By Chuck Brooks, president of Brooks Consulting International
Federal agencies and their industry counterparts are moving at a breakneck pace to modernize in this fast-changing digital world. Artificial intelligence, automation, behavioral analytics, and autonomous decision systems have become integral to mission-critical operations. This includes everything from managing energy and securing borders to delivering healthcare, supporting defense logistics, and verifying identities. These technologies are undeniably enhancing capabilities. However, they are also subtly altering the landscape of risk.
The real concern isn’t any one technology in isolation, but rather the way these technologies now intersect and rely on each other. We’re leaving behind a world of isolated cyber threats. Now, we’re facing convergence risk, a landscape where cybersecurity, artificial intelligence, data integrity, and operational resilience are intertwined in ways that often remain hidden until a failure occurs. We’re no longer just securing networks. We’re safeguarding confidence, continuity, and the trust of society.
The Hidden Weakness: Digital Contagion
Conventional cybersecurity approaches were built to shield systems, data, identities, and infrastructure. However, as AI increasingly drives the decisions within those systems—overseeing energy distribution, managing public-sector logistics, enabling predictive health diagnostics, and automating supply chains—we’re no longer just protecting information. We’re safeguarding the integrity of decisions. What began as a singular weakness—a system left unpatched, a credential that had been compromised—has evolved into a pervasive vulnerability, capable of spreading through the interconnected web of digital environments. I call this digital contagion. It doesn’t always present itself as a classic breach or system failure. Instead, it might surface in less obvious ways: flawed risk modeling, incorrect routing within a supply chain, automated systems making poor choices or identity systems denying access where it should be granted.
Societal Security
These are not traditional cyber incidents. These are failures of confidence. Furthermore, confidence and trust must be incorporated into our national critical infrastructure. The time has come to broaden our perspective on cybersecurity, viewing it as societal security. Given the integration of artificial intelligence within industrial control systems, public health initiatives, emergency management protocols, financial systems, autonomous defense technologies and transportation networks, our protective measures now extend beyond mere data and operational security.
We are, in essence, safeguarding societal resilience. A compromise of an AI model responsible for emergency resource allocation transcends data manipulation; it directly impacts human lives. Similarly, a skewed fraud detection algorithm undermines confidence in financial systems. When identity verification systems fail, citizens are deprived of access to essential services, entitlement programs and healthcare. These incidents are not merely digital inconveniences; they represent significant threats to national resilience.
A New Era of Governance
Governance must evolve to match technological capabilities. Federal cyber strategies have traditionally focused on compliance, protecting the network perimeter, and reducing risk. However, the main goal has changed. In this time of convergence, cybersecurity needs to be evaluated not just on its capabilities and costs, but also on how much it depends on other systems.
Before using any innovative technology, especially AI-based decision-making systems, we should ask these questions: What new dependencies will this create? What will happen if this dependency is compromised? Can the mission continue if the system fails? These questions have been central to my work in homeland security, public policy, protecting critical infrastructure and managing technology risks. They also require both government and industry to move from a focus on protection to a focus on anticipation and resilience.
The future of cyber leadership demands more than just a grasp of tools and compliance. These leaders must grasp the intricate web of system interdependencies, the nuances of human behavior and the ebb and flow of operational realities. Their responsibilities will encompass technology, policy, risk management, ethical considerations and the evolution of the workforce. They will be at the helm of mission assurance, not just cybersecurity.
Success won’t be gauged solely by uptime. Instead, it will be measured by adaptive integrity, system reliability and the ability to maintain operational readiness, even when the going gets tough. We’ve dedicated decades to securing networks, systems and data. Now, the mission has taken on a new level of importance: safeguarding the space between those systems, for that’s where the real risk resides.
