Federal agencies are experiencing a sharp rise in cyberattacks, driven in part by the expanding role of artificial intelligence. According to the Cybersecurity and Infrastructure Security Agency, in 2025, the agency managed over 30,000 cyber incidents across federal systems, prevented more than 2.6 billion malicious access attempts on civilian government networks, and blocked 371 million additional threats targeting essential infrastructure.
In response to these escalating threats, the White House introduced its Cyber Strategy for America in March. This roadmap defines how the government plans to modernize defenses, enhance operational tools, strengthen protections for critical infrastructure, and prepare for emerging AI-fueled cyber risks.
The strategy covers a wide range of priorities—from shaping AI regulations to workforce training—but for federal civilian organizations, three core focus areas stand out: removing obstacles to adopting advanced security technologies, embedding agentic and generative AI into cybersecurity workflows, and achieving unified oversight across both IT and operational technology systems.
These three pillars are deeply interconnected and all rely on the ability to consolidate and act on data across federal IT environments. Aligning agency efforts with these strategic priorities will provide a stronger foundation for detecting, understanding, and responding to cyber threats.
As federal leaders assess how to implement these pillars, they must strike a balance between fast-paced innovation and proven, scalable solutions already in use across government systems.
Access to modern cybersecurity capabilities
The third pillar of President Donald Trump’s cyber strategy emphasizes upgrading and securing federal networks—an urgent priority given the increasing speed and complexity of today’s cyber threats.
At its heart, cybersecurity is fundamentally a data challenge. Effective modern security practices require the ability to collect, standardize, and operationalize data from diverse sources, regardless of format, location, or underlying system. Federal agencies need unified data platforms and architectures capable of supporting real-time analytics at scale while working seamlessly with both legacy and modern systems.
However, realizing these benefits depends on agencies’ ability to integrate new technologies smoothly. This means reducing friction in both procurement and deployment. Several governmentwide initiatives have already established a strong foundation for agencies pursuing cyber modernization.
- CISA’s Continuous Diagnostics and Mitigation (CDM) program provides centralized visibility into cybersecurity data across civilian agencies.
- CISA’s emerging SIEM-as-a-Service offering aims to standardize data collection, improve threat detection, and enable coordinated response.
- The General Services Administration’s OneGov initiative streamlines acquisition and promotes shared services across agencies, saving taxpayer dollars.
These programs reflect a broader federal goal: enabling interoperable, scalable cybersecurity capabilities that can be consistently adopted across agencies while minimizing duplication and cost.
Agentic and GenAI for cyber operations
The fifth pillar of the cyber strategy urges agencies to leverage emerging technologies to strengthen national security. With adversaries launching attacks at machine speed, federal organizations must counter AI-driven threats with AI-powered defenses to stay ahead of the evolving threat landscape.
Generative AI and agentic AI are rapidly transforming cybersecurity operations within federal environments, enabling agency cyber teams to focus on the most pressing and high-impact threats.
To understand the potential impact on federal cyber operations, consider a civilian agency running a 24/7 security operations center (SOC). That SOC receives thousands of daily alerts from endpoint detection tools, network sensors, identity systems, and vulnerability scanners. With automated alert triaging powered by AI, these alerts can be correlated, prioritized, and enriched with context—reducing analyst fatigue and accelerating response times.
Many of these alerts are low-confidence or redundant, forcing analysts to spend significant time manually filtering noise to identify genuine risks. By applying AI models to automate alert triage, agencies can connect related signals across systems, detect patterns suggesting coordinated attacks, and enrich alerts with actionable context.
Agentic AI goes beyond simply flagging an alert—it autonomously constructs an investigation timeline and drafts a remediation plan for human review.
As a result, analysts receive fewer, higher-quality alert queues that group related events into actionable cases, complete with recommended next steps and supporting evidence.
Beyond efficiency gains, AI-powered natural language interfaces allow analysts to query security data conversationally, speeding up investigations and decision-making. AI can also help translate legacy detection rules and workflows into modern architectures, easing the transition between systems.
In addition to operational improvements, AI plays a vital role in workforce development. As highlighted in the strategy’s emphasis on building talent and capacity, AI enables analysts
Staff can move away from tedious manual data handling and instead focus on more impactful analysis and strategy. This shift is especially valuable in light of ongoing staffing shortages.
Gain a Single View Across IT and OT Systems
The fourth pillar highlights the need to safeguard essential infrastructure, particularly as government departments manage a mix of cloud, in-house servers, and operational technology (the physical equipment and machinery they rely on). Securing these vital systems demands a clear, unified view across all areas so that risks can be spotted and acted upon swiftly. You simply cannot deal with threats that remain invisible to you.
When choosing tools to achieve this level of oversight for essential infrastructure, departments should focus on these key features:
- Coordinated Insight into Data: Bringing together data streams from both IT and OT systems seamlessly, avoiding a patchwork of separate tools or manual work.
- Adaptable Data Storage: Affordable long-term storage solutions that meet regulatory requirements like OMB M-21-31, while still making it easy to retrieve past records when needed.
- Interoperability via Open Frameworks: Using widely accepted industry standards to prevent dependence on a single vendor and ensure systems work well together.
- Smart Data Processing: Leveraging AI to automatically read, organize, and evaluate logs, allowing teams to find issues early and investigate them more rapidly.
These functions are essential for putting zero-trust security models in place, maintaining constant oversight across government networks, and catching sophisticated threats before they cause harm.
In a time when hackers are harnessing AI to launch attacks at an unprecedented pace, relying exclusively on human capabilities is no longer a viable defense approach.
The national cybersecurity plan stresses a government-wide collaborative approach, making clear that federal cybersecurity efforts need to be coordinated, scalable, and driven by innovation. For civilian agencies navigating this challenging environment, success will hinge on using shared government platforms, applying AI thoughtfully to support skills rather than replace them, and developing connected architectures that provide oversight across all systems.
John Harmon is the regional vice president of cybersecurity strategy at Elastic.
Copyright
© 2026 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.
