AI Won't Save Federal Cybersecurity Without Clean, Accessible Data

Data First: The Real Lever for AI-Driven Cyber Defense

AI will not fix weak cybersecurity data. That was the message from Matthew McFadden, vice president of cyber at General Dynamics Information Technology. "As adversaries scale their tactics, we have to level up too," he said. "AI is going to help us, but only if we have the right foundation in place."

For executive teams, that foundation is a clear data strategy: what to capture, how to govern it, who can use it and how quickly it flows into decisions. Algorithms matter, but outcomes are dictated by data quality and access.

Why Data Quality Decides AI Effectiveness

AI-enabled cybersecurity runs on telemetry-endpoint, network, identity, and cloud signals that feed behavioral analytics, monitoring and automated response. Agencies often have volume, but lack structure and reach. "If you don't have access to the data, how can you act on it?" McFadden asked.

Fragmented tools and isolated cloud environments slow detection and response. The result is delayed correlation, missed context and manual toil where speed is non-negotiable.

Turn Data Into Actionable Intelligence

The priority isn't "collect more." It's "make it usable." That means governance, quality controls and breaking down silos so AI can connect the dots in near real time.

"We can leverage data to prioritize risk, we can leverage it to look for outliers that could be an adversary," McFadden said. "And in the event of a breach, we can leverage it to automate our response and remediate high-risk systems."

Three Steps to Build AI-Ready Data

• Assess your data footprint. Catalog what you have across on-prem, cloud and SaaS. Rate sources by fidelity, timeliness and mission value. Delete or archive ROT (redundant, obsolete, trivial) data that drives cost and noise.
• Optimize and right-size. "Just because you're ingesting that data doesn't mean it's all usable," McFadden said. Centralize only high-value data in a common store. Standardize schemas (e.g., OCSF-style fields), enforce data contracts and set retention tiers so hot data stays close to detection and response.
• Automate with purpose. Validate inputs, tag assets, enrich identities and map detections to playbooks. Push clean signals into SOAR workflows to cut manual queues. "Without automation, the cybersecurity workforce is stuck in a reactive cycle," McFadden warned.

What Executives Should Fund and Fix Next Quarter

• Name an owner for cyber data. Treat security telemetry as a product with a backlog, SLAs and a roadmap. Assign a leader to drive quality, access and re-use across teams.
• Set data quality SLAs. Define freshness, completeness and accuracy thresholds per source. Alert when feeds degrade. Tie SLAs to detection and response outcomes.
• Standardize telemetry. Normalize event fields across EDR, network, identity and cloud so models correlate faster. Remove "CSV of the week" workflows.
• Accelerate access with Zero Trust. Grant least-privilege, audited access for analysts and models. Use policy-based controls to share across enclaves without copy-sprawl. See the CISA Zero Trust Maturity Model.
• Build streaming pipelines. Move from batch to event-driven flows where it matters: identity changes, privileged actions, east-west traffic, SaaS admin events.
• Instrument playbooks end-to-end. For top threats, define detection → triage → containment steps with clear human decision points. Log every action for audit and learning.
• Upskill the team. Data engineering, feature engineering and model ops are now core security skills. If you need a fast ramp for role-based learning, explore courses by job.

Measure What Matters

• Coverage: % of critical assets sending normalized telemetry.
• Freshness: Median ingest and enrichment latency by source.
• Detection quality: True-positive rate, false-positive rate and time to first correlation.
• Response speed: MTTD and MTTR segmented by automated vs. manual cases.
• Containment efficacy: % of priority incidents auto-contained within policy.
• Model health: Drift, data gaps and feature availability against baselines.

Responsible AI, With Humans in the Loop

Use AI as a force multiplier, not a replacement for expert judgment. Keep analysts in the loop for high-impact actions, require explanation for automated decisions and log everything for audit.

Adopt a clear governance framework for testing, red-teaming and risk management. The NIST AI Risk Management Framework is a strong starting point for policy, tooling and oversight.

McFadden's take is pragmatic: invest in the data foundation, then scale automation. "The reward outweighs the risk," he said. With clean, accessible data and the right guardrails, AI can correlate faster, reduce risk and strengthen defenses across the enterprise.