Just one month into the new administration, we are already seeing a glimpse of how cybersecurity will be evolving in the year ahead. It should come as no surprise that artificial intelligence (AI) will continue to dominate headlines and drive White House policy activity. Yet despite the associated frenzy, this landmark technology will be a positive function for many organizations and one that helps leverage new and existing collaborations.
Based on the early moves of the Trump administration, it’s likely that our adversaries will increasingly leverage cyberespionage to win. On the heels of Volt and Salt Typhoon, we know that sophisticated nation-state adversaries aren’t sitting on their hands. “Business as usual” for network defenders simply won’t cut it. We need an aggressive, evolved approach.
As federal employees and their private sector partners adjust to evolving threats and norms, they should buckle up for a year of disruption.
Federal AI Will Become Table Stakes
Federal cybersecurity professionals are working every day to decipher record amounts of data and exponentially more threats than previous eras, only amplifying the issues associated with the cyberskills shortage and historic buying practice around dozens of non-integrated cyber security tools and services. While teams are already using artificial intelligence to supplant many manual security operations, any federal agency that holds off on additional adoption will see increased burden on its employees and increased burnout and fall even farther behind. In AI, you’re either leveraging it to drive transformative outcomes or being outpaced.
Both create fertile ground for mistakes and vulnerabilities. Coupled with stronger reporting requirements, reduced staffing levels and incident transparency requirements, AI technologies will be the elixir for the federal government. They can more easily deliver key public services and protect their systems from bad actors at the speed of cyber. In the modern age, AI is required to lower the most critical metrics for success, especially mean time to detect and mean time to respond to threats. People simply can’t keep up.
Federal agencies that embrace AI technologies will find themselves ahead of the curve in detecting threats and retaining skilled employees. Those who are slow to adopt will drown in overwhelming amounts of data, security bottlenecks caused by tool sprawl and exasperated teams.
Global Leaders Will Converge Towards AI Consensus
Leaders and stakeholders around the world have already come together around the shared ideal to harness AI innovation while minimizing risks and preventing unintended outcomes. While organizations may disagree on a path to achieve it, there is growing consensus that aggressively promoting AI security is central to this desired endstate. In 2025, we will see increased global alignment around a suite of security controls necessary for driving trust in AI systems by protecting AI applications and critical data.
These include managing deployment environment governance, actively monitoring model behaviors, protecting model weights, enforcing strict access controls, and hardening deployment environment configurations. In aggregate, these security imperatives are supportive of Secure AI by Design concepts that while still behind the speed of private sector advancement, will be a significant disruptor in the private sector. Secure your AI systems and usage or risk the assuredness of the systems themselves.
AI Will Advance Cyber Aggression from Foreign Nation States
Cyberspace has become a much more accessible attack surface for foreign threat actors, who use cyberattacks to destabilize critical infrastructure, government systems and key industries. In 2025, threats to non-computer-based systems will continue to rise, as foreign adversaries leverage AI to take power grids, pipelines and healthcare systems offline. AI-powered cyberattacks that deeply threaten national security, especially around major global events, such as national elections and changes in power, are likely to rise. Adversaries are seeking to disrupt voting, distract policymakers and destabilize political institutions. Therefore, collaborative efforts between allied countries to enhance cyber defenses will be even more important to counteract state-sponsored cyber activities.
A Leaner Federal Workforce Will Drive Modernization and Security Efficiencies increasing Security Efficacy
The streamlined federal workforce is driving a critical shift toward modernization and security efficiencies – driving demand for automation and human-machine collaboration to counter evolving threats. With fewer resources, agencies must centralize and automate their security strategies to eradicate the built-in workforce inefficiencies observed in today’s USG environments. Managing a fragmented arsenal of security tools is already unsustainable and getting worse. Today the US Federal government spends significantly more money each year on the operationalization and integration of security efforts than on tools to drive efficiencies. The government will need to drive substantial cost rationalization through integrated security technologies.To stay ahead of adversaries, automation and seamless integration are no longer optional; they are essential for meeting the escalating demands of cybersecurity. We will see the first major moves toward this direction in 2025.
The Rise of Silent Quantum Computing Threats
The threat of cyberattacks fueled by quantum computing is approaching faster than many federal agencies are equipped to withstand. In 2025, threat actors will ramp up their “harvest now, decrypt later” operations to steal government data and unlock it once technology allows. This presents an urgent threat to government systems running on previous-generation cybersecurity protections. The federal government will need to steel itself against these threats by enabling quantum-resistant tunneling, crypto data libraries and overall crypto-agility to respond to the rising speed and scale of cyberthreats and prevent theft of data in the first place.
2025 will be a year of rapid change in federal cybersecurity. The attack surface – and the solutions used to secure it – will not look the same this time next year.