NASCIO report projects AI growth in cybersecurity, digital services

State technology officials will primarily use artificial intelligence to build more robust cybersecurity tools, reduce fraud and expand the digitalization of civic services, according to a report released Tuesday by the National Association of State Chief Information Officers at its annual conference in Nashville, Tennessee.

The report, which was published with help from IBM and the Center for Digital Government, compiled interviews from IT officials across 45 states who are invested in expanding the use of artificial intelligence within their agencies. Officials shared best practices, operational hurdles and use cases for the technology, which is still nascent in many state IT offices.

The report, which intended to “separate the potential from the hype for one of today’s hottest technologies,” revealed that AI does have clearly defined use cases, and among the states that have embraced it so far, a shared vision of best practices.

According to the report, more than 70 percent of respondents view cybersecurity, waste management and digital services as the three most useful scenarios that AI or machine-learning could assist with. Respondents also said that planning ahead — creating a framework, assigning staff to teams and modernizing technology — is the best thing an IT official can do to prepare for AI.

Preparing for AI challenges

Despite NASCIO listing artificial intelligence as the most important emerging technology last year, Tuesday’s report found that most state officials aren’t fully prepared for AI. The first best practice that respondents agreed upon was for agencies to adopt an AI framework to manage the risk of using the technology in new databases or to glean new insights. Sixty percent said they had no such framework and 72 percent had no ethical-use policy or guidelines limiting use of AI.

While AI has many different capabilities, 49 percent of respondents said they’d benefit most from using the technology to analyze data, which could include biometric data commonly used for facial recognition. San Francisco and other U.S. cities have banned facial recognition, but some agency heads think that artificial intelligence can strike a balance between privacy and usefulness.

“We’re trying to balance privacy and push the envelope on facial recognition,” Utah CIO Mike Hussey told StateScoop in Nashville. “You get so many folks that are worried about privacy, but if you can detect fraud by facially determining if a person is the same as the other person, like with issuing drivers licenses or something like that, that’s where you start to see value and I don’t think you’re invading privacy.”

Hussey is an ardent supporter of AI, and said in the report that as the technology continues to mature, it will become “pervasive throughout everything we do.” Right now, for most states — including Colorado, Utah, and North Carolina — AI is primarily a tool for digital assistants and chatbots. Colorado CIO Theresa Szczurek is one of several officials — along with Hussey and North Carolina CIO Eric Boyette — using chatbots to assist office workers, senior or disabled citizens and government website visitors to provide tailored information at the click of a button.

“When residents need help, they can first get a chatbot to be utilized, 24/7, and get answers to questions much more efficiently,” Szczurek said.

‘Low-hanging fruit’

Boyette — along with CIOs in Mississippi and Arkansas — also uses chatbots to help free up time for state customer service employees. But Boyette and other officials surveyed see those chatbots as “low-hanging fruit” compared to other potential AI-powered tools, like cybersecurity monitoring. Boyette said that he is already using AI to act as a 24/7 threat monitoring system. Because bad actors can also use AI to break down an agency’s firewalls all day and all night, the technology is opening up a new paradigm in cybersecurity.

“There is a whole new set of threat concerns,” said Chuck Grindle, Kentucky’s CIO, in the report. “Employees essentially work from 8 to 5. But AI applications could be running 24 hours a day, seven days a week.”

Cities and states are also using AI to improve transportation, which includes predictable traffic flows and unpredictable accidents. Utah is working with a company to pilot a series of highway-adjacent camera feeds that detect accidents with machine learning, and immediately dispatch first responders. Even in these public safety use cases, however, privacy and safety must remain paramount, officials said. 

“The question is, do we have the proper monitoring tools in place to understand if an AI application has been compromised? That’s a question that makes security folks a little queasy,” Grindle said. 

The biggest challenge in AI adoption by far, respondents said, is ensuring that the internet-connected infrastructure running artificial intelligence tools is up-to-date. Forty-five percent of respondents said the costly and time-consuming process of replacing legacy IT infrastructure is the largest hurdle, followed by 33 percent labeling cultural concerns inside of the organization as the next toughest challenge. As they become more comfortable with the technology, however, officials say it will continue to provide more benefits.

“When AI is involved, it gets better all the time, because it keeps learning,” Szczurek said.

Colin Wood contributed reporting to this article.