Oct 24 2019

Automation Technology Can Enhance Federal Cybersecurity

AI and machine learning tools free up workers to focus on major threats.

Government IT administrators are responsible for putting out security fires, but that can be tough to do when they’re constantly drinking from the firehose. 

According to CDW’s Cybersecurity Insight Report, 62 percent of organizations have experienced a breach or near breach over the previous six months. And according to the Federal Cybersecurity Risk Determination Report and Action Plan, 73 percent of federal agencies lack visibility into what is happening in their networks. 

Meanwhile, agencies operate on tight budgets with low resources, and IT teams are often forced to prioritize daily issues instead of proactively developing new ways to defend against cyberattacks. 

As in the private sector, automation can help. AI and machine learning can identify penetration instantaneously to stop attacks from doing major harm. Automation can also improve efficiency and take menial tasks off of humans’ to-do lists, which lets cybersecurity teams (even those with unfilled positions ) do their jobs and be creative in creating agile responses to threats. 

Many Cyber Intrusions Can Be Spotted with Automation

The potential is huge and something to be considered during National Cybersecurity Awareness Month. At the Institute for Critical Infrastructure Technology’s Winter Summit in January, Paul Beckman, CISO for the Department of Homeland Security, said about 90 percent of cyber incidences at DHS could be automated.

“Once we get to that utopia — once 90 percent of that generally is being handled in an automated fashion, then I can use the vast majority of my workforce to focus on what I really need them to do, which is the 10 percent of really bad guys,” he said at the summit, according to Federal News Network.

Agencies, for example, can model how humans interact with data so that the model can tell when something is off

“You can’t have just a human being looking at hundreds or thousands of employees interacting with data. But you can rely on machine learning and data analytics to look at the behaviors,” says George Kamis, CTO at Forcepoint

When those interactions diverge — whether a hacker has obtained credentials to impersonate a worker, or the worker him or herself is a threat — the activity is automatically blocked. This is already being done with power companies, he says, though he declined to name specific ones.

This kind of anti-fraud strike also addresses the inevitable: Regardless of how many walls and safeguards and locks and background checks organizations put up against hackers and other bad actors, someone will eventually get in. Phishing attacks are still common. 

MORE FROM FEDTECH: Find out how to choose between software-defined perimeters and VPNs.

Automation Helps Address Cybersecurity Personnel Gaps

According to the Federal Cybersecurity Risk Determination Report and Action Plan, email “remains one of the most common attack vectors across both government and industry” — and it still works. In a cybersecurity exercise, Pentagon employees were phished with an emailed offer of free Washington Redskins tickets. If they fell for it, they were enrolled in additional cybersecurity training. 

Because bad actors will eventually get in, identifying their presence when they do as soon as possible is one thing automation can do. 

“Automation shrinks the time between somebody being able to penetrate an environment and the time they can exfiltrate the data,” says Rishi Bhargava, vice president of product strategy at Palo Alto Networks

This kind of automation can also help address cybersecurity personnel gaps in the federal government. According to a report by security research group ESG, 71 percent of cybersecurity professionals feel that there’s a shortage of people with cybersecurity skills, and the National Initiative for Cybersecurity Education reports that the United States faced a shortfall of almost 314,000 cybersecurity professionals as of January 2019.

MORE FROM FEDTECH: Read about how federal agencies are training employees to spot phishing attacks.

Federal Government Nears a High Rate of Automation Adoption

Automation can help with onboarding processes too, so that when people are hired, they can be trained and put to work on cybersecurity more quickly. “When you hire somebody, it takes a good six to eight months to train them,” says Bhargava. “With an automation layer, what you’re able to do is standardize the process.” 

Overall, it frees up humans to do more, and use their talents to be creative and get important things done. “We will be able to do way more sophisticated decision-making compared with what we are doing today,” he says.

Right now, he says, awareness of automation is “high across different federal sectors,” he says, even if adoption rates are not. “Every new technology has an adoption curve. There needs to be critical mass from a maturity and use perspective before that inflection point.” 

He thinks that the federal government is getting close to that point now. “I think we are on the cusp of a very, very high rate of adoption of automation,” he says

solarseven/Getty Images

aaa 1