Governing Autonomous Technologies: Policy Principles for Resilient, Secure Services

State and local governments face an unprecedented cyber risk environment. Expanding hybrid workforces, mobile devices, and connected infrastructure have widened the public sector’s attack surface — while ransomware, phishing, and AI-driven threats grow more frequent and severe.

This paper explores how autonomous technologies — automated cybersecurity tools that operate at machine speed — can help government leaders safeguard critical infrastructure, maintain continuity of operations, and protect constituents. It outlines practical policy principles to guide adoption, including:

• Establishing clear governance and human-in-the-loop safeguards to prevent over-reliance on automation
• Conducting regular risk and equity reviews to ensure technology does not unintentionally restrict access to vital services
• The 9 questions you should ask your CIO and CISO
  

For policymakers and agency leaders, this paper is both a warning and a roadmap. It highlights strategies for cross-jurisdictional collaboration and offers a vision for future-proofing public services through responsible, human-centered automation.