How democracies need to enhance cybersecurity protections against authoritarian adversaries with fewer legal barriers is concerning to a leading cybersecurity expert.
Paulo Costa, George Mason University professor and chair of the Cyber Security Engineering Department, told GovCon Wire on Monday that democracies are disadvantaged in cybersecurity compared to autocracies for a variety of reasons. While the greatest strengths of the U.S. as a democratic nation are its transparency and accountability, Costa said these are also its main challenges with integrating AI technologies into federal networks because adversaries, often helmed by dictators, aren’t concerned with these democratic norms.
How to Adhere to Compliance Requirements
The trick is for the U.S. to enhance cybersecurity while adhering to compliance requirements without overstepping legal boundaries or compromising the effective management of human resources.
“If we manage to address such issues, our systems will be inherently more powerful than theirs as we will likely find ways to account for the model’s lack of explainability,” Costa said.
Hear Costa discuss the role of AI in cybersecurity in defending federal networks at the Potomac Officer Club’s 2025 Cyber Summit on May 15 at the Marriott Fairview Park in Falls Church, Virginia. Costa will also talk about filling skill gaps in addressing workforce readiness in AI and cyber, and issues of explainability, transparency and compliance. Tickets are selling fast for this fascinating GovCon conference; sign up today!
Costa said his most concerning technical issue is attacks on AI infrastructure. The use of AI systems at the edge is appealing and almost mandatory, he said, as it gives the U.S. strong capabilities that its adversaries will also have.
Problems With Use of Capabilities at the Edge
But the problem is that the use of capabilities at the edge, including endpoint security, threat intel and behavioral analytics, would introduce the vulnerabilities these modes are known to possess. They would also bring a risk of overconfidence from U.S. operators on a technology that has limitations and is error-prone.
Federal job cuts and budget tightening by the White House could negatively impact defending federal networks with AI and cybersecurity. Costa said these will cause delays and hinder the development and both adoption and integration of AI technologies in government systems because most agencies will stick with legacy systems.
This is a terrible idea from a strategic perspective, he added, because while the workforce reduction might initially lead to a push for more automation, the technology is not ready for autonomy. Costa said this would result in automation still relying on humans. Having fewer humans ready will definitely put the U.S. in a risky situation.
How Federal Job Cuts Will Impact Cyber R&D
Additionally, Costa said these federal job cuts will impact R&D and pilot funding for AI and cyber, which is particularly tough in the current stage of the technology. This, he said, might seriously compromise the country’s ability to keep pace with its adversaries, let alone become a leader in AI and cyber adoption. ”
“My hope is that a few visionaries in government will make lemonade from lemons by leveraging the increased focus on automation, sharing resources among agencies and other mitigation strategies to keep us at the forefront of AI and cyber,” Costa said.
Business Opportunities in AI and Cyber
Costa said business opportunities in AI and cybersecurity remain for government contractors, even in this unprecedented era of budget slashing. This is because most government leaders recognize the adoption of these technologies by government agencies is not only irreversible, but urgent.
Thus, agencies will continue to actively seek support in areas where internal capabilities lag, especially when it comes to integrating cutting-edge AI with existing cyber defense frameworks. Costa said if he ran a small- or medium-sized GovCon busineshe’de’d focus his resources on strategic niches where agility, innovation and deep expertise can beat the big players, and where government demand is high but implementation remains challenging.
This includes technologies such as zero trust enablement with AI-driven behavior analytics; AI-driven Security Operations Centers, or SOC; automation, data engineering and others in which a nimble R&D infrastructure can be a lot more effective than government-owned R&D.
The Potomac Officers Club’s 2025 Cyber Summit is your opportunity to learn more about cutting-edge AI and cybersecurity capabilities from experts like Paulo Costa. Create new partnerships with leading government contractors in a supportive and exciting environment. Don’t miss out!
