The Federal government is continuing to seek solutions to improve the security of its operational technologies (OT) and IT infrastructure, especially as numerous policy mandates bring further attention to the need for securing government networks.
During MeriTalk’s New and Next Virtual Series: Driving for Automation panel on Nov. 14, panelists from the public and private sectors agreed that automation presents the opportunity to better secure OT and IT, and free up security personnel for higher-level work.
Joe Boye, systems engineering manager-Federal Systems Integrators at Palo Alto Networks, said that in an ever-changing threat landscape security compliance needs to be dynamic.
“The way you achieve that is by having visibility [into the landscape],” Boye said, adding that the abundance of security data that is being collected makes it impossible for humans to truly take the time needed to evaluate it all.
Through automated tools, organizations can begin to build playbooks “to perform a lot of those functions that were highly manual in the past and then allow the teams to be freed up to address higher value activities,” Boye said.
The same applies to protecting OT infrastructure, which are devices that aren’t typically covered under IT security efforts but have increasingly become targets for cybercriminals.
Steve Stark, regional vice president-Americas Channel at Claroty, said that deploying safeguards allows Federal agencies to gain more control of devices that more and more are becoming an attack vector for bad actors, and that deploying automated solutions can help agencies quickly identify anomalies that could indicate threat activity.
Currently, agencies can take alerts or anomalies and send that information to a large communication security device. Having all that information available and being able to automate that process of sifting through the data is becoming more important.
“It’s tough to see maybe somebody coming in and hacking your device, but we can build baselines of activity and then build availability heuristic to say something’s going on here, something’s different,” Stark said.
“There’s a lot of different moving parts. And when you look at automation, I don’t think we’re at the point where there’s remediation that’s taking place through automation, but there certainly is communication between different platforms that allow somebody to make a decision pretty quick,” he added.
However, implementing automated solutions is much easier said than done, especially in the Federal government.
Michael Goulding, deputy director for Cyber Operations at the National Nuclear Security Administration (NNSA), said that in Federal circles, automation is not easy to realize or cheap to implement.
“Typically, as the Federal workforce, we [also] lack the required subject matter expertise as we compete with the private sector to rescale or retrain our workforce to deploy this automation,” Goulding said.
He explained that the NNSA struggles with a lack of standardization in the various applications and toolsets that could help secure its network and ensure collaboration due to its unique ecosystem across the various labs, plants, sites, different operations, and mission functions.
“We need a shift in culture … to understand this information, sharing mindset, and the standardization across the enterprise,” Goulding said.