensure appropriate protection, considering both privacy and security implications.
In a recent video interview, they expressed the desire to dynamically apply insurance policies to machines that can access data in real-time. Ultimately, the notion that every attempt to enter a new community or share knowledge is perceived as potentially hostile and could undermine business initiatives was his primary concern.
Precise verification of attributes or insurance policies granting entry is crucial, with enterprise customers requiring unwavering assurance in their validity. Briguglio noted that identical rules apply to knowledge and organisations, which must be aware of where their knowledge resides, how it is protected, and who has access to it.
Throughout the knowledge stream, he emphasized the importance of revalidating identities continuously, ensuring that the authenticity of credentials is reassessed at every stage of access or transfer, including the recipient of the information.
Corporations must establish a clear and transparent identity management system, currently marred by extreme fragmentation, according to Camacho. Managing entry should not hinge solely on an individual’s role, she emphasized, calling on organizations to invest in a system that treats every member of their community as possessing inherent privilege.
As she cautioned, each identification is susceptible to compromise, a risk that will undoubtedly intensify with the advent of generative artificial intelligence. Organisations can successfully move forward with a robust safety culture in place, effectively implementing necessary internal changes and providing coaching to support this endeavour, as she emphasized.
As governments increasingly deploy generative artificial intelligence tools within their workplaces, it’s crucial for the broader public sector to fully grasp the implications and benefits of these innovations.
Eighty percent of organizations in both the government and private sectors have increased their investments in generative artificial intelligence (gen AI) over the past year, according to a recent survey of 1,100 global executives. Seventy-four percent of respondents credited the technology with being transformative in driving revenue and innovation, while a significant 68 percent have already embarked on pilot projects involving generative artificial intelligence. While some companies have already empowered around 2% of their total workforce with generative artificial intelligence (AI) capabilities across various areas, others are still to follow suit.
Although 98% of sector organisations permit employees to leverage generative artificial intelligence (AI) in some capacity, only 64% have implemented safeguards to govern its usage. Only 22% of organizations currently restrict the use of generative AI (gen AI) to a select group of employees, while 46% are exploring guidelines for responsible gen AI usage, according to Capgemini research findings.
Despite requests, 74% of public sector organizations revealed concerns that general AI tools lack honesty, while 56% voiced apprehensions about potentially embarrassing consequences when used by end-users? While 48% emphasized the glaring lack of transparency surrounding the foundational understanding utilized in developing generative artificial intelligence applications.
Can data protection regulations ensure a seamless integration of artificial intelligence in your organization?
As knowledge security becomes increasingly paramount, the growing digitization of government and educational institutions heightens their vulnerability to online risks?
Singapore’s Ministry of Digital Growth and Innovation reported a significant increase in cyber attacks to 201 incidents in its fiscal year 2023, up from 182 recorded cases in the previous year. The ministry attributes the increase to a surge in digital adoption as more authorities provide services online for residents and businesses.
Furthermore, additional authorities officials are increasingly aware of the imperative to document incidents, a factor that MDDI highlighted as potentially driving the surge in reported knowledge incidents.
Regarding the efforts made by the Singapore public sector to safeguard private information, MDDI reported that 24 initiatives were implemented during the 12-month period spanning from April 2023 to March 2024. The introduction of a novel functionality within the industry’s core privacy framework has led to the anonymization of over 20 million documents, empowering more than 20 entities.
Enhancements have been made to the US government’s Data Loss Prevention (DLP) software, designed to prevent accidental breaches of sensitive or classified information across federal networks and systems.
Eligible authorities programmes now uniformly leverage the centralised accounts administration software, which automatically eliminates unnecessary personnel accounts as described by MDDI. This measure significantly reduces the likelihood of unauthorized access by former employees and cybercriminals exploiting inactive accounts.
As digital providers gain widespread acceptance, concerns arise about the exposure of sensitive information, stemming from inadequate human monitoring or technological vulnerabilities, according to Pietschner. When issues arise, organisations seek to accelerate innovation and adopt technology more swiftly, as he noted.
