Generative AI as a force for good in facilitating cyber-resiliency in public sector organizations

In today’s digital age, security has an expanded definition. While physical security remains a critical focus, businesses and other public sector organizations are bolstering their security posture towards a less visible vulnerability: data and computer systems.

According to IBM’s annual data breach report, 83 percent of organizations experienced more than one data breach in 2022. These incidences are estimated to cost businesses worldwide an average of $4.88 million, and experts predict the threat to grow. Public sector organizations – such as government agencies and schools – are not exempt from these statistics. Between 2016 – 2022, US K-12 schools experienced 1,619 publicly disclosed cyberattacks, with 80 percent of school IT professionals reporting a ransomware attack in 2022. Traditionally, the responsibility of monitoring and maintaining the security of an organization’s applications, databases, computers, and websites falls to the chief information security officer (CISO). However, as the technological landscape rapidly evolves, organizations without CISOs are scrambling to level up their technological aptitude, evaluate their existing cybersecurity infrastructure, and install the necessary safeguards to protect their customers and users from potentially devastating impacts.

To address this gap, the­ Digital Transformation Hub (DxHub) at California Polytechnic State University (Cal Poly) in San Luis Obispo – powered by Amazon Web Services (AWS) and part of the AWS Cloud Innovation Centers (CIC) program – took action. The DxHub joined forces with the City of San Diego and the San Diego Cyber Center of Excellence (CCOE) to create ‘My eCISO,’ a generative AI-based application that propels public and private organizations on a path to cyber resiliency.

This post explores the technology behind My eCISO and its implications for organizations looking to protect against attacks. It also dives into the student experience at the DxHub as they made strides with new AWS services like Amazon Bedrock.

About the tool

My eCISO is a generative artificial intelligence (AI) application that walks its users through a natural language interview of their current cybersecurity postures. Unlike human auditors, My eCISO acts like a cyber therapist, applying a question-and-answer format to inform and assist users. This allows users to speak openly and uncover issues in a non-threatening environment. User responses provide the tool with information to generate a report that grades the organization’s current posture and recommends National Institute of Standards and Technology (NIST)-compliant tools and actionable steps for improvement. Users can take this report to relevant decision makers to advocate for cyber resiliency resources and prioritization against a specific list of needs to accelerate their cyber planning. In addition to evaluating organizational cyber resiliency, My eCISO can help users broaden their knowledge of cybersecurity and NIST guidance.

To meet organizations where they are, My eCISO allows users to include only the level of detail that they are comfortable sharing—more details, however, generate more sophisticated reports. This helps users to shape a report that fits their organization’s needs. My eCISO includes recommendations from popular cyber frameworks such as the Center for Internet Security (CIS), Criminal Justice Information Services (CJIS), the Health Insurance Portability and Accountability Act (HIPAA), and more. This is due to the flexibility and power of the natural language capabilities of the AI tool.

My eCISO is powered by Amazon Bedrock and Anthropic’s Claude v2 large language model (LLM), enabling the entire application to be securely and privately hosted in the AWS environment of the organization’s choosing. Amazon Bedrock is a fully managed AWS service that makes foundation models such as Anthropic’s Claude easily accessible through an API that leverages a serverless experience while enabling customers to keep data collected by the chatbot secure within their own AWS environment. Considering the highly sensitive nature of organizational cybersecurity data, security and trust were heavily prioritized in My eCISO’s design and implementation. The application and its data are implemented in a cloud-based environment, ensuring that user input and chat responses are securely stored and accessible only to those entrusted with the region’s cybersecurity patterns. Access is provided only to trusted entities and is provisioned according to security best practices, including multi-factor authentication (MFA), encryption in-transit and at rest, and the principle of least privilege.

In addition to boasting a high-quality performance, Anthropic’s Claude model has been trained using a ‘Constitutional AI’ approach to reinforce secure, ethical behavior. In recent months, the students and staff at the DxHub have conducted additional experimentation and testing to incorporate new, community-specific constitutional statements to further shape My eCISO’s chatbot functionality, which has yielded promising results.

