Artificial Intelligence, Cyber, Zero Trust 5 MIN Read
March 8th, 2022
OUR CAPABILITIES
After countless data breaches and ransomware attacks in recent years, the federal government recognized that its existing manual cyber management approach no longer addresses the ever-evolving cyber threats that continue to appear. In May 2021, the Biden administration published the Cyber Executive Order to bolster our nation’s cybersecurity. The Cyber EO emphasizes the importance of increased security surrounding data access and cybersecurity practices that focus on prevention, in addition to protection. To achieve this, agencies must implement a cybersecurity strategy applying zero trust with a core focus on automation and orchestration.
One way to implement this strategy is through autonomous cyber, which uses artificial intelligence (AI) and machine learning (ML) to detect and respond to unknown and new cyber threats in real-time. To apply autonomous cyber defense capabilities correctly, users must harness enhanced cyber tools, choose technologies that enable integration, and work in a diverse set of environments.
However, adopting autonomous cyber defense comes with challenges. One of the biggest is the constant increase of threats in the cyber landscape. To ensure that the correct capabilities and technologies are being used to detect unknown threats, agencies need to align people and processes surrounding autonomous cyber defense operations. Using AI and ML, it’s possible to identify and prevent threats through automated analysis sensors, threat indicators, and systems outputs.
“Capabilities such as security orchestration, automation, and response (SOAR) improves the effectiveness of the cyber workforce as they can focus on more significant events rather than manually investigating trivial events. As cybersecurity processes leverage automation and become continuous, resources can be used more effectively.”
In addition to specific technologies, autonomous cyber defense should also be applied to use cases such as enhancing perimeter protection, improving endpoint and continuous monitoring, changing misconfiguration, automating patch management, and enriching cyber situational awareness. When agencies focus on increasing agility and strengthening resiliency, it helps prevent more sophisticated cyber-attacks.
Automation and orchestration capabilities play a unique role within each pillar of the Zero Trust Maturity Model, published by the Cybersecurity and Infrastructure Security Agency (CISA). Here are some ways automation and orchestration influence the five pillars:
While the progression to adopt autonomous cyber defense is not easy, it is necessary. The Department of Defense’s (DoD) Cybersecurity Maturity Model Certification (CMMC) has an automation requirement indicating that agencies that leverage automation have more mature cybersecurity systems. The principles of autonomous cyber defense are increasingly being emphasized in various aspects of federal governance, strategy, compliance, modernization of cyber capabilities from zero trust, continuous compliance, DevSecOps, and cloud integration.
It’s important for agencies to partner with third parties when undertaking this cyber challenge. Government contractors understand that autonomous cyber technologies are difficult to learn and implement and have a variety of tools to assist agencies to adopt these technologies gradually. For example, General Dynamics Information Technology (GDIT)’s Cyber Stack Solution helps agencies learn the comprehensive ecosystem of cyber capabilities, addresses the emerging threats changing the cyber landscape, and provides visibility on how to leverage autonomous cyber and enable zero trust in their cyber operations. GDIT’s security, orchestration, automation, and response (SOAR) tool in Cyber Stack has decreased the workload of manual analytical response by 85 percent. Through the development of playbooks and use cases, GDIT has helped agencies determine high-priority, resource-intensive incidents where autonomous cyber technologies can be used. For example, GDIT’s automation use cases explore cueing and orchestration of defenses and remediation, vulnerability ID and autonomous patching, and adaptive defenses and self-securing systems.
Autonomous cybersecurity is changing the way agencies protect and secure their critical data. Despite the growing cyber workforce, there are still demands to meet and roadblocks to cross. Government contractors know implementing autonomous cyber can be overwhelming – and that’s why they’re here to help. They support agencies by implementing autonomous cyber defense technologies that address high-priority impacts and free up cyber professionals to focus time on other important work. The increase of cyber attacks is real, and the stakes are high – it’s important, now more than ever, that agencies implement practices to keep themselves, and their data, secure.
About Dr. Matthew McFadden
Dr. Matthew McFadden spearheads cyber strategy for GDIT’s Federal/Civilian, Defense, and the Intelligence & Homeland Security divisions and develops advanced cyber capabilities and offerings to solve cyber missions. He represents a cyber workforce of more than 3000+ professionals, 30+ cyber alliances, and programs supporting the largest cyber operations and unique cyber missions in the federal sector.