Big Data and AI: Why They Matter for National Security and Cybersecurity Law

In May 2025, U.S. senators, governors, and business leaders received alarming text and voicemail messages that appeared to come from Susie Wiles, President Trump’s chief of staff. However, the messages were actually AI-generated deepfakes, some featuring convincing audio simulations of Wiles’ voice. These communications frequently included links to fraudulent messaging platforms designed to deploy malware or steal financial data.

AI is making phishing efforts like these more convincing and more prevalent within and beyond the walls of government. And they aren’t limited to identity theft and financial scams; bad actors are also exploiting AI’s capabilities to compromise U.S. national security. Chinese spy agencies, for one, are investing heavily in AI in the hope of advancing their intelligence and covert operations.

The growing relationship between big data and AI is reshaping not only the threat landscape but also the types of professionals needed to defend against it. As these threats escalate, so does the demand for leaders who understand both technology and the law. National security jobs increasingly require expertise in cybersecurity laws, data privacy, and policy. 

A Master of Studies in Law (MSL) degree from George Washington University Law School can help you develop the legal and strategic skills needed to navigate this high-stakes field. GW Law’s MSL Program—available fully online, on campus, or a combination of both–prepares professionals to lead at the intersection of AI, cybersecurity, and law.

The program offers a concentration in national security and cybersecurity law,, covering topics such as critical infrastructure protection, military cyberoperations, and public-private collaboration in countering cyber threats.

The New Battlefield: Big Data, AI, and National Security 

The best way to deal with a security threat is to catch it before it does any damage. The use of predictive analytics, such as early warning systems and AI for threat detection, can expose potential risks and suggest ways to avoid them.

Predictive analytics uses current and historical data to generate informed prognoses. It’s a three-step process, according to the international security firm SOCRadar:

1. Data collection and preparation, which may include studying network logs, threat intelligence feeds, user behavior data, and historical attack patterns
2. Analysis via algorithms to identify patterns and anomalies within data
3. Actionable insights generated after analyzing the collected data to empower cybersecurity teams to prioritize resources, preempt vulnerabilities, and address threats in real time

Predictive analytics “bridges the gap between traditional reactive strategies and forward-looking intelligence, enabling organizations to build resilient defenses and maintain trust in an increasingly interconnected digital world,” according to SOCRadar.

As the tools used by bad actors grow more sophisticated, so do security methods such as biometric surveillance, AI-powered drones, and deepfake detection. While these tools are powerful, they raise critical new legal and ethical questions around privacy, consent, machine autonomy and liability for inadvertent damages caused by their implementation.

What Is Cybersecurity Law, And Why Does It Matter Now?

Cybersecurity laws protect digital infrastructure, personal data, and sensitive systems. These laws increasingly reflect the global scope of today’s digital-first world, balancing the rights of individuals and institutions with the urgent need to keep threats at bay.

The 2025 edition of the World Economic Forum Global Security Outlook reflects on “the increasing complexity of the cyber landscape,” as evidenced by:

• Escalating geopolitical tensions that contribute to a more uncertain environment
• Increased integration of and dependence on more complex supply chains, leading to a more opaque and unpredictable risk landscape
• The rapid adoption of emerging technologies, contributing to new vulnerabilities as cybercriminals leverage them effectively to achieve greater sophistication and scale
• The global proliferation of regulatory requirements, adding a significant compliance burden for organizations

One example of this complexity: cross-border data transfers, the movement of money, goods, services, data, or people from one country to another. They’re essential for international operations, but varying data-protection laws significantly complicate compliance.

You don’t even have to look outside the United States to find a maze of complexity in cybersecurity legal issues. Data breach notification laws vary from state to state, creating significant challenges for businesses engaged in interstate commerce.

These laws aren’t static. Rapidly evolving national and international regulations mean organizations need professionals who can keep pace with constant changes. 

Legal Careers in National Security and Technology 

Lawyers aren’t the only professionals whose work demands legal expertise. Knowledge of the law informs leadership in many careers that do not require a JD degree, including:

• Intelligence analysts, who serve private companies and public institutions by analyzing threats, managing intelligence collections, and preparing intelligence reports. For example, they might use AI to detect suspicious financial activity among suspected terrorist groups or governments that sponsor terrorism.
• Cybersecurity risk officers identify, assess, and mitigate security risks to protect against cyber threats and ensure compliance with frameworks like HIPAA. They might set up, configure, and manage threat controls and tools like firewalls, anti-virus systems, and data encryption software.
• Compliance leads oversee policies and standards to ensure that all departments adhere to rules and regulations. Duties may include performing audits, developing procedures, and assessing potential risks. In a healthcare organization, for example, they might ensure that information technology meets legal, regulatory, and security standards.
• Privacy policy advisors help organizations manage and protect their data in accordance with the highest data protection standards. Duties may include conducting audits and assessments to identify risks and gaps in the data lifecycle and developing and implementing data privacy policies, procedures, and controls to follow laws and frameworks. For example, they might advise a contractor on the ethical use of technology.
• Privacy and security product managers guide the development of data and security-related products, working with other professionals such as engineers and designers to ensure products meet privacy and security standards while also satisfying end users. They might assess whether a company’s website needs a privacy consent banner that allows users to opt in or out of data sharing, for example. 

