Original Broadcast, October 1, 2024
Presented by Carahsoft
Innovation in Government, live from the Billington CyberSecurity Summit highlights top leaders that share their expertise on the evolving cybersecurity landscape for a special one-hour program. As cyber threats grow more sophisticated, the urgency to secure critical infrastructure has become paramount for both public and private sectors. Organizations across various industries are turning to emerging technologies to protect vital systems, including industrial control systems (ICS) and supply chains, which are particularly vulnerable to increasingly complex attacks. Get insight from experts in cybersecurity, defense, and technology, highlighting how companies and government agencies are leveraging innovations in AI, machine learning, and specialized cybersecurity frameworks to address these evolving threats.
Securing Infrastructure: Overcoming Cyber Challenges with Emerging Technologies and Supply Chain Protection
Alex Whitworth, Director of Sales at Carahsoft, discusses the critical need for cyber protection of infrastructure, with a particular emphasis on the Department of Defense's (DoD) significant role in safeguarding these systems. He highlights that one of the biggest challenges lies in securing industrial control systems and Supervisory Control And Data Acquisition (SCADA), which are highly vulnerable and essential to the functioning of key infrastructure sectors. Whitworth notes the increasing investment in emerging technologies specifically designed to address these vulnerabilities, as they offer diverse capabilities for protecting critical systems. Another major area of focus is supply chain security, where initiatives like the DoD’s Cybersecurity Maturity Model Certification (CMMC) are vital for bolstering the defense industrial base’s cyber resilience.
Key Takeaways:
- Industrial control systems and SCADA are highly vulnerable components of critical infrastructure, making their protection essential for national security.
- Initiatives like the DoD's CMMC are crucial for securing the supply chain and enhancing cyber protections within the defense industrial base.
- New technologies are being developed and invested in to address infrastructure vulnerabilities, offering advanced capabilities to strengthen cyber defenses.
Addressing Evolving Cyber Threats Through Strong Fundamentals and Government Collaboration
Cynthia Kaiser, Deputy Assistant Director of the FBI Cyber Division, discusses the increasing cyber threats due to the rise in technology usage and how cyber actors target the U.S. in various ways, including financial theft, stealing innovation, spreading misinformation, and targeting critical infrastructure. She highlights that the lines between nation-state actors and cybercriminals have blurred, making it difficult to distinguish between the two. Both groups often use similar methods to exploit basic cybersecurity vulnerabilities, like weak passwords and unpatched systems. Kaiser stresses the importance of mastering cybersecurity fundamentals and emphasizes collaboration between government agencies like the FBI and CISA. This cooperation has evolved significantly over the years, becoming more natural and frequent in response to the growing and sophisticated cyber threat landscape.
Key Takeaways:
- Nation-state actors and cybercriminals increasingly collaborate, using similar tactics to exploit basic security flaws.
- Organizations must focus on the basics, like maintaining updated systems and strong passwords, as these simple steps often prevent breaches.
- Close coordination between the FBI, CISA, and other agencies is critical to counteracting cyber threats, with joint operations and real-time collaboration becoming the norm.
Maximizing AI and Cybersecurity with Precision and Outcome-Based Security Approaches
Eric Trexler, SVP of US Public Sector at Palo Alto Networks, discusses the increasing use of AI tools like copilots to enhance cybersecurity while expressing concern about the lack of focus on AI security itself. While many organizations are eager to adopt AI for efficiency, they often overlook the need to protect data and intellectual property in the process. Trexler emphasizes the importance of "precision AI," which is crucial in detecting and mitigating cybersecurity threats accurately. He also stresses that organizations must adopt an outcome-based approach to security, understanding the specific risks tied to their data and how to protect it. Trexler calls for consolidation and standardization in cybersecurity to prevent agencies from becoming overwhelmed by the sheer number of tools and vendors, pointing out that some forward-thinking organizations have already begun breaking this cycle through integrated, zero-trust initiatives.
Key Takeaways:
- While AI tools are becoming more common, organizations often fail to prioritize protecting their data and intellectual property when using these technologies.
