Oct 13 2021

NASCIO 2021: Automation Is the Future of Cybersecurity, CISOs Say

In a conference panel, Washington state CISO Vinod Brahmapuram emphasized the importance of information protection as a business enabler.

In 2018, the Colorado Department of Transportation suffered a crippling ransomware attack that took down the agency’s systems for a month.

Speaking Tuesday at the annual conference of the National Association of State Chief Information Officers in Seattle, CrowdStrike Executive Strategist Debbi Blyth, formerly Colorado CISO, explained how the attack was so successful.

CDOT at that time employed an on-premises server administrator, who was asked to configure a virtual server in the cloud to test a new business process, Blyth said. As a domain administrator, the CDOT employee configured the system and joined it to the CDOT domain as an on-premises system.

“When he clicked that box that said, ‘Give me an extra IP address,’ it opened Remote Desktop out to the internet. That was the attack vector. It was compromised within 48 hours,” Blyth said, speaking on a NASCIO 2021 cybersecurity panel.

Automation is