Despite a surge in spending on cybersecurity in recent years, federal agencies have not had the intended return on their investments.
This past year, the Office of Management and Budget allocated more than $28 billion for nonclassified cybersecurity programs, compared to $7.5 billion in 2006. Those same years have seen a surge of innovation in cybersecurity, providing more sophisticated and effective tools and techniques for every stage of the cyber lifecycle.
And yet a recent report from OMB found that 74 percent of federal agencies were either “at risk” or “high risk” for a cybersecurity breach. More startling, perhaps, was the finding that, in 38 percent of government cybersecurity incidents, the relevant agency could not identify how the hacker perpetrated the attack.
So, where is the disconnect?
Agencies’ Cybersecurity Is Always Running Behind
The problem is that federal agencies are always playing catch-up. As cybersecurity technologies have evolved, so have the enterprises they were created to protect.
Cloud computing and mobile devices have expanded the network in ways never believed possible. Federal agencies once only needed to defend a set perimeter, made up of hard-wired workstations in a set location. As new technologies have extended applications and data beyond the perimeter, agencies have scrambled to adapt their cyber tools, processes and policies as well.
However, many agencies still face major coverage gaps. Often, that’s because they have taken a “shiny object” approach to cybersecurity, buying the newest and most promising technologies without considering how they fit into their overall cyber infrastructure.
Also, even some of the most innovative approaches to cybersecurity still depend largely on human analysts, which limits the gains that can be made. With the growing sophistication and volume of cyberthreats, it is simply too difficult for analysts to keep pace.
To get ahead of the threats, agencies need to turn to artificial intelligence, machine learning and automation technologies. These tools not only limit the human element involved in cybersecurity defense, but also can help cover some of the visibility gaps created from overly complicated systems.
How AI Technology Accelerates Cybersecurity
AI and machine learning involve feeding large amounts of data about both malicious and legitimate files into an algorithm. The algorithm outputs a “classifier” that can be used to look at a new file to determine if that file, URL or even that situation on an endpoint is malicious or not. In a way, the machine becomes the analyst.
AI can monitor that data, and future data, for patterns. It can find patterns that human analysts miss, discovering new threats, identifying new forms of attacks and then storing that information for future use.
One of the most popular forms of AI-based cybersecurity is the idea of a “smoke detector.” Just as a traditional smoke detector warns people of a potential fire in their home, a cyber smoke detector does the same thing. Based on machine learning and event clustering, this technology looks for certain patterns of actions that could mean an attack is either underway or imminent. It alerts human analysts to a possible problem, helping them negate an attack before it even happens.
Another popular technology is learning-based log processing. This is a multilayered approach to threat assessment, based on a file’s static attributes, dynamic behaviors and its relationships with other files.
While log data does get analyzed, there is too much of it for either human analysts or even basic monitoring tools. By using machine learning, agencies can gain insights into log data, helping to discover potential threats or behavior anomalies.
The Road Ahead for Innovation in Cybersecurity
As federal agencies have learned over the past decade, there is no silver bullet to data protection. Cybersecurity requires a wealth of technologies, systems, people and processes to truly protect data.
While technology continues to innovate in the cybersecurity space, the pace of innovation has not always kept up with adversaries.
AI and machine learning can bridge this gap. These two technologies can provide a level of cybersecurity that goes beyond traditional network monitoring and intrusion detection systems. Federal agencies must continue to improve cyber systems. As funding continues to increase, agencies must ensure they use those funds properly, investing in innovative technologies that deliver true results.