He emphasized the crucial importance of leveraging cutting-edge IT tools and implementing robust patch management strategies, warning that neglected or outdated technology poses the greatest risk to businesses.
Briguglio further emphasized that this phenomenon underscores the imperative to stay true to the basics. Without rigorous regression testing or initial experimentation in a controlled sandbox environment, safety patches and kernel modifications should not be deployed, according to him.
A robust governance framework that guides organisations in responding effectively to data incidents is just as crucial, Pietschner emphasized. Public sector organisations must ensure transparency by promptly disclosing data breaches to inform residents of any private information that has been compromised.
For the development of general artificial intelligence, a robust governance framework should be established, as suggested by him. What follows outlines guidelines for IT professionals adopting Gen AI tools?
Despite these statistics, only 37% of public sector organizations have established a governance framework for software engineering, according to a recent survey of 1,098 senior executives and 1,092 software professionals worldwide, revealing a significant gap in this critical area.
Despite this, a staggering 88% of software development professionals in the industry are leveraging at least one generative artificial intelligence (AI) tool that has not received formal approval or backing from their organization. According to Capgemini’s global research, this determination stands out as the top performer among all verticals surveyed.
Governance was deemed crucial by Pietschner. If construction professionals employ unauthorised generative AI tools, they risk inadvertently revealing sensitive information that should remain confidential, he cautioned.
Governments have developed bespoke AI systems to incorporate a layer of transparency, enabling them to monitor usage more effectively. Staff will utilize exclusively authorized AI tools to ensure the integrity of employed data.
Significantly, public sector organizations must ensure the elimination of any bias or hallucinations in their AI models, as noted, with requisite safeguards in place to prevent those models from generating responses that contravene the government’s values and intent.
The adoption of zero-trust architecture is reportedly more straightforward in the public sector due to its inherent higher level of standardization. Shared authorities providers and standardized procurement processes exist in some cases, simplifying the implementation of zero-trust insurance policies, for instance.
Singapore has unveiled plans to implement “prudent measures” aimed at enhancing the security of artificial intelligence (AI) systems and applications in July. The voluntary guidelines aim to provide a reference point for cybersecurity professionals seeking to bolster the safety of their artificial intelligence tools, which can be integrated into existing security protocols to mitigate potential risks in AI systems, according to the federal government.
As generative artificial intelligence evolves at a remarkable pace, it’s imperative that we grasp the profound potential of this technology and its far-reaching applications, according to Briguglio. Organizations planning to integrate generative artificial intelligence (gen AI) into their decision-making processes must ensure that human oversight and governance are in place to manage access and sensitive information, particularly within the public sector.
“As we develop and refine these AI programs, it is crucial that we establish robust controls around generative AI to ensure the safeguards are adequate for protecting what we aim to preserve.” It’s essential that we don’t lose sight of our core principles.
By leveraging these tools strategically, however, organizations can counteract their adversaries’ usage of similar AI instruments for malicious purposes, notes Eric Trexler, public sector enterprise lead at Pala Alto.
To avoid mistakes, robust oversight mechanisms are essential. As AI technology advances, it is anticipated that it will enable organizations to effectively keep pace with the frequency and volume of online threats, according to Trexler in a recent video interview.
Drawing on his past experience leading a team responsible for conducting malware assessments, he noted that automation provided the speed and agility needed to stay ahead of adversaries. “We’re struggling with a shortage of personnel and several tasks that are more efficiently handled by machines,” he said.
According to him, AI instruments paired with general AI may facilitate the discovery of “needles in haystacks”, as it’s challenging for humans to accomplish this feat when dealing with tens of thousands of safety incidents and alerts daily. The artificial intelligence can scour vast arrays of complex programmes, gathering insights and distilling them into concise summaries that humans can scrutinize.
Trexlere’s understanding was muddled by his failure to grasp the distinction between acknowledging potential flaws and implementing a robust framework, comprising governance, insurance policies, and playbooks, to proactively mitigate these risks.