Security outside agencies’ comfort zone depends on automation, experience

By Stephanie Kanowitz,
Contributor, Route Fifty

Connecting state and local government leaders

| August 31, 2020

Embracing automation for most network analysis leaves security analysts time to consult playbooks, focus on unique problems, experts say.

During a time that is anything but normal for government agencies, experts say the key on cybersecurity is not going it alone.

Speaking during a recent ACT-IAC webinar on the security of future networks moderated by GCN Editor-in-Chief Troy Schneider, panelists touted the advantages of using advanced technologies such as machine learning to automatically filter data for known threats so that security experts can focus on more complex ones.

“We’ve got to get away from the mindset of ‘you can account for every alert.’ You’ve got to embrace orchestration and [security orchestration, automation, and response] technologies – artificial intelligence, machine learning. You have to embrace this,” said Mike Witt, associate CIO for cybersecurity and privacy at NASA. “You have to take advantage of playbooks and push your teams to basically do a lot of these automated responses so that you can focus your limited analyst power … on some of the more interesting things.”

For instance, as the coronavirus pandemic first started making its way across the globe, Witt and his team took action. They closed three centers, sent employees home to work and performed a “pressure check” on the system. That went well, so the NASA then conducted its first-ever enterprisewide mandatory telework test.

“We knew the pandemic was heading to the U.S.,” Witt said. NASA took advantage of the telework exercise to actively test its security operations centers from a COVID standpoint. It also looked at performance of its network operations centers, he said, “because we’ve got certain functions that have to stay onsite,” adding that today, more than 95% of the agency’s workforce is remote.

Other steps NASA is taking to shore up systems include moving to a zero-trust model, an effort that was underway before the pandemic hit; shrinking its public footprint; and performing continuous red teaming.

ACT-IAC CEO Dave Wennergren touted current federal efforts for setting the stage for agencies’ expedited cybersecurity response during the pandemic. He cited the updated Federal Cloud Computing Strategy, which shifts the emphasis to managing risk; Trusted Internet Connection 3.0, which pushes security adoption; and zero-trust models, which move from protecting agency boundaries and everyone within them to relying on strong identity attributes, data-level security and continuous monitoring and evaluating.

“This new normal that we face has shown that you have to be ready, to be any place, any device, trusted or untrusted and be able to get the mission done,” Wennergren said. “You’re not in this alone,” he reminded attendees. “When you try to deal with security issues and challenges and moving past the comfort zone that we’ve had, when you do it on your own, that’s when you stumble most, and you don’t have to.”

Today, best practices include ensuring that the network and security teams work together, said Zain Ahmed, vice president for civilian and law enforcement sales at CenturyLink, which sponsored the webinar. “Network and security used to be two different paths,” Ahmed said. “They are one thing, and if you start to think about one without the other, it will never be successful. You’ve got to overlay your security and build it into your network.”

He also recommended that agencies take advantage of the 80/20 principle, which states that 80% of what’s happening on the network is noise, while 20% needs attention. Let machine learning handle the former so that skilled analysts can focus on the latter, Ahmed suggested.

“What we’ve found is that a great combination of broad visibility and very specific forensic work … is the right combination” for security, added Mike Benjamin, senior director of threat research at Black Lotus Labs, the threat intelligence and research team at CenturyLink. “If you think about it, finding a needle in a haystack is impossible, but what if you could use the math to find a very small amount of hay – just enough to fit in our hand? We could find the needle at that point.”

NEXT STORY: How government is delivering better election security

This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. / Do Not Sell My Personal Information

Accept Cookies