A solution overview

The application relies on several managed AWS services. Amazon Cognito authenticates users and helps keep information secure. Data is persisted to an Amazon Relational Database Service (Amazon RDS) database using a PostgreSQL engine to collect data input during the interview process, which can be used for analytics and to help triage organizations most in need of improvements to their cyber infrastructure. AWS Lambda and Amazon API Gateway provide the backend application logic that can leverage any Amazon Bedrock model. Code is stored in AWS CodeCommit, with automated, continuous deployment and integration managed by AWS CodePipeline and AWS CodeDeploy.

Figure 1. Architectural diagram of the My eCISO solution described in this post. The major components are an Amazon Simple Storage Service (Amazon S3) bucket, Amazon Bedrock, Amazon Cognito, Amazon CloudFront, Amazon API Gateway, AWS Lambda, AWS CodeCommit, AWS CodePipeline, and AWS CodeDeploy.

The future of My eCISO

While initial design and testing focused on K-12 IT stakeholders, test user feedback has indicated that My eCISO is ideal for small business owners with limited budgets or local municipalities with constrained resources. The core logic – which is controlled by a well-engineered prompt – gives the tool flexibility to evolve to serve other use cases and customers. With recent studies showing the US has an IT security worker shortage of 410,000, My eCISO has the ability to scale cyber assessment to regional and state levels and rapidly triage weaknesses of those that need it most. The tool could potentially be run as a shared service by trusted regional governments, municipalities, and/or non-profit entities. In the meantime, the San Diego cyber community will continue to shape My eCISO through the collective development of guidelines.

The DxHub student and customer experience 

At the Cal Poly DxHub, students work hand-in-hand with university staff and Amazon employees to develop new and exciting public sector solutions like My eCISO. The team uses Amazon’s Working Backwards approach to assess customer pain points and iteratively develop solutions that meet customer needs. In early 2023, the DxHub facilitated a Working Backwards workshop to dive deep into San Diego’s needs and define the solution before beginning the rapid prototyping and iteration phase of My eCISO.

“The DxHub has been a great partner in innovating an accessible and effective tool to help under-resourced organizations better understand and address their cybersecurity posture and potential vulnerabilities,” said Lisa Easterly, president and CEO of the San Diego CCOE. “We are excited to now evolve the prototype into production and offer through the San Diego Regional Cyber Lab to small businesses, academia, and government agencies to help foster greater regional resiliency.” 

DxHub students also gain early access to groundbreaking new services like Amazon Bedrock to apply them to emerging use cases, giving them hands-on design, development, and project management experience while they work alongside mentors. Innovating with cutting edge services like Amazon Bedrock and LLMs has been particularly exciting and is setting the student team up for success post-graduation.

“Working for the DxHub gave me an incredible opportunity to work with generative AI technology and get early access to preview services like Amazon Bedrock,” said Cal Poly master’s student and DxHub student employee Chandradeep Chowdhury. “This experience gave me the opportunity to solve a real-world problem using this emerging technology.”

Moving forward, the DxHub team will continue to evolve and master cloud-deployed AI and machine learning (ML) use cases that are innovative, strategic and of high value to the public sector.

Members of Cal Poly DX Hub’s My eCISO team include university members and embedded AWS employees.

Learn more about My eCISO and the DxHub

AWS Partner 11:59 helped the City of San Diego to push My eCISO into production. You can use the city’s live My eCISO tool here. To set up a My eCISO demo – or if you know of a customer who may benefit from My eCISO’s services – please email Nick Osterbur, AWS DxHub digital innovation lead.

Launched in 2017 as the first CIC housed in an institution of higher education, the Cal Poly DxHub provides opportunities for nonprofits, educational bodies, and government agencies to collaborate on their most pressing challenges, test new ideas, and access the technological expertise of AWS to help create cloud-based solutions. To learn more and engage with the Cal Poly DxHub, reach out to your local AWS account manager or visit the DxHub website.

Learn more about the AWS CIC program.

Contributing AWS authors: Nicholas Osterbur, Darren Kraker