In many ways, the worst thing that can happen for cybersecurity in the public sector is an interruption of operations. During the 35 day shutdown of the U.S government which occurred between December 22, 2018 and January 25th of this year, massive furloughs left IT systems unmanaged throughout federal agencies.
From FBI to DoD and even the Department of Homeland Security’s new Cybersecurity and Infrastructure Security Agency, thousands of employees were forced to work without compensation or – in some cases – even the guarantee of back pay.
Unsurprisingly, a large number of personnel chose this opportunity to quit their jobs or retire, leaving the U.S in a worse position for dealing with threats in the future. One source told Brian Krebs, “The talent drain after this is finally resolved will cost us five years.”
What’s at Stake During a Shutdown
There is some good news: thanks to the diligent work of specialists throughout government branches, the country escaped without any major security incidents this time around. But the laws stipulate that during a shutdown, only immanent threats can be addressed.
Consequently – with a small number of skeletal teams – federal agencies were only able to secure a shortlist of high-risk networks. And yet, these highly scrutinized areas are not the main cause of concern when it comes to a major attack. Instead, experts fear an intrusion or hack originating from one of the many sub-networks that support the American government which are not deemed important enough to maintain during a shutdown.
When not actively monitored, inconspicuous but deadly targets could include,
- Private email servers
- Subdomains of agency websites
- Millions of IoT devices
- Routers and other network infrastructure
At the beginning of 2018, the Pentagon was deflecting up to 36 million attempted email hacks per day. And as Michael Borohovski observes, “cyberthreats decidedly do not operate on the U.S government’s schedule”.
So given the constant need for vigilance, how can the U.S keep its critical systems and infrastructure intact when funding is stopped?
Systems That Run Themselves
If we look at other areas of the U.S government, one solution suggests itself: automation. Some systems continued to work with little to no human intervention, including
- Shipping and border inspection
- IRS payment processing
- Large portions of Air Traffic Control (ATC) systems
- Automated response to calls and emails
On the one hand, it’s inaccurate to say that these systems fully “ran themselves”; for instance, ATC still requires the presence of human operators even as computers handle most of the heavy lifting.
But at minimum, automation represents a failsafe during trying times that can keep technology running apace until human resources are back online. If we rely on them for portions of critical infrastructure, it stands to reason we can use them to keep the nation safe.
According to a report by the Office of Personnel Management published last year, up to 45% of government activities could be automated right now. And that’s not to speak of ongoing developments which will make that number higher.
Automation and Security
Fortunately, monitoring critical networks with minimal human input is a primary use case for the emerging field of machine learning (ML), an ideal technology for finding patterns in structured and unstructured data. ML has already produced automation solutions once considered impossible.
The technology has enabled functional test automation for the software industry, automated loan management in the financial industry, and AI support agents for customer service. Harnessing the power of neural networks, solutions will soon exist that enable security admins to monitor critical systems automatically.
In the past few years, IBM has continued to develop its Watson AI – which famously beat humans at the classic game show Jeopardy! – with threat detection capabilities that are already used in some large enterprises. More recently, McAfee CTO Steve Grobman delivered a promising presentation on ML cybersecurity applications at RSA 2019.
There’s little doubt that ML will be used to automate security within the next decade, and that is an encouraging development for government shutdowns.
But government agencies don’t have to wait for the next ML breakthrough to begin automating portions of their cybersecurity workflows. During the recent government shutdown, two significant problems included:
- Expiration of TLS and SSL security certificates on public facing sites which left them vulnerable to attack
- Backlog of software updates and security patches that could not be installed and tested during the shutdown leading to massive delays on re-opening
Both of these issues could easily have been resolved with hybrid-cloud networks which are constantly being updated whether personnel are active or not. Software-as-a-Service (SaaS) approaches have revolutionized the way that organizations interact with security software outside the public sector – so why not within it?
For the moment, it’s a matter of where agencies currently are in their digital transformation efforts. With a continual push for cloud and hybrid-cloud-based solutions from FedRAMP, more government partners can be expected to automate their security practices within the next decade – hopefully in time for the next government shutdown.
MathCraft Security Technologies offers a robust product line of NISPOM-compliant security applications for cleared contracts and enterprises. Our solutions are carefully engineered to improve security processes, giving Facility Security Officers (FSOs) and employees the comprehensive tools that they need to manage data, monitor visitors, and automate workflows. For ultimate convenience, they are also available on-premises or via the cloud.