Cyberattacks present the greatest threat to American democracy today, according to retired U.S. Marine Corps Gen. John Allen.
In his keynote address at the National Association of Counties 82nd Annual Conference and Exposition in Columbus, Ohio, Allen described the 21st century security environment and how state actors, nonstate actors, transnational criminal networks and global terror entities are proving to be ever more worrisome to U.S. citizens and critical infrastructure.
“With the advent of cyberspace, the world has become borderless,” said Allen. And with nearly 1.5 gigabytes of data moving through cyberspace every minute, the stream of information has created great opportunity for citizens and efficiency for governments. “It has also created enormous capacity for those who wish us ill,” Allen said.
Pointing to the recent WannaCry cyberattack, which took down hospitals, community colleges and police forces across the globe, as well as the Russian hacking events that penetrated U.S. election networks in 39 states, Allen noted that local governments have an immense responsibility to protect the services and institutions they run.
“Where our democracy finds purpose is the electoral system, and it exists and it lives at the county level; an awesome responsibility for you,” said Allen, speaking to the county officials in the room. He also noted that counties often hold network responsibilities around critical infrastructure, such as the automated supervisory control and data acquisition systems that control sluice gates on dams, move tracks to prevent train collisions and keep sewage water from mixing with drinking water.
And while the federal government may offer help with cyberthreats, in way of warning systems and periodic updates about helpful technologies, counties need to be able to mitigate cyberattacks on their own.
“The only people coming to help you, are you,” said Allen.
So how do counties handle this responsibility and protect their networks, citizens and critical infrastructure from an increasingly dangerous threat landscape?
“In so many ways, how you defend yourself at the endpoint is the way to go,” said Allen. “The enemy is using artificial intelligence now in an environment we call hyper war. Speeds of action and reaction are so fast that for all intents and purposes, the presence of the human in the loop is a vulnerability, not an asset. This is why polymorphic threats are coming at us so quickly and in so many different ways across such a broad spectrum of the network.”
But as county IT leaders consider the threat that artificial intelligence poses to government systems and networks, they should also look to AI for solutions.
Allen points specifically to the need to equip networks with cognitive endpoint protection systems, such as IBM’s cognitive security solution or Symantec’s Endpoint Protection 14. These solutions can tap into and assess the constant stream of security information using AI and machine learning to help security analysts effectively process the growing amount of security data and protect against new threats.
“A cognitive endpoint protection system is the type of system that can sit outside your network and will stop WannaCry even though it’s never seen it before. Will stop the Petya malware, without ever having seen it before, because it is a learning, cognitive cybersecurity system,” said Allen.
— Juliet Van Wagenen (@Juliet_Tech) July 22, 2017
Allen noted, however, that a cognitive solution is just one part of a comprehensive security strategy. During a panel discussion at the conference, experts from AT&T, Symantec and Bandura Systems laid out ways that county commissioners can effectively approach cybersecurity to keep sensitive data safe.
1. Take a Good Look at Recovery Capabilities: “Security and business continuity for IT disaster recovery are two sides of the same coin,” said Steve Hurst, director of security services and technology at AT&T.
Counties should first look at their disaster recovery capabilities, especially with regard to any kind of malware, ransomware or “destructionware,” to ensure they can restore data and systems in a timely manner.
“Which means you need to not only have the backups, but also be testing the backups to make sure you have a restorable backup,” Hurst said.
2. Make Use of Microsegmentation: Enacting microsegmentation involves taking an agency’s wide area network environment and segmenting it into as many pieces as possible, protecting each piece individually.
“That prevents malware like Petya, which has a worm embedded in it, from spreading throughout the entire environment,” said Hurst.
3. Keep Systems in Line with Security Recommendations: Several organizations, including the National Institute of Standards and Technology, have developed cybersecurity frameworks that looks at the entire ecosystem of security, said Thomas MacLellan, director of policy and government affairs for Symantec.
“You have to make sure that your count, the people who are doing it, are norming your systems to NIST,” said MacLellan, noting that many companies offer free assessments for agencies that can determine how well an agency complies with the NIST Cybersecurity Framework.
4. Don’t Be Overconfident in Your Cyberdefenses: According to an unpublished report from Symantec, 75 percent of state and local officials feel confident or very confident in their ability to protect and manage their agency’s data, MacLellan said.
“I take issue with that, because when you look at what the threat environment really looks like, you have bad guys trying to get into your system, and they’ll get into your system if they want,” he said. County officials should be “very pessimistic” about their ability to defend against cyberthreats, MacLellan said, and should prepare accordingly.
Follow StateTech's coverage of the NACo 2017 conference at our conference landing page.