- Agencies need to shift from buying security tools without a clear strategy to focusing on outcomes and understanding the risks tied to their specific data.
- The complexity of managing multiple cybersecurity tools is overwhelming for many organizations, and consolidation of vendors with a focus on zero-trust principles is essential for achieving cohesive security outcomes.
Harnessing AI in Cybersecurity: Building Responsible and Reliable Systems
Steve Faehl, Security CTO at Microsoft Federal, explores the transformative impact of AI in the field of cybersecurity, emphasizing that AI’s potential lies in thoughtful system design rather than simply applying it to individual problems. He notes that AI provides capabilities to analyze data on a scale that was previously unmanageable, allowing security teams to rethink traditional methods. Instead of treating AI as a tool that offers a direct solution, organizations need to develop entire systems that leverage AI’s strengths, particularly in areas where human capacity falls short, such as automating data analysis and tracking nation-state threats. Faehl highlights how AI has enhanced productivity at Microsoft, with a 26% increase in efficiency for analysts, enabling them to cover more areas and respond to cyber threats much faster. He also stresses the importance of responsible AI adoption, where organizations should build reliable systems, test outcomes, and ensure that AI tools align with the specific goals and risks they are addressing. Collaboration and sharing successful strategies across the cybersecurity community are also key to advancing the responsible use of AI.
Key Takeaways:
- AI needs to be integrated into larger systems designed with specific goals, rather than used as a one-size-fits-all solution to individual cybersecurity challenges.
- AI enables a significant increase in productivity, allowing analysts to handle multiple areas of expertise and conduct threat investigations more efficiently.
- Organizations must focus on crafting AI systems that are not only effective but also reliable, measurable, and tested within the context of specific cybersecurity needs and risks.
Balancing Zero Trust and Disaster Recovery: Navigating NGA’s Cybersecurity Challenges
Gary Buchanan, CISO and Director of the Cybersecurity Office at the National Geospatial-Intelligence Agency (NGA), elaborates on the agency's unique position within both the Department of Defense (DoD) and the Intelligence Community (IC). This dual role necessitates adherence to two distinct sets of cybersecurity protocols, particularly as NGA moves toward implementing a Zero Trust architecture. Buchanan outlines the agency’s approach, which begins with assessing its current cybersecurity posture and identifying gaps in compliance. Critical to this transition are initiatives involving micro-segmentation of networks, meticulous data tagging, and overhauls in identity and access management practices. He emphasizes the importance of leveraging open-source standards and fostering partnerships with industry stakeholders, which allows NGA to adopt tools that can seamlessly integrate into their operations.
Key Takeaways:
- NGA is advancing toward Zero Trust by focusing on network micro-segmentation, data tagging, and access controls to ensure compliance with DoD and IC standards.
- Buchanan highlights a shift in cybersecurity from proprietary systems to open-source standards, allowing for faster integration of tools and improved adaptability.
- Disaster recovery at NGA goes beyond traditional backup systems, focusing on ensuring real-time data availability and resilience against both natural disasters and communication failures.
Addressing Cybersecurity in Critical Infrastructure
Robert Bair, CISO Americas at Zscaler, emphasizes the increasing importance of cybersecurity within the critical infrastructure sector, particularly as the government heightens its focus on collaboration with private sector providers. He shares the military's strategic consideration of dual-use critical infrastructure, which supports military operations and requires enhanced visibility to identify vulnerabilities. Bair points out that many smaller municipalities and private entities controlling critical infrastructure are often under-resourced, which complicates the implementation of robust cybersecurity measures. He highlights the growing complexity of operational technology (OT) systems, which are becoming more interconnected yet lack the visibility seen in IT environments. This lack of visibility leads to potential vulnerabilities, especially as adversaries increasingly employ non-traditional cyber tactics, maintaining low and slow access to networks rather than outright attacks. To combat these challenges, Bair advocates for adopting zero trust principles, improving secure remote access, and developing a comprehensive OT maturity model.
Key Takeaways:
-
Gaining visibility into critical infrastructure is essential for identifying vulnerabilities and ensuring robust cybersecurity measures, especially given the diverse management of these assets.
