Operational Cybersecurity in Action Part 1 of 4 Artwork

HSDF THE PODCAST

The Homeland Security and Defense Forum proudly presents HSDF THE PODCAST, an engaging series of policy discussions with senior government and industry experts on technology and innovation in government. HSDF THE PODCAST looks at how emerging technology - such Artificial Intelligence, cloud computing, 5G, and cybersecurity - is being used to support government missions and secure U.S. national interests.

All Episodes

HSDF THE PODCAST

Operational Cybersecurity in Action Part 1 of 4

September 30, 2025 • Homeland Security & Defense Forum

Welcome to “HSDF THE PODCAST,” a collection of policy discussions on government technology and homeland security brought to you by the Homeland Security and Defense Forum

Artificial intelligence is radically transforming both cybersecurity threats and the government's response capabilities. This candid conversation with leaders from CISA, FBI Cyber Division, Homeland Security Investigations, and DHS Science & Technology pulls back the curtain on how federal agencies are adapting to this new reality.

Featuring:

Bob Costello, Chief Information Officer, CISA
Todd Hemmen, Deputy Assistant Director, Cyber Division, Cyber Capabilities Branch, FBI
Donald Coulter, Senior Science Advisor, Cybersecurity, S&T Directorate, Department of Homeland Security
Jason Hill, Senior Executive Director, Cyber Practice, MANTECH
Michael Prado, Deputy Assistant Director, Cyber Crimes Center, Homeland Security Investigations
Dr. Barry West, Former Senior Advisor (DHS OCIO) and Former FEMA CIO (moderator)

This discussion took place July 23rd, 2025, at HSDF’s Cybersecurity Symposium, Navigating Cybersecurity Strategies in a Volatile World

Follow HSDF THE PODCAST and never miss latest insider talk on government technology, innovation, and security. Visit the HSDF YouTube channel to view hours of insightful policy discussion. For more information about the Homeland Security & Defense Forum (HSDF), visit hsdf.org.

Dr. Barry West, Former Senior Advisor (DHS OCIO) and Former FEMA CIO (moderator): 0:00

Well, good afternoon everybody. How's everybody doing today? Good, good, we've allowed probably 10 to 15 minutes at the end for questions. I've got some questions that I've worked up, obviously, but you'll have plenty of time if you feel we haven't covered anything that you're really wanting to get answered today. But we've got a great panel. I'm excited. We're covering a lot of ground here with this, but they saved the first for first, the best for first, if you would for this one. I'm going to start with Bob. I mean, you've got you just hit your four-year anniversary at CISA. You've done time in industry. You've done time at DHS, at CBP, at ICE. You've done time in the military. You bring a really good perspective. Everybody I talk to though well, not everybody, but from time to time I'll talk to folks that still don't understand the CISA structure. If you could just spend a little bit of time comparing the CISA programs, which there are quite a few significant programs with that of your job in OCIO.

Bob Costello, Chief Information Officer, CISA: 1:10

Sure, no, absolutely. And Barry, great to be here with you and big thanks to HSDF. I love doing these events. So, yeah, it can appear a little confusing, and maybe even more so since I have kind of a dual role right now. So I'm actually part of the Cybersecurity Division and the CIO. We did that earlier this year to gain some efficiencies on how we're deploying our IT programs and management of them. My role is to enable those forward-facing missions to conduct their work.

Bob Costello, Chief Information Officer, CISA: 1:39

The Joint Cyber Defense Collaborative works with industry and federal partners. They handle our interactions like this week as we're responding to the SharePoint vulnerability. They handle those interactions with industry as well as getting things out to the federal civilian executive branch agencies to respond to and work with us. A big part of my role now is ensuring that CSDs the Cybersecurity Division's mission systems are operational. I'm over the mission engineering group, so the cyber analytic environments those are all under me now.

Bob Costello, Chief Information Officer, CISA: 2:13

A lot of our work that we do to collect data from across the F-SEB goes through my systems. Now those could be things like our comprehensive log aggregation warehouse where we take a lot of cloud logs in, and then my work also centers on making sure that capacity building. That's where the CDM program lives, that that program as it's going through its modernization efforts, deploying into our cloud environments and working very closely with us. And then my role as the CIO is all the fun things that a CIO gets to do, whether it's all the things you never thought you'd sign up for, like the Paperwork Reduction Act or records management. Those are all critical functions that I oversee, but then also making sure that the agency has the right support systems, whether that's HR, business systems.

Bob Costello, Chief Information Officer, CISA: 3:03

And then we have, over the last four years and really in the last six months, work to unify CISA under one unified, unclassified environment that we call CISNET. We're not super creative there, but it is a pretty creative system. By the name I mean, it wasn't creative. What we're really working on there is so that the operators don't have to pivot between three different workstations to conduct their work. So threat hunters can work on one system, vulnerability management under Sandy Rudesky can work on one system and we've collapsed a number of operating environments into one and that's really enabling our operators to move faster, reduce costs and give us a different posture on our security landscape, it says because it's quite modern.

