Many Cyber Intrusions Can Be Spotted with Automation
The potential is huge and something to be considered during National Cybersecurity Awareness Month. At the Institute for Critical Infrastructure Technology’s Winter Summit in January, Paul Beckman, CISO for the Department of Homeland Security, said about 90 percent of cyber incidences at DHS could be automated.
“Once we get to that utopia — once 90 percent of that generally is being handled in an automated fashion, then I can use the vast majority of my workforce to focus on what I really need them to do, which is the 10 percent of really bad guys,” he said at the summit, according to Federal News Network.
Agencies, for example, can model how humans interact with data so that the model can tell when something is off.
“You can’t have just a human being looking at hundreds or thousands of employees interacting with data. But you can rely on machine learning and data analytics to look at the behaviors,” says George Kamis, CTO at Forcepoint.
When those interactions diverge — whether a hacker has obtained credentials to impersonate a worker, or the worker him or herself is a threat — the activity is automatically blocked. This is already being done with power companies, he says, though he declined to name specific ones.
This kind of anti-fraud strike also addresses the inevitable: Regardless of how many walls and safeguards and locks and background checks organizations put up against hackers and other bad actors, someone will eventually get in. Phishing attacks are still common.
MORE FROM FEDTECH: Find out how to choose between software-defined perimeters and VPNs.
Automation Helps Address Cybersecurity Personnel Gaps
According to the Federal Cybersecurity Risk Determination Report and Action Plan, email “remains one of the most common attack vectors across both government and industry” — and it still works. In a cybersecurity exercise, Pentagon employees were phished with an emailed offer of free Washington Redskins tickets. If they fell for it, they were enrolled in additional cybersecurity training.
Because bad actors will eventually get in, identifying their presence when they do as soon as possible is one thing automation can do.
“Automation shrinks the time between somebody being able to penetrate an environment and the time they can exfiltrate the data,” says Rishi Bhargava, vice president of product strategy at Palo Alto Networks.
This kind of automation can also help address cybersecurity personnel gaps in the federal government. According to a report by security research group ESG, 71 percent of cybersecurity professionals feel that there’s a shortage of people with cybersecurity skills, and the National Initiative for Cybersecurity Education reports that the United States faced a shortfall of almost 314,000 cybersecurity professionals as of January 2019.
MORE FROM FEDTECH: Read about how federal agencies are training employees to spot phishing attacks.
Federal Government Nears a High Rate of Automation Adoption
Automation can help with onboarding processes too, so that when people are hired, they can be trained and put to work on cybersecurity more quickly. “When you hire somebody, it takes a good six to eight months to train them,” says Bhargava. “With an automation layer, what you’re able to do is standardize the process.”
Overall, it frees up humans to do more, and use their talents to be creative and get important things done. “We will be able to do way more sophisticated decision-making compared with what we are doing today,” he says.
Right now, he says, awareness of automation is “high across different federal sectors,” he says, even if adoption rates are not. “Every new technology has an adoption curve. There needs to be critical mass from a maturity and use perspective before that inflection point.”
He thinks that the federal government is getting close to that point now. “I think we are on the cusp of a very, very high rate of adoption of automation,” he says
