Federal agencies face increasingly frequent and more powerful cyberattacks, partly due to the rapid growth of artificial intelligence. The Cybersecurity and Infrastructure Security Agency said in 2025, the agency triaged more than 30,000 cyber incidents governmentwide at their operations center, blocked over 2.6 billion malicious connections across federal civilian networks, and blocked 371 million across critical infrastructure environments.
Against this urgent backdrop, the White House released its Cyber Strategy for America in March, outlining the government’s direction for modernizing its defenses and operations, tools and approaches to better secure critical infrastructure and adapt to the AI-driven threats to come.
The strategy addresses everything from promoting AI regulations to upskilling workers, but for federal civilian agencies, there are three key pillars that should drive their strategy: reducing barriers to adoption for modern security capabilities, integrating agentic and generative AI into cyber operations, and unifying visibility across IT and operational technology environments.
All of these pillars are connected, and all depend fundamentally on the ability to unify and operationalize data across federal environments. Mapping efforts to these three specific areas of the cyber strategy will give agencies a solid foundation for better understanding and responding to threats.
As leaders across federal agencies evaluate how to align with these pillars, a balanced approach that combines rapid innovation with scalable, proven capabilities already deployed across government environments is essential.
Access to modern cybersecurity capabilities
The third pillar of President Donald Trump’s cyber strategy calls for modernizing and securing federal networks, a critical need given the speed and sophistication of today’s new breed of attackers.
At its core, cybersecurity is a data problem. Modern practices depend on the ability to ingest, normalize and operationalize data across diverse sources regardless of format, location or system. Federal agencies require unified data platforms and architectures that support real-time analytics at scale while integrating across legacy and modern environments.
But to truly take advantage of these benefits, agencies must find ways to integrate those innovative technologies. That will be done by reducing friction in both procurement and implementation. Governmentwide initiatives have already laid important groundwork for agencies to follow as they continue their cyber modernization journeys.
- CISA’s Continuous Diagnostics and Mitigation (CDM) program enables centralized visibility into cybersecurity data across civilian agencies.
- CISA’s emerging SIEM-as-a-Service offering aims to standardize data collection, improve threat detection and enable coordinated response.
- The General Services Administration’s OneGov initiative streamlines acquisition and promotes shared services across agencies, saving taxpayer dollars.
These programs reflect a broader federal goal to enable interoperable, scalable cybersecurity capabilities that can be adopted consistently across agencies while minimizing duplication and cost.
Agentic and GenAI for cyber operations
The fifth pillar in the cyber strategy calls on agencies to utilize emerging technologies to strengthen the government’s security posture. This is essential as our adversaries are conducting cyberattacks at machine speed, so agencies must fight AI with AI to stay ahead and address the modern threat landscape.
Generative AI and agentic AI are rapidly transforming cybersecurity operations within federal environments in many ways, enabling agency cyber teams to focus on the most immediate and critical threats.
To better visualize the impact this could have on federal cyber operations, imagine a civilian agency that operates a 24/7 security operations center (SOC). That SOC receives thousands of daily alerts from endpoint detection tools, network sensors, identity systems and vulnerability scanners. With automated alert triaging, AI models will correlate, prioritize and contextualize alerts, reducing security analyst fatigue and improving response times.
Often, these alerts are low-confidence and duplicative, forcing analysts to spend significant time manually sorting through noise to identify true risk. By applying AI models to automate alert triage, the agency can correlate related signals across systems, identify patterns indicative of coordinated activity, and enrich alerts with relevant context.
Agentic AI doesn’t just surface the alert; it autonomously builds the investigation timeline and proposes the remediation script for human approval.
This means analysts receive fewer, higher-quality queues that group related events into actionable cases with recommended next steps and supporting evidence.
Beyond that, AI-powered natural language interaction enables analysts to query security data through conversational interfaces, accelerating investigations and decision-making. AI can also assist in translating legacy detection rules and workflows into modern architectures, reducing the burden of system transitions.
Outside of efficiency gains, AI also plays a critical role in workforce development. As highlighted in the strategy’s focus on building talent and capacity, AI enables analysts to shift from manual data processing to higher-value analytical and strategic work, which is an important advantage given persistent workforce constraints.
Unify visibility across IT and OT environments
Pillar four speaks to the need to secure critical infrastructure, especially as federal agencies increasingly operate across hybrid IT environments that include cloud, on-premises systems, and operational technology systems, like physical devices and tools. Achieving unified visibility across these domains will be crucial for organizations to identify risks and respond effectively. You can’t respond to malicious activity that you can’t see.
There are several core capabilities agencies should prioritize when deploying tools to create the kind of visibility needed to secure critical infrastructure, including:
- Unified data visibility: The ability to correlate telemetry across IT and OT systems without relying on fragmented tools or manual processes.
- Flexible data management: Cost-effective storage options that support compliance requirements such as the Office of Management and Budget’s M-21-31, while enabling rapid access to historical data.
- Standards-based integration: Adoption of open standards and frameworks to reduce vendor lock-in and improve interoperability.
- AI-assisted data processing: Automation to parse, enrich and analyze logs, enabling proactive detection and faster investigations.
These capabilities form the foundation for implementing zero trust architectures, continuous monitoring and advanced threat detection across federal systems.
In an era where adversaries use AI to scale their attacks exponentially, relying solely on human-speed defense is no longer a viable strategy.
The Cyber Strategy emphasizes a whole-of-government approach, reinforcing that federal cybersecurity must be coordinated, scalable and innovation-driven. For federal civilian agencies operating in this increasingly complex threat landscape, success will depend on leveraging shared services and governmentwide platforms, adopting AI responsibly to augment human expertise, and building interoperable architectures that unify visibility across environments.
John Harmon is regional vice president of cyber solutions at Elastic.
Copyright
© 2026 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.
