The Conversation Federal Agencies Are Not Having Clearly Enough
As I covered in earlier articles in this series, the CESER FY2026-2030 Strategic Plan addresses a threat landscape that is broad, converging, and accelerating. Nowhere is that acceleration more apparent than in the role of artificial intelligence.
Most federal cybersecurity discussions about AI focus on one side of the equation: how to use AI to improve detection, automate response, or reduce analyst workload. That conversation is worth having. But CESER’s plan is more honest than most policy documents about the other side of the equation, which is that the same AI capabilities that improve defense are also being weaponized against the infrastructure you are trying to protect.
What AI-FORTS Actually Addresses
The Artificial Intelligence for Operationally Resilient Technologies and Systems program, known as AI-FORTS, is a comprehensive technology effort that CESER is developing along three distinct lines.
The first is securing energy infrastructure from AI-enabled attacks. Adversaries are already using AI to accelerate the identification of vulnerabilities, craft more convincing phishing and social engineering campaigns, and automate intrusion attempts at a pace that traditional signature-based defenses cannot match.
The second line is leveraging AI to detect compromises, operate through them, and enhance supply chain testing tools. This is the defensive application most people think of. But the CESER framing is notable because it includes operating through compromise as a goal, not just preventing it. Resilience is the objective, not just prevention.
The third line is securing AI-based systems themselves. As the energy sector deploys AI to manage grid operations, optimize distribution, and monitor infrastructure, those AI systems become targets. An AI system that controls grid switching is, by definition, critical infrastructure. It needs to be secured accordingly.
The Genesis Mission: A Larger Context
CESER’s participation in the Genesis Mission, a DOE-wide initiative launched by Executive Order 14363, places the AI-FORTS work within a much larger federal effort. The Genesis Mission mobilizes all 17 DOE National Laboratories and associated sites to build an integrated AI platform that addresses three national challenges: energy dominance, scientific discovery, and national security.
For federal cybersecurity leaders, the national security dimension of Genesis is the most directly relevant. It covers securing critical minerals, strengthening supply chains, and accelerating development of defense-ready materials. These are not abstract priorities. They are active operational requirements for agencies supporting national defense.
What Federal Agencies Should Take from This
The CESER approach to AI reflects a maturity that federal cybersecurity programs need to internalize. AI is not a solution you procure and deploy. It is an operating environment that you have to manage on both offense and defense simultaneously.
Federal Zero Trust architecture addresses identity and access. OT security addresses industrial control systems. AI introduces a third dimension that touches both of those domains and extends beyond them. Your threat model needs to account for it.
The final article in this series brings everything together into a set of concrete steps that federal cybersecurity leaders can act on today, grounded in the CESER plan’s priorities.
More From This Series
Rethink Your AI Threat Model
AI is changing how attacks happen. Make sure your strategy accounts for both.
