The federal government is under-utilizing available resources and manpower they already possess, while security operations teams (SOC) are spending too much time on routine tasks that can be automated, according to the new MeriTalk cyber study, Pedal to the Metal: Mitigating New Threats Faster with Rapid Intel and Automation.
“Specifically, the report found at least 20 percent noted 12 or more members of their agency’s SOC teams are primarily responsible for these mundane tasks,” MeriTalk said, noting that, “As you know, the Trump administration has indicated it will be reviewing US cyber defenses andvulnerabilities as a high priority. One of the issues they will find is the cyber workforce shortage” and that the, “Feds are quick to say they lack in-demand cyber personnel to defend their networks from advanced cyber threats.”
MeriTalk Founder Steve O’Keeffe told Homeland Security Today, “The report shows that cyber threats are continuously changing and we are falling behind. But, there is a silver lining. The research confirms that in many cases we have the data, the tools, the capabilities, and, contrary to popular belief, the cybersecurity skills to improve how we combat these attacks. Automating crucial, but routine, threat intelligence tasks frees cyber teams to hunt and identify the more sophisticated threats – improving response times so agencies don’t become tomorrow’s news headline.”
“With today’s advancements in technology and automation, governments can more effectively position their cybersecurity talent so they are focused on tackling the most critical challenges that require human analysis and lettechnology handle the tasks that can be automated. The report found that improved threat monitoring, correlation and protection automation can help federal agencies save money in their cybersecurity budget and address threats faster,” Homeland Security Today was told by Pamela Warren, CISSP, CIPP, Director, Government and Industry Initiatives, Palo Alto Networks.
“Automation technology,” she added, “also allows teams to work more effectively and adjust to change in the cybersecurity environment faster than ever before. This is key because it enables security professionals to quickly separate the truly important events from the noise, as well as identify and protect their organizations from new threats.”
Similarly, Herbert Lin, a senior research scholar for cyber policy and security at Stanford’s Center for International Security and Cooperation (CISAC) and a member of the President’s Commission on Enhancing National Cybersecurity, warned this week that the “costs of using the Internet and computational devices due to inadequate security may soon outweigh the benefits unless dramatic cybersecurity measures are taken."
The commission issued strong recommendations in its Dec. 2 report calling on a grand effort to upgrade the nation’s cybersecurity systems. According to a statement, “The 100-page report aims to inform the incoming Trump administration about how to approach escalating cybersecurity dangers” in the wake of “significant hacking of US government systems in and accusations by the White House that Russia interfered in the US presidential election.”
The commission suggested both short- and long-term measures, such as fixing problems from the weakly protected ‘internet-of-things;’creating an assistant to the president for cybersecurity; re-organizing responsibility for the cybersecurity of federal agencies, and advised that the new administration train 100,000 new cybersecurity workers by 2020.
MeriTalk’s study emphasized, “Protecting against modern cyber attacks requires an intelligent threat protection infrastructure that not only aggregates threat data, but also learns and strengthens defenses in real time. To protect against threats, agencies need to create new protections in minutes, not hours or days.”
MeriTalk surveyed 150 federal security operations professionals to understand how agencies are minimizing damage by deploying more automated solutions that leverage product and external threat feed intelligence. “Because during a cyberattack, minutes – even seconds – are crucial,” the report stated.
However, the survey found only 61 percent of federal cyber experts said their agency is automatically distributing info against malicious behaviors across different enforcement points in their organization, and that fewer than half guard newer or critical attack vectors.
“Agencies ingest an average of 25 external threat feeds daily and most cannot act on that information for hours or days,” and “only 15 percent can create new protections against newly discovered malicious behaviors within minutes,” the survey found.
Additionally, “only 17 percent can reprogram their defenses against newly discovered malicious behaviors by distributing new protections within minutes (the lifetime of an attack) and prevent a breach.”
Interviewed by CISAC about the presidential commission’s report, Lin stated, "Taking the necessary and appropriate measures for cybersecurity is, for practical purposes, too complex for average end-users. A successful effort to push cybersecurity measures farther from the user will result in better security because security decisions will be made by those who are security experts rather than users that are unfamiliar with security."
MeriTalk said the feds can “push the pedal to the metal” by embracing “an automated approach to swift threat detection and analysis, enabling the creation of new protections faster, including the threat mitigation process, as just 41 percent said they would invest in this area today.
Also, “If agencies improved threat intelligence monitoring, correlation, and automation of protections, feds estimate they could save 27 percent of their cybersecurity budget or more than $5 billion annually.”
In Lin’s thinking, though, "Enhancing national cybersecurity requires a whole-of-government effort, indeed a whole-of-society effort. The task is making a meaningful dent in a problem that is so large. Only with high-level leadership does that effort have any chance of success."
He added to that, "Distrust harms both sides — the US government and the technology community. The US government loses the ability to enlist the cooperation of the private sector, which has many capabilities that it does not have; capabilities that would be useful in fulfilling its responsibilities to the American people. The tech sector invites harsh legislation and suspicion that work against its interests. At the same time, the distrust is not entirely unfounded, as both sides have indulged in apocalyptic rhetoric that has raised the temperature of the debate without much productive result. But what I’m saying here represents a personal perspective, and isn’t part of the commission’s report."