Generative AI Security: Best Practices for Local Government Systems

Scenario: Adriana Martinez sits at her desk with her head in her hands. The sun has set in the community of Crescent City, her IT team has all left for the day, and in the quiet of the darkening office, she tries to prioritize her goals for the second half of the year. The city mayor wants a report on the potential risks of artificial intelligence (AI) by the end of the week. Her public information officer (PIO) wants approval to start using generative AI tools to create press releases and website copy to increase efficiency and support her under-resourced communications team, and the city clerk needs Adriana to respond to the growing list of resident open records requests in response to last week’s brief website security breach. 

Adriana’s head throbs as she asks herself how to lead her city forward as the chief information officer (CIO) at an unparalleled point in technology’s evolution. She’s passionate about harnessing the potential of new technologies such as AI and generative AI to revolutionize local government processes and sees the technology as a source of delivering better services and engaging with residents more efficiently. Yet, the prospect of managing and securing vast amounts of information integrated with decentralized management tools feels insurmountable, especially given the growing trend of cyber threats every community faces.

As the demands from both residents and city officials grow, Adriana finds herself increasingly torn between exploring emerging technologies and protecting the data owned by the community she serves.

Adriana’s story may be fictitious, but her challenge is incredibly real. Residents’ expectations for digital access to secure services are a driving force behind public sector technology strategies. Yet, the security threats local governments face continue to increase, and now AI is changing everything.

AI Opportunities for the Creation of Positive Civic Experiences 

The rise of AI has opened new avenues for governments to enhance resident services and streamline operations. Still, it also raises questions about the need for additional governance, security, and privacy controls as the technology, its use cases, and providers evolve daily.

The public sector should embrace AI’s capabilities as a powerful tool to enhance customer service and streamline processes using best practices and responsible governance. AI technologies, such as chatbots are proven technologies which, offer efficient and automated solutions for handling resident inquiries and providing real-time assistance to residents seeking digital news, information, services, and resources from their local government at all hours of the day and night. AI-powered chatbots enable local governments to respond faster to residents, reducing response times and enhancing overall customer satisfaction. These chatbots can handle routine inquiries, freeing human resources for more complex tasks.

AI further allows local governments to optimize operations by automating repetitive tasks, minimizing human error, and promoting resource efficiency, all while maintaining government data privacy solutions.  AI and generative AI offers numerous opportunities.  A growing number of states are showing interest and as a result, have begun the process of legislating responsible ai use across their constituent services.

What Local Governments Need to Know about AI and Data Security

Implementing AI in government operations should be accompanied by robust data protection measures to improve cybersecurity for local government. These considerations can help government IT leaders make informed decisions about AI’s ethical and secure use and ensure its responsible use. Such factors that leaders need to evaluate include the following:

• Data Governance and Retention: Local governments must establish clear data governance policies outlining the data lifecycle.  Policies should include what and how data will be used, retained and how it will be disposed of securely once it is no longer needed. Proper data management practices minimize the risk of data leaks or breaches. 

• Vulnerabilities in AI Systems: AI systems are not immune to security vulnerabilities. Local governments must conduct thorough risk assessments to identify potential weaknesses in AI algorithms and models. Regularly implementing security patches and updates is essential to address any discovered vulnerabilities and protect against potential cyber threats.

• Data Privacy Compliance: Local governments must comply with data privacy regulations and ensure AI systems adhere to these laws. Collecting and processing personal data through AI algorithms requires explicit consent from residents, and the data must be handled securely and confidentially.

• Secure Data Storage: The data used to train AI models and make predictions must be stored securely. Local governments should utilize encrypted storage solutions and access controls to protect sensitive data from unauthorized access or breaches.

• Insider Threats: Internal personnel accessing AI systems can pose a security risk. Implementing strict access controls and regular monitoring of system activities can help detect and mitigate potential insider threats.

• Adversarial Attacks: AI systems, particularly generative AI, can be vulnerable to adversarial attacks where malicious actors intentionally manipulate input data to produce misleading or harmful results. Local governments must be vigilant in testing AI models against such attacks and implement defenses to minimize their impact.

• AI Bias Mitigation: While avoiding unintended biases is crucial, local governments should also invest in ongoing efforts to detect and address any biases that might emerge during AI operations. Regular audits and bias-checking measures can help ensure fairness and equity in AI decision-making.  A method to reduce bias includes ensuring development teams are diverse. 

• Ethical AI Use: Local governments should adhere to ethical guidelines when deploying AI technologies, especially in sensitive areas like law enforcement or healthcare. Transparently communicating the ethical considerations of AI implementation can foster trust with residents.

• Disaster Recovery and Business Continuity: Local governments must have robust disaster recovery and business continuity plans in place to mitigate the impact of potential AI system failures or security breaches. Regular testing and updating of these plans ensure preparedness.

What is at Risk if AI is Used Irresponsibly?

According to Jim Flynn, CivicPlus Director of Information Security, while there are impactful opportunities for the use of AI, its responsible use should be a top priority for every entity. 

“From the release of executive initiatives in the US and EU that promote AI regulation and responsible AI use and innovation to the request for information to inform a national AI strategy, it’s clear that leaders need to put policies in place that address concerns,” said Flynn. “AI is undoubtedly a powerful technology, but it comes with benefits and risks. Recently, the Director of the Cybersecurity and Infrastructure Agency, Jen Easterly, warned the public of AI-driven tools being an easy avenue for cyberattacks, noting that the innovation of AI technology doesn’t need to come at the expense of safety or security.”

Flynn advises local governments that want to take advantage of AI’s workflow acceleration and automated customer service capabilities to put a policy in place immediately so that staff understands how to use gen AI and other such tools safely without risking resident or government data.

Conclusion

AI is not the first technology to change how people live and work, and it won’t be the last. From the calculator supplementing human’s ability to rapidly complete math equations to email creating an instant and environmentally responsible alternative to paper correspondence, humans will continue to leverage tools to help expedite processes and institutional systems fundamental to society. Local governments that understand the risks and opportunities of this burgeoning technology will be best positioned to leverage it efficiently and opportunistically without the risk of data or security loss.