After countless data breaches, ransomware attacks, and cyber attacks in recent years, the Federal government recognized that its existing manual cyber management approach no longer addresses the ever-evolving cyber threats that continue to appear. In May 2021, the Biden administration published the Cyber Executive Order to bolster our nation’s cybersecurity. The Cyber EO emphasizes the importance of increased security surrounding data access and cybersecurity practices that focus on prevention, in addition to protection. To achieve this, agencies must implement a cybersecurity strategy applying zero trust with a core focus on automation and orchestration.
Responding to Threats in Real Time
One way to implement this strategy is through autonomous cyber, which uses artificial intelligence (AI) and machine learning (ML) to detect and respond to unknown and new cyber threats in real-time. To apply autonomous cyber defense capabilities correctly, users must harness enhanced cyber tools, choose technologies that enable integration, and work in a diverse set of environments.
However, adopting autonomous cyber defense comes with challenges. One of the biggest is the constant increase of threats in the cyber landscape. To ensure that the correct capabilities and technologies are being used to detect unknown threats, agencies need to align people and processes surrounding autonomous cyber defense operations. Using AI and ML, it’s possible to identify and prevent threats through automated analysis sensors, threat indicators, and systems outputs. Capabilities such as security orchestration, automation, and response (SOAR) improves the effectiveness of the cyber workforce as they can focus on more significant events rather than manually investigating trivial events. As cybersecurity processes leverage automation and become continuous, resources can be used more effectively.
In addition to specific technologies, autonomous cyber defense should also be applied to use cases such as enhancing perimeter protection, improving endpoint and continuous monitoring, changing misconfiguration, automating patch management, and enriching cyber situational awareness. When agencies focus on increasing agility and strengthening resiliency, it helps prevent more sophisticated cyber-attacks.
Roadmap to Zero Trust
Automation and orchestration capabilities play a unique role within each pillar of the Zero Trust Maturity Model, published by the Cybersecurity and Infrastructure Security Agency (CISA). Here are some ways automation and orchestration influence the five pillars:
- Identity – Traditionally, agencies manually verified the identity of a user, sometimes mistaking bad actors as a trusted source. Automation and orchestration can be used to eliminate human error and implement access control technologies, such as AI and ML, to verify identity
- Device – Similar to the identity pillar, agencies manually managed devices. Automation and orchestration capabilities can provide reactive and dynamic scaling to prevent unauthorized devices from accessing resources
- Network/Environment – Agencies initiated and executed network and environment changes following workflows. Autonomous cyber defense can trace IP addresses and locate uncharacteristic patterns in a network
- Application Workload – In the past, agencies established a central on-premise location to verify a user. Autonomous cyber defense and zero trust verifies the identity of a user both on and off premise
- Data – Legacy systems lacked consistent organization and labeling, which prevented automation and orchestration. Agencies can schedule audits that allow automation and orchestration to arrange backups of data
Trusted Partners Are Here to Help
While the progression to adopt autonomous cyber defense is not easy, it is necessary. The Department of Defense’s (DoD) Cybersecurity Maturity Model Certification (CMMC) has an automation requirement indicating that agencies that leverage automation have more mature cybersecurity systems. The principles of autonomous cyber defense are increasingly being emphasized in various aspects of Federal governance, strategy, compliance, modernization of cyber capabilities from zero trust, continuous compliance, DevSecOps, and cloud integration.
It’s important for agencies to partner with third parties when undertaking this cyber challenge. Government contractors understand that autonomous cyber technologies are difficult to learn and implement and have a variety of tools to assist agencies to adopt these technologies gradually. For example, General Dynamics Information Technology’s Cyber Stack Solution helps agencies learn the comprehensive ecosystem of cyber capabilities, addresses the emerging threats changing the cyber landscape, and provides visibility on how to leverage autonomous cyber and enable zero trust in their cyber operations. GDIT’s security, orchestration, automation, and response (SOAR) tool in Cyber Stack has decreased the workload of manual analytical response by 85 percent. Through the development of playbooks and use cases, GDIT has helped agencies determine high-priority, resource-intensive incidents where autonomous cyber technologies can be used. For example, GDIT’s automation use cases explore cueing and orchestration of defenses and remediation, vulnerability ID and autonomous patching, and adaptive defenses and self-securing systems.
A High Stakes Future
Autonomous cybersecurity is changing the way agencies protect and secure their critical data. Despite the growing cyber workforce, there are still demands to meet and roadblocks to cross. Government contractors know implementing autonomous cyber can be overwhelming – and that’s why they’re here to help. They support agencies by implementing autonomous cyber defense technologies that address high-priority impacts and free up cyber professionals to focus time on other important work. The increase of cyber attacks is real, and the stakes are high – it’s important, now more than ever, that agencies implement practices to keep themselves, and their data, secure.
About Dr. Matthew McFadden
Dr. Matthew McFadden spearheads cyber strategy for GDIT’s Federal/Civilian, Defense, and the Intelligence & Homeland Security divisions and develops advanced cyber capabilities and offerings to solve cyber missions. He represents a cyber workforce of more than 3000+ professionals, 30+ cyber alliances, and programs supporting the largest cyber operations and unique cyber missions in the Federal sector.
The opinions expressed in this article are those of the author. They do not necessarily reflect the opinions or views of Executive Mosaic or its publications.