The Department of Energy must invest and implement enterprise-wide data analytics to better mitigate risks and take steps to begin implementing artificial intelligence capabilities in its Intelligence Office and counterintelligence, two reports from the Office of Inspector General recommended this week.
In a report released Monday, the The OIG reported that DOE does not use an enterprise-wide approach to reviewing risks, but rather examines risks in a “piecemeal” manner by grouping together risks identified by each “element,” which includes field organizations and at headquarters. This approach, according to the OIG, results in information gaps that create inefficiencies in identifying, monitoring, and responding to risks within the DOE.
In a separate report released ThursdayOIG said that under the FY 2023 Intelligence Authorization Act, DOE fulfilled only one of 13 requirements regarding the use and governance of AI, thereby violating responsibilities statutory. Some of these include implementing policies related to the use of AI capabilities, developing guidelines for certification of information technology or software systems, and drafting a policy potential to promote intelligence community-wide use of no-code AI enablement tools.
The data-driven report states that “an emphasis on coordinated integration and judicious use of data analytics, including artificial intelligence, can reduce duplication of program office efforts and increase their consistency. This can further enable, with maturation, enterprise-wide and data-driven approaches.
The annual risk assessment process used by the DOE is driven by ad hoc data calls, capturing conditions in high-level, descriptive terms and assigning responsibility to elements to independently identify and address risks, said the BIG. According to the watchdog, an enterprise-wide perspective could help improve risk management processes, such as collecting, analyzing and considering additional data.
“Although the (DOE) considers enterprise-wide risks in its decision-making, it does so in a piecemeal manner by aggregating risks identified by each element rather than looking at risks from a perspective enterprise-wide,” the OIG said.
The OIG recommended that the agency begin with “identifying and addressing the highest enterprise-wide risks,” continue with analysis and integration of element-defined risks, and expand implementing risk management governance practices as capabilities mature.
Regarding the implementation of actions statutorily required for AI implementation, the OIG recommended that the Director of DOE’s Office of Intelligence and Counterintelligence expedite the creation and submission of a report to Congress on adopting AI to improve workflows within agencies. Additionally, the OIG directed the Director to “continue to focus on funding needs, including those related to human capital,” as well as to emphasize these needs to implement the Intelligence Authorization Act. Fiscal Year 2023 and “the full implementation of AI in intelligence operations”.
Finally, the OIG asked the director to ensure that “all relevant officials are trained and knowledgeable in AI concepts and applications as well as AI technologies running on (OIC) systems.” .