In the push to keep Federal IT systems secure, cybersecurity teams find themselves overloaded with information and tools and would like to see automation help them turn information into actionable intelligence, IT and industry leaders said during a FedInsider webinar on July 19.
To confront cybersecurity threats, agencies have to look at a broad range of information. “Any evidence- based knowledge that we can get from any source is what we use to analyze [threats],” said Pat Flanders, CIO of the Defense Health Agency (DHA). “There are so many tools out there, and they overlap in some areas and in other places they’re niche tools, and you have to aggregate all of that information to make sense out of it,” he said.
“A lot of the time, the effort is to turn it into actionable information, because initially, there’s a lot of noise and we work it down to what we really need to act upon,” said Mark Johnson, deputy CIO and CISO for the U.S. Agency for International Development (USAID). Johnson noted that the majority of USAID’s operations are overseas, and that the agency requires even more information to protect a uniquely widespread attack surface.
“I was just in a meeting a couple weeks ago with a Federal CISO, and his comment was that they feel that they have a very strong threat intelligence capability, but the one issue they have is that a lot of the data is just information that’s being flowed up, versus intelligence, actionable information,” said Tony Hubbard, a principal for professional service company KPMG. “It’s a double-edged sword in that it’s a good thing that we have so much data available, especially the government sector, but how do you manage all that and synthesize all that and make use of it in a meaningful way?”
“I think where we need to go is with artificial intelligence (AI), to kind of help us use big data to better inform us and to mitigate a lot of the manual work we have to do right now,” said Flanders. “The process we have now is absolutely human intensive. Manual risk management framework evaluations of controls for all the devices we have across the military health system takes time, and if there were a way to automate that, that was certified for use in a DoD environment, that’s really my number one wish for what we need going forward.”
Johnson voiced his strong agreement, saying, “One of our strategies at USAID, in terms of our cybersecurity program, is to automate as much as possible.” He pointed to log analysis as an area where automation could “make a dent” in the backlog and free up employee time, and to artificial intelligence, blockchain, and machine learning technologies as potential solutions. “Our agency, because we’re so spread out, was one of the earlier adopters of cloud technology. We try to push the envelope in terms of innovation, so we’re aggressively looking at automation,” he said.
Hubbard suggested that agencies link their threat intelligence to an enterprise risk management program that covers cybersecurity and other business threats. “The key would be to have that program support executive decision making, so that you have all this information feeding up…and making sure that there’s a venue and a mechanism for the executives of the agency to make informed decisions about how to react.”
To communicate to those decisionmakers, cybersecurity leaders need to change how they present cybersecurity issues to agency leadership, the officials said.
“Throughout government, I think there’s a huge opportunity for us as people who work in the field to make sure that we couch the information we communicate in more business terms,” said Johnson.
“You can’t just get in a room of executives and talk about bits and bytes. You need to be able to communicate what that means to the organization, and what is the real risk to the organization,” added Hubbard.