GDIT’s Cyber Director, Dr. Matt McFadden, recently spoke with the government IT publication, Meritalk, about the many trends behind the growing demand for cyber automation technology. In the piece below, Dr. McFadden cites the imbalance between the demand for cybersecurity solutions and the number of cyber professionals (even as the field grows) as one reason for that growth.
Automation tools, which themselves still require oversight, allow cyber defenders to focus on high-priority items while the tools focus on things like enhanced perimeter protection, improved endpoint and continuous monitoring, automated patch management, and more, contributing to enriched cyber situational awareness overall.
Read more of what Dr. McFadden had to say below.
A confluence of trends – including ever-mounting cyber attacks, expanding network attack surfaces stemming from increased teleworking during the coronavirus pandemic, and an enduring shortage of skilled cybersecurity workforce talent – is creating demand for more autonomous cybersecurity technologies.
The good news for Federal government IT is the parallel between the need for more automation in cybersecurity and the efforts in developing machine learning (ML) and artificial intelligence (AI) technologies. Those are the foundational technologies integral to making machines shoulder more of the basic workload in cyber defense, while freeing up human capital to do the more advanced labor.
There’s nothing new about the need for cybersecurity; for as long as IT networks have provided services, they have been under attack by adversaries seeing disruption and monetary gains. But as networks – and attackers – have become more sophisticated, the sheer number of attacks has created a problem that often outstrips its ability to handle adversaries quickly and efficiently by human-only means.
Enter autonomous cybersecurity. Simply put, automated cyber defense harnesses advanced technologies like ML and AI to detect and analyze millions of points of cyber threat data. The goal is to automate responses to as many of those as possible, while steering thornier threats to the finite resources of human cyber defenders. Deploying this technology allows for a stronger perimeter, better management of automated patches, more awareness around cyber occurrences, and improved monitoring of endpoints.
With annual Federal cybersecurity spending reaching $17 billion in FY2020, the government is devoting large resources to address network defense problems. And in FY2019, according to the Office of Management and Budget’s (OMB) latest report to Congress, the government reported improved cyber defense metrics, which saw an eight percent decline in reported cyber “incidents,” to a total of 28,581 incidents. Just three incidents were classified as “major.”
But alongside results like that, the government is also warning that the number of attempted cyber-attacks continues to rise, particularly during the COVID-19 pandemic.
The Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC) warned in April of a big upswing in pandemic-related attacks by advanced persistent threat (APT) groups. Observed threats included phishing and malware distribution, often targeting newly deployed teleworking infrastructures.
“Both CISA and NCSC are seeing a growing use of COVID-19-related themes by malicious cyber actors,” the two agencies said. “At the same time the surge in teleworking has increased the use of potentially vulnerable services, such as virtual private networks (VPNs), amplifying the threat to individuals and organizations.”
The rapid turn to telework by Federal civilian agencies to protect workforces and sustain operations during the pandemic has also increased attack surfaces through the addition of more mobile endpoints and home-based connections that are outside the traditional network perimeter. The need to operate outside the existing perimeter ushers zero trust concepts of security into the equation.
At the Federal agency level, tech leaders have told MeriTalk in CIO Crossroads interviews of major upticks in phishing and other exploits directed against them. Gundeep Ahluwalia, CIO at the Labor Department, illustrated the scope of the problem by saying the agency receives more than six million emails per week, and blocks up to 80 percent of those due to elevated cybersecurity concerns.
With attack instances on the rise, and attack surfaces in expansion mode, the need to build a more skilled cybersecurity workforce to meet those challenges remains top of mind. That’s not for a lack of effort – the White House and Office of Management Budget have targeted the problem in executive orders and in the President’s Management Agenda, but research published late last year estimated there is a 500,000 worker shortfall in the U.S., and a bigger number worldwide.
While locating enough talented human capital is projected to remain a problem, the answer is likely to lie in using automated technologies like ML and AI to help fill the gap.
“Despite the growing cyber workforce, there are still finite resources to meet demand,” said Dr. Matt McFadden, Cyber Director at GDIT.
“We need our cyber defenders to maximize their time to focus on the high priority impacts, rather than on the trivial ones they’re bogged down with. Autonomous cyber defense can help solve those challenges – resulting in enhanced perimeter protection, improved endpoint and continuous monitoring, automated patch management, and enriched cyber situational awareness,” he said.
Focusing on more than just cybersecurity, numerous Federal agencies are pressing ahead with ML/AI development efforts, better preparing them to implement the fundamental technologies needed for cyber automation.
Among those, the Defense Department’s Joint Artificial Intelligence Center (JAIC) and the General Services Administration (GSA) said in March that their Center of Excellence on AI achieved new milestones in leveraging data as a strategic asset, including data management across several mission areas, as well as cybersecurity.
In addition, the Defense Department’s groundbreaking effort to enforce tougher cybersecurity standards in the defense industrial base through its Cybersecurity Maturity Model Certification (CMMC) program requires automated analysis of audit logs to identify and act on critical cybersecurity indicators or other defined suspicious activities.
Depending on the outcome of the CMMC effort, it’s a good bet that other Federal agencies with critical infrastructure protection in their portfolios will adopt similar models and requirements.
“I see a lot of great outcomes from the shift to autonomous cybersecurity, as a lot of cyber defenses are leveraged in parallel with the zero-trust strategy,” GDIT’s Dr. McFadden said. “One example is the Department of Defense’s CMMC, which demonstrates that the more you leverage automation, the more mature your cybersecurity is.”
Meanwhile in Congress, new efforts are stirring to devote large Federal investments to data automation technologies that fall in line with the push for automated cybersecurity.
Late last month, lawmakers in the House and Senate introduced the bipartisan Endless Frontier Act that would overhaul the National Science Foundation (NSF) to jumpstart new research efforts to position the U.S. as a global technology leader.
The bill would create a new Technology Directorate at NSF and provide $100 billion of funding over five years for research in a range of fields including ML and AI, cybersecurity, data storage, and data management technologies.
Learn more about GDIT’s cyber capabilities.
This interview first appeared on Mertialk.com in June 2020.