In late 2017, a government employee in Livingston County, Mich., plugged a personal laptop into the workplace server — inadvertently exposing the network to malware.
“We had 9,000 attacks within a few minutes from this computer,” says Rich Malewicz, CIO and security officer for Livingston County.
The county detected the attack and stopped it quickly using a program called Darktrace, which uses artificial intelligence (AI) and machine learning to provide real-time alerts about abnormal activity on the network.
“No device on the network detected [the attack] except for Darktrace,” he says.
More local and state governments are eyeing AI and machine learning as tools to help combat cyberattacks, in part because hackers themselves have adopted the technology.
“Other local governments should use AI and machine learning because it’s being used against them,” Malewicz says. “Traditional security controls are not sufficient to fight artificial intelligence and machine learning attacks.”
Machine Learning Tools Provide an Adaptable Defense
A Public Technology Institute survey, “The State of City-County IT, 2017,” finds that AI and machine learning are among the emerging IT areas government leaders expect to be most impactful in the next three to five years — behind only the Internet of Things.
A recent report from Deloitte Insights states, “Machine learning could be vital to fraud detection and cybersecurity.”
“A learning system that can respond to ever-changing threats in an unpredictable way may be the best defense against adversaries, whether rogue states or cybercriminals. Such a system should be able to learn from its own experience as well as external information,” according to the report, “AI-Augmented Government.”
New York City’s cybersecurity team recognizes the importance of AI in cybersecurity. In 2017, Mayor Bill de Blasio created New York City Cyber Command to centralize the city’s cybersecurity efforts. NYC CISO Geoffrey Brown soon hired Quiessence Phillips as deputy CISO for threat management. She leads a security team at the city’s network operations center located in a hub in Brooklyn.
“Machine learning has many applications — for security teams, its most notable use is incorporating supervised and/or unsupervised learning into detection mechanisms,” says Phillips.
“This allows for large-scale behavioral detection, specific to one's network,” she adds. “Many vendors are providing a form of machine learning within their products to provide this; however, internal teams can also advance this area by actively ‘teaching’ the platform to hone the detection of anomalies, analyze malware and streamline threat intelligence frameworks.”
New and Emerging Threats Create an Evolving Landscape
Michael Lee Sherwood, Las Vegas director of information technologies, agrees machine learning is vital to protecting his city from cyberthreats. When Sherwood first joined the City of Las Vegas, one of his first purchases was the Darktrace platform.
“The threat landscape is constantly evolving and changing,” he says. “We needed [a tool] that evolved as the landscape evolved. The only way to do that is to have tools that are able to adapt and are able to proactively know what the new threats are going to be.”
The Las Vegas information security team consists of three full-time employees and one intern. Tapping AI and machine learning is like having another two additional, full-time staff members who are monitoring the system 24/7, Sherwood says.
“There are not enough humans to hire that you could afford to do all the work,” Sherwood says. “You’re going to have to start entrusting machines to assist.”
That means having the right tools and embracing the technology, he says.
“There is no way you’ll be able to keep up in a municipal space unless you start at least investigating some of these technologies,” Sherwood says. “AI and machine learning is the way of the future.”