Dr. Barry West, Former Senior Advisor (DHS OCIO) and Former FEMA CIO (moderator): 3:49

So that's kind of my role in 30 seconds or two minutes and from a staffing perspective it's got to be helping with that new model as well, I would think.

Bob Costello, Chief Information Officer, CISA: 3:59

I think so One of the things that it's enabling us to do and one of the things that I'm really excited about is, you know, my role as a senior leader isn't about being the CIO, it's getting the next generation ready. So now we have these people that are doing IT under one group. I came up through the IT ranks, you know, from an E1 to where I am today, and that's what I really enjoy doing. So I think, from a staffing perspective, what it's really allowing us to do is take care of those people in a unified format at the agency and make sure our resources are deployed effectively impressed with what you did for the small amount of staff that you have.

Dr. Barry West, Former Senior Advisor (DHS OCIO) and Former FEMA CIO (moderator): 4:35

Could you just give the audience a feel for where you're at now at S&T, your mission, your goals, just at a very high level?

Donald Coulter, Senior Science Advisor, Cybersecurity, S&T Directorate, Department of Homeland Security : 4:53

Right. So as a senior science advisor for cybersecurity, I mean, my number one goal is to make Bob's job and all these guys' jobs better sometime in the future, but not today, though. And all these guys' jobs better sometime in the future, but not today, though. But we are working on some of the technologies and capabilities that are over the horizon, or some of those harder challenges that they can't solve with tools that we can acquire today, and looking forward to seeing how can we look across the department and see what are some of those fundamental cybersecurity challenges that everyone is having and how can we take a look at some of the cutting-edge science and capabilities that are coming out there so that we can apply that.

Donald Coulter, Senior Science Advisor, Cybersecurity, S&T Directorate, Department of Homeland Security : 5:30

So this includes looking at again, everyone's interested in artificial intelligence and machine learning and generative AI capabilities, so we're certainly looking at the impacts there and how we can leverage that, both in our development of secure systems and how we can look at how we can secure these systems that are relying upon these capabilities, also looking at that in terms of the impacts in critical infrastructure and some of those systems as well. So a lot of our job here now, especially as we re-architect ourselves and look at how can we consolidate and coordinate a lot of the research that we're doing? We're going from basic and foundational research all the way through advanced development and integration and testing engine and evaluation and making sure that when our components, uh, are looking at either acquiring and deploying cybersecurity systems for their missions or any system that relies, any digital system that relies on things that need to be secured, that we're helping them do that in an effective manner.

Dr. Barry West, Former Senior Advisor (DHS OCIO) and Former FEMA CIO (moderator): 6:29

Yeah, great Thanks, don Todd. Welcome. Thank you, fbi Cyber Division. So you bring a different perspective here. You're really looking more on the investigative side. But what opportunities or challenges does artificial intelligence present for law enforcement?

Todd Hemmen, Deputy Assistant Director, Cyber Division, Cyber Capabilities Branch, FBI: 6:47

That's a great question. So let me frame this response a little bit. So FBI Cyber Division is kind of uniquely focused on a single statute, so it's Title 18 United States Code, section 1030, the Computer Fraud and Abuse Act. What we are looking at almost exclusively is computer intrusions. So when I respond for cyber division, it's looking at it through the lens of investigating computer intrusions.

Todd Hemmen, Deputy Assistant Director, Cyber Division, Cyber Capabilities Branch, FBI: 7:14

As cyber division has looked at AI we really looked at it in three buckets has looked at AI. We really looked at it in three buckets. The first bucket being how are threat actors using AI? How are cyber criminals using AI? What can we do in the furtherance of our investigations with that knowledge? So that's bucket one. What are the bad guys doing?

Todd Hemmen, Deputy Assistant Director, Cyber Division, Cyber Capabilities Branch, FBI: 7:35

Bucket two is looking at AI vulnerabilities, and that has a couple of different applications. There's the application for opportunities for us to take advantage of potential vulnerabilities as part of our core authorized operations. But there's also this piece of working with agencies like CISA where we are educating the public on inherent vulnerabilities present in AI. Then the third piece is where my team is really focused and that is developing or adopting AI models in a way that benefits our investigative process. So I would say, in terms of the question, opportunities or challenges, probably not terribly different than many of you all. We deal with an abundance of data. We get data from our own investigations, data from partners, data from legal process. We see AI as having the potential to help us be much more efficient in how we're ingesting, processing, normalizing data, how we're using that data for our benefit. So there's a real goal in terms of how we're working with data, where we think AI can have immense application.

