OMB Individually Reported

Cybersecurity Threat Management, Detection, and Response

Low riskExact public inventory row

Description

This use case intends to solve the problem of detecting and responding to cybersecurity threats in a timely manner.

Detailed example

CD&I uses several AI-enabled cybersecurity tools to analyze this data. Machine learning (ML) models, such as classification and regression models, are used to analyze historical data and detect emerging threats through pattern recognition. Other ML capabilities include continuous monitoring of ICE cybersecurity data and the algorithmic identification of real-time cyber threats. This includes recognizing phishing patterns, malware signatures, or abnormal network traffic patterns across a variety of tools. Additionally, CD&I is in the process of integrating its open-source intelligence cybersecurity threat analysis platform with an LLM. This integration will allow platform users to summarize open-source intelligence on cybersecurity threats and more easily research and respond to potential cybersecurity events.

AI / analytics pattern

Classical/Predictive Machine Learning: Models trained on data to make predictions or classifications based on identified patterns or relationships.

Automation level / stage

c) Deployed – The use case is being actively authorized or utilized to support the functions or mission of an agency.

Expected benefit

These AI capabilities provide security analysts with modern tools to identify and respond to threats much more quickly than previously possible, minimizing potential damage to systems and data.

Controls / human review

ATO: Yes; PIA: Not published

Data needed

The cybersecurity solutions use commercially available large language models that have been trained on the public domain by their providers. There was no additional training using agency data on top of what is available in the models’ base set of capabilities. During operation, the AI models interact with ICE production data from multiple sources, including data from Microsoft Defender for Office (Polarity) and suspected malicious reported emails from ICE personnel (Triage).