Why Legal Ethics and AI Can’t Be Separated 

AI has introduced powerful new tools for use in national defense. At the same time, these tools raise complex legal and moral questions. What happens if autonomous agents or weapons escalate a conflict? What if AI facial recognition delivers a false positive of a target combatant?

Such scenarios underscore the importance of robust legal and ethical frameworks in the application of AI, particularly when potentially lethal force is involved. Key issues include:

• Algorithmic bias: Input bias has been a concern for decades. If facial-recognition technology (FRT) training oversamples white men, issues may arise when the technology is applied to female or non-white faces. Such biases can have severe consequences, particularly in law enforcement. The law can address these concerns through bans, regulations, and civil penalties.
• Facial recognition bans: In the United States, bans on FRT vary from state to state and sometimes between municipalities. San Francisco, Oakland, and Berkeley, for example, have all imposed limitations that are far stricter than those in effect throughout the rest of California. Those engaged in national security operations must be familiar with the many conflicting domestic and international laws and regulations. 
• Mass data collection: Public acceptance of state-sponsored privacy infringements like unauthorized mass data collection is situational, studies suggest. People feel safer when FRT is deployed in schools, but worry about privacy when it’s used in public spaces. Government activity in this area is restricted by a matrix of privacy laws, including HIPAA, GLBA, COPPA, and FERPA. 

Preparing for the Future With a Master of Studies in Law

For professionals working at the intersection of law, technology, and policy, a Master of Studies in Law (MSL) from George Washington University Law School can be a powerful career accelerator. Unlike a traditional law degree designed for those pursuing a legal license, the MSL offers legal training tailored for non-lawyers seeking to navigate complex legal and regulatory landscapes.

GW Law’s MSL program offers multiple advantages, including flexibility (it’s delivered entirely online), targeted concentrations (including a concentration in national security and cybersecurity law) and professional relevance.

How GW Law’s MSL Program Builds Future Leaders in Security and Tech 

Two key factors help GW Law’s MSL students prepare for a career in leadership: a relevant, broad-based curriculum and faculty with backgrounds in the public sector, policy work, and security. Courses include:

• National Security Law
• Cybersecurity Law and Policy
• Cybersecurity Law and Technology
• Technology Foundations for Cybersecurity
• Internet Law
• Artificial Intelligence Law and Policy
• Foreign Access to U.S. Technology
• Consumer Privacy and Data Protection: Regulatory Approaches
• Cybersecurity Law Crisis Challenge: Protecting Critical Infrastructure, Risk Management, and Incident Response

The faculty features:

• Jonathan G. Cedarbaum, Professor of practice for national security, cybersecurity, and foreign relations law. Formerly deputy counsel to the president and national security council legal advisor.
• Daniel Justin Solove, Professor of intellectual property and technology law; faculty co-director, GW Center for Law & Technology. Founder of TeachPrivacy, a privacy and cybersecurity training company, and one of the world’s leading experts in privacy law.
• Lisa M. Schenck, Associate Dean for national security, cybersecurity, and foreign relations law. Served in the U.S. Army for more than 25 years as a signal corps officer and then as a judge, lawyer, and educator in the Judge Advocate General’s Corps.
• Jessica Tillipman, Associate dean for government procurement law studies. Formerly an attorney specializing in government contracts and white-collar criminal defense. Author of numerous articles addressing legal and policy issues involving anti-corruption, government procurement, white-collar crime, government ethics, and AI. 

Law, Technology, and National Security in the Age of AI 

Artificial intelligence is radically altering and complicating the technology and national security landscapes. The laws governing these domains grow equally complicated. Businesses and institutions need professionals versed in the relevant laws and regulations and capable of keeping pace with rapid change. 

A GW Law MSL with a concentration in national security and cybersecurity law can arm you with the tools to thrive in this new professional environment. You can earn the degree in a flexible-format program that enables you to attend classes online, on campus, or a combination of both modalities. To learn more, schedule an application walkthrough or apply for admission to the program today.