-
Many smaller municipalities and private sector operators of critical infrastructure lack the necessary resources to implement effective cybersecurity practices, highlighting the need for support and best practices.
-
Adversaries are adopting non-traditional cyber tactics, necessitating a focus on Zero Trust strategies and enhanced protection for operational technology systems to prevent prolonged undetected access to networks.
Evolving Cybersecurity Landscape in Federal Agencies
Jennifer Franks, Director of Information Technology and Cybersecurity at the Government Accountability Office (GAO), discusses the pressing cybersecurity challenges facing federal agencies as they enter a new fiscal year. She highlights an increase in malicious attacks and emphasizes the need for federal agencies to improve their zero trust implementations and better manage their hardware and software inventories. Franks notes the importance of adopting AI technologies while maintaining robust cybersecurity and privacy controls. She acknowledges the challenges in aligning policy development with technology implementation and stresses that maturing cybersecurity strategies requires continuous evolution and a cultural shift within agencies. The conversation highlights the need for improved communication and collaboration among federal entities to enhance resilience against cyber threats.
Key Takeaways
- Federal agencies must prioritize maturing their zero trust strategies to protect critical assets amid an increase in malicious cyber activity.
- As federal agencies embrace AI tools, they must simultaneously address cybersecurity and privacy concerns associated with these technologies.
- Enhanced communication and collaboration among federal agencies are crucial to share best practices and improve overall cybersecurity posture, particularly in large, decentralized organizations.
Addressing Technical Debt in Data Security and Cloud Environments
Jim Coyle, the U.S. Public Sector CTO at Lookout, discusses the pressing issues of technical debt and data security as they relate to federal agencies. He emphasizes that while many agencies are increasingly aware of their accumulated technical debt from legacy systems, they are beginning to see the benefits of adopting innovative, cloud-based solutions that can streamline their operations and enhance data security. Coyle highlights the challenge of understanding what data exists, where it is stored, and who has access to it, indicating that these factors are critical for effectively managing technical debt and safeguarding sensitive information. He also notes a significant shift in focus from merely securing cloud infrastructure to prioritizing the protection of data and applications housed within it. This shift requires the implementation of robust policy controls and risk management strategies, which are vital in mitigating vulnerabilities.
Key Takeaways:
-
Agencies need to identify what data they have, where it resides, and who accesses it to effectively manage technical debt and enhance security.
-
The conversation around cybersecurity is shifting from securing cloud infrastructure to prioritizing the protection of data and applications housed within the cloud.
-
Success in cybersecurity should be gauged by the increased resilience against adversarial access to sensitive information, alongside improving mission capabilities for federal agencies.
Advancing Cybersecurity through AI Innovations
Chris Townsend, VP of Public Sector at Elastic, highlights pivotal advancements at the intersection of AI and cybersecurity. He emphasizes the critical role of machine learning and AI in detecting threats and predicting zero-day attacks by analyzing vast datasets for emerging patterns. Townsend introduces two innovative tools developed by Elastic: the AI Assistant, which facilitates the transition from legacy systems by translating queries for cyber operators and enhancing their efficiency, and Attack Discovery, which leverages large language models to prioritize threats based on specific environments, enabling operators to focus on the most critical vulnerabilities and respond swiftly. He also addresses the pressing need to secure AI tools integrated into cybersecurity frameworks, discussing Elastic's retrieval-augmented generation capability. This feature ensures that the data fed into AI models remains accurate, relevant, and secure, preventing misinformation and bolstering the overall effectiveness of cybersecurity operations.
Key Takeaways:
-
Machine learning and AI are critical in identifying emerging threats and vulnerabilities, allowing cybersecurity teams to predict and respond to zero-day threats more effectively.
-
Elastic's new capabilities, such as the AI Assistant and Attack Discovery, empower cyber operators by automating threat prioritization and remediation, significantly shortening learning curves and improving operational efficiency.
-
Elastic's retrieval-augmented generation capability helps mitigate risks associated with data relevance and security in AI applications.