IT Workforce Challenges Are Hindering Federal Progress – AI Can Help

Federal agencies are adopting a more modern, digital-centered approach in everything they do. That’s good progress, but it’s also exposing some critical problems in the modernization journey. 

Agencies are migrating to multi-cloud and hybrid-cloud infrastructures, growing their IT footprints in size and complexity, and compounding workloads for their IT staff. Cyber threats continue to evolve in speed, sophistication, and severity, posing serious challenges to security staff. Agencies are collecting and generating more data and more types of data than ever — data that must be processed, stored, and leveraged across the enterprise. More recently, agencies have been incorporating artificial intelligence (AI) into their day-to-day operations, but in doing so, they must smartly navigate many technical, ethical, and policy considerations.

These modernization trends will deliver unprecedented capability, speed, and mission effectiveness to agencies. But they are also placing terrific stress on federal IT workforces — IT operations, engineering, cloud, and cyber staff — that confront significant shortages in needed skills and talent. 

The Federal IT Workforce Challenge

In 2022, the public sector had nearly 40,000 cyber jobs to fill. Demand for these skills is only increasing: The Bureau of Labor Statistics projects jobs for information security analysts will grow by 32% from 2022 to 2032, equalling up to 16,800 job openings annually. 

These skills gaps affect all employers. However, the government’s lengthy, bureaucratic hiring process and relatively lower pay make it harder for federal agencies to simply hire their way out of the problem. These recruitment challenges are even more daunting at national security agencies, where new hires must undergo lengthy security clearance processes.

Another big concern is that large portions of the federal workforce are at or nearing retirement age; and when they do retire, they will take their valuable skills and knowledge with them.  Consider that less than 6 percent of the federal cyber workforce was under the age of 30 in 2022, while almost a third were 55 or older. 

“Given expected retirements, lack of entry-level and diverse talent, turnover, and the growing need for new skill sets, there is a significant risk to our cyber mission effectiveness and the long-term health of our federal cyber workforce,” declared the interagency Federal Cyber Workforce Management and Coordinating Working Group.

Not only are federal agencies lacking critical technical skills, but they are being asked to do far more. Recent executive orders and OMB directives are pressing all federal agencies to accelerate their adoption of modern cybersecurity and AI practices and approaches.

Despite the imbalance created by fast-growing workloads and short-staffed workforces, many agencies manually perform mundane, day-to-day IT tasks and use spreadsheets and other antiquated methods to manage critical workloads and processes. This is unsustainable as agencies try to scale their modernization efforts across their enterprises. 

Tackling Workforce Shortages with AI and Automation

The good news is that agencies are taking positive steps like shifting to more skills-based hiring approaches, investing more in upskilling and certifications for existing IT staff, and utilizing rotational assignments for IT staff to build their breadth of expertise and share talent where needed. These steps will help, but far more is required.

So, what will make the biggest difference in helping federal agencies get the most from their limited pools of IT talent? Many commercial and public sector organizations are turning to AI and automation to dramatically reduce or eliminate menial, repetitive, and manual workloads so IT staff can accelerate their cyber operations and have more time to do higher-value work.

For example, some federal cyber teams employ Splunk’s Security Orchestration, Automation and Response (SOAR) to automate thousands of cyber actions across hundreds of third-party tools without overhauling their existing security stacks. Many of our customers have found that up to 95 percent of incident responses can be automated. Splunk SOAR adopts a data-centric approach — powered by machine learning — to consolidate alerts and data from disparate tools. This ensures timely and prioritized responses that help tame the chaos in any security operations center (SOC). With automated playbooks, cyber response actions occur in seconds instead of hours.

Similarly, Splunk’s risk-based alerting (RBA) capability uses AI and automation to help federal cyber teams pivot from traditionally reactive to more proactive functions. Splunk’s RBA marks an evolution of traditional Security Information and Event Management (SIEM). Whereas a SIEM alerts cyber teams based on discreet data points and events, RBA uses AI to discern behaviors and contextualize storylines from correlations and connections of multiple data points and security events. Splunk’s unique approach to correlating data to generate cyber alerts translates into a vast reduction in alert volume and increases in alert fidelity and true positive rates so that analysts can spend more time hunting down threats or running adversary simulations.

AI can also serve as a force multiplier for federal IT teams in other ways. For example, Splunk AI Assistant allows users to search their data using an intuitive and simple plain English chat experience instead of relying on Search Processing Language (SPL) queries. That means anyone on the IT team — not just those already schooled in SPL— can navigate their data enterprise.

Splunk’s AI Philosophy

Whenever the subject of AI comes up, federal decision-makers have many considerations to think through. Valid questions arise, like:

• How do we ensure positive outcomes and build trust among the residents and stakeholders we serve?
• How do we meet stringent security and privacy requirements?
• How do we ensure these technologies are used responsibly and ethically?

As a market leader in security and observability, Splunk is ready to help our federal customers reap the benefits of AI while staying protected from unintended consequences. With a deep commitment to building a safer and more resilient digital world, we can make a real difference by approaching AI responsibly. Our AI philosophy is simple and driven by three key ideas:

• Human-in-the-loop: It is critical to understand that AI won’t replace humans, but it should work alongside them, acting as copilots to quickly deliver facts, summarize events, and bring priority alerts to the forefront. Regarding AI, humans should always be in the driver’s seat.
• Domain and Splunk-specific: Splunk believes the most effective AI for digital resilience is domain-specific for security and observability use cases and tightly integrated within workflows. This surfaces the right information at the right time and context.
• Open and extensible: As we plan to integrate more AI directly into the Splunk platform, we will allow customers and partners to extend our models or create their own models based on their policies and risk tolerance. These models can work with data in Splunk and data on other data stores, providing flexible solutions.

The AI Difference in Security and IT Operations

What does AI look like in federal IT operations? Consider these typical use cases:

• Content generation: With AI, system administrators can generate content in a specific format and style to help troubleshoot issues and ensure that servers and networks function as intended.
• Knowledge management: AI systems can analyze content within documents, emails, and other data sources and automatically tag and classify vast amounts of unstructured data, making it easier to retrieve when needed. Moreover, they can understand user intent and context to deliver more relevant and personalized search results tailored to each query.
• Discovery and intelligence gathering: AI tools can quickly aggregate diverse datasets to provide security analysts with contextualized alerts, prioritize and triage security alerts, and summarize large quantities of data to help security teams save time.
• Conversational services: AI systems provide real-time response communications and summarize calls and issues to save time for Help Desk and Contact Center agents.

These are just a few of the many ways that AI capabilities can help federal agencies bring greater balance into their IT and security operations as they struggle with today’s workforce challenges.

To learn more about how AI can empower your agency’s IT workforce for greater security, efficiency, and resilience, read our "Security Use Cases Enhanced by AI and ML" e-book.