Todd Hemmen, Deputy Assistant Director, Cyber Division, Cyber Capabilities Branch, FBI: 8:39

In terms of challenges with AI, probably a couple One with data specifically, much of our data is protected and there are civil liberties. There are privacy implications with us working with data and AI. So, in other words, we can't just point an API at an open-source AI model for fear of what will happen with our data. We don't have the ability to protect our data anymore. So there is the data concern and then other challenges with AI. I think everyone, at least on the panel working in government, will appreciate it's a resource issue. It's a funding issue. If you all have been following the news at all in the past several months, funding is not going up for the government. So trying to be efficient with limited resources, with limited personnel, and how do we prioritize AI efforts with the things that we're currently doing and trying to keep that pace?

Dr. Barry West, Former Senior Advisor (DHS OCIO) and Former FEMA CIO (moderator): 9:33

Thanks, todd. Michael, I'm going to stick with that same theme your Homeland Security Investigations. Some similarities here. How would you answer that? What opportunities or challenges does AI present for law enforcement at HSI?

Michael Prado, Deputy Assistant Director, Cyber Crimes Center, Homeland Security Investigations: 9:50

Yeah, that's a great question and thanks for having me. Pleasure to be here and, as Todd mentioned, he made a lot of great points. Hsi and DHS as a whole, but particularly HSI as the investigative arm of the department, sees a lot of the same challenges that the bureau has, but we're structured a little bit different. As the senior executive overseeing the Cyber Crime Center it's the DHS Cyber Crime Center we're bringing in multiple agencies, components and foreign law enforcement counterparts to address this whole host of emergent threats. But first and foremost among those challenges is the use of AI, the illicit use of AI in particular. Shameless plug. I just had an article published in Sheriff's and Deputy Magazines, the National Sheriff's Association, on the specific topic just the myriad ways that generative AI is being utilized. So what we look at it from an organizational standpoint at HSI is we place all of our cyber resources in one bucket and there's advantages and disadvantages doing that. The FBI is structured a little bit differently and they have those advantages where, like Todd mentioned, they're able to focus in on very specific threats. We kind of co-locate our units together under the umbrella of the DHS Cybercrime Center, each of my operational units broken into the Child Exploitation Investigations Unit and this is nationally speaking and internationally because we are a transnational criminal investigative agency Child Exploitation. Our Cybercrime Unit that's focused on darknet investigations, ransomware, network intrusion, fentanyl, trafficking on the dark web, et cetera, and our computer forensics unit. All three of those operational units supporting the field are addressing jointly the growing challenge of generative AI, and we're seeing it where illicit threat actors, be it individuals or transnational criminal organizations, are able to now scale up their ability to impact or affect a ransomware event or network intrusion event. Generative AI being used to facilitate online fraud schemes where before targeting vulnerable populations like the elderly, for example, was pretty elementary and emanating from places like West Africa and other offshore locations, is now much more sophisticated, and I'm in a room here with some of the brightest folks in the Beltway in the cyber industry. Any of us could be targeted for a financial fraud scheme that is highly sophisticated, a financial fraud scheme that is highly sophisticated, powered by generative AI technology, that either is using voice-mimicking technology, modeling a fake Teams call or Zoom call or what have you. We've seen these things happen, particularly in the financial industry and in the private sector, so it's a much more dangerous environment now in that area.

Michael Prado, Deputy Assistant Director, Cyber Crimes Center, Homeland Security Investigations: 12:45

Another area, and probably the most disturbing area from our perspective at HSI is the area of child exploitation and the use of generative AI to create imagery involving the sexual abuse of children. What we're seeing is multiple different ways that individuals and organizations are affecting that by enhancing known images of child exploitation, creating fully generated images of child exploitation, which is a federal offense and the most disturbing taking images innocuous images from social media and other places or out in public. Using those images coupled with generative AI technology to create sexually explicit images of unknowing victims Absolutely tragic. We're focused big time on that right now by finding new ways, using and leveraging AI technology to make us more efficient. Give you an example of the scale In 2023, the National Center for Missing and Exploited Children reported about 6,700 cyber tip lines related to generative AI.

Michael Prado, Deputy Assistant Director, Cyber Crimes Center, Homeland Security Investigations: 13:48

In 2024, that jumped to over 67,000, so a tenfold increase. 2025, we anticipate that's absolutely going to skyrocket into the high six figures, if not the low seven figures. That's how ubiquitous this technology is. That's how easy it is to access it. I'm sure most everybody here has some form of chat, gbt or other app on their phone. It's not those technologies that are being used to affect this type of really nefarious activity. It's the open source gen AI technology that's being used by illicit actors on their own devices, and that's one of the challenges that we have. So we're looking for a lot of help from private industry. We're looking for legislative solutions, but it's an uphill challenge, and I haven't even touched on computer forensics, but I don't want to hog the entire time here. Thanks, michael.