Interview with William Kehoe, Washington State Chief Information Security

AI FORUM:

How has the State of Washington been using AI and what challenges have you encountered so far as the State CISO?

Bill Kehoe:

As you know, AI takes on many forms. AI has already been embedded in a lot of the industry tools that we use, in Microsoft collaboration software and even in our browsers. But we're going to start seeing it used in more of our products and in the services that are provided from our industry partners. 

Now one of the questions we are exploring is whether our use of third party AI products causes any privacy, security and other concerns? This is something we are researching as we develop state policy regarding how we deploy AI in our own products and services.

AI FORUM:

Do you see the state one day using chatbots to “meet” people and then direct them to the right agencies and services?

Bill Kehoe:

Yes, I do. We have a vision of that type of user portal-- a front door to state services and information.  And I can see a chatbot type service as a big part of that. 

AI FORUM:

On the on the cybersecurity front are you seeing attacks and threats that have been amplified by AI? Or is it kind of just about the same?

Bill Kehoe:

I can't pinpoint a increase in a specific threat that's related that I can relate to AI. However, I do see our security analytics enhancing our ability to analyze threats, which could be a huge improvement. I also see the ability of the threat actors to use AI to get more sophisticated in their attacks, to code attacks very quickly. This will increase our need to anticipate those threats and to protect ourselves from them.

AI FORUM:

We have lived before through different inflection points in technology, such as the Internet, the Internet of Things, Blockchain, big data.  When you look at the big picture, do you see AI as a major inflection point now?

Bill Kehoe:

Yes, I do. I think government is going to be probably slower to adopt it than maybe the private sector, but the capabilities and efficiencies that we can gain from this are amazing, I talked to one of our more progressive CIOs this week and that agency is already using AI to generate code.  They were able to quickly reference security controls that they wanted to see in the new code and generate it. 

AI FORUM:

What special concerns does the state have regarding deployment of AI tools?

Bill Kehoe:

Well, I think the state's has a concern with biases that might reside in the technology or the training data that AI uses.  For example, if we use AI tools to review resumes and then disqualify people based on what the resume says then we need to be aware of the potential for bias and to work our way through that to ensure that doesn’t happen. At the same time, in all our lines of business we see the potential for benefits and efficiency that AI will bring to our IT services and online presence.

We just returned from a NASCIO conference, a leadership group where a number of state technology executives participate and my sense is that everyone seems to be kind of in the same place that we are. We are all contemplating publishing guidelines up for use of AI and also working through initial use cases of how the technology will be deployed.  States need to be cautious in this area.

I'm a co chair of a NASCIO AI workgroup and we’re just beginning to meet to develop policy in the AI field.

AI FORUM:

Thanks so much for talking with us!

Bill Kehoe:

You are very welcome.

Transcribed by https://otter.ai