Today, as technologies, services, data, and people interact in ever more complex ways, the potential danger from cyber threats has moved beyond traditional networks and computer systems. As we saw during the Colonial Pipeline ransomware attacks and the SolarWinds hack, a cyberattack against our nation’s critical infrastructure (CI) can have devastating impacts across one or more of the 16 CI sectors and produce cascading disruptions that impact multiple sub-sectors. Determined adversaries consistently find innovative methods to exploit vulnerabilities. To stay ahead, we need a rapid, streamlined way to develop, test, and utilize cutting-edge cybersecurity solutions.
To address this need, the Science and Technology Directorate (S&T) and the Cybersecurity and Infrastructure Security Agency (CISA) are partnering to develop CISA’s Cybersecurity Laboratory. The lab is a secure multi-cloud environment that will promote research, collaboration, and testing of cyber-related tradecraft, tools, and datasets. When it is fully realized, its capabilities will expand beyond cyber-focused missions to include a wider range of infrastructure security threats and assessments, and will facilitate engagement with relevant user groups, including industry and academia.
For CISA, the lab will leverage artificial intelligence (AI), machine learning (ML) models, and other advanced data analytics to provide greater situational awareness to inform decision-making regarding the nation’s cybersecurity threats. This environment will develop and test new tools, algorithms, and capabilities in a safe and secure virtual space while managing privacy requirements for protecting data.
“AI and ML are like fancy kitchen appliances—everyone wants the newest and the one with the most features and buttons, but what really matters is the quality of the ingredients that you put in them. And, like the quality of the ingredients, it’s the quality of the data that we are about here at CISA: high-quality data that can make [it] truly useful and adaptable to new situations,” said CISA Chief Data Officer Preston Werntz in a recent panel discussion.
For S&T, it offers an opportunity to evaluate innovative computational and analytic approaches that will not only benefit CISA stakeholders but the DHS enterprise. Any findings and lessons learned will inform analytic efforts across DHS.
The lab environment will have tools that catalog, prepare, and analyze data, build and validate models, and other tools that comprise a rich analytics ecosystem. The lab’s tools will help assess cyber risks and allow stakeholders to anticipate and mitigate future risks.
“We aren’t going after the next great buzzword, we’re addressing complex and evolving threats in an adaptive and flexible environment,” said Dr. Garfield Jones, CISA Associate Chief, Strategic Technology Office.
CISA and S&T, working together, are creating an ecosystem to continually innovate novel solutions to new and evolving threats.
“[It] isn’t a one-and-done, it’s going to be an enduring capability,” added Alexandria Phounsavath, director of S&T’s Data Analytics Technology Center, who also participated in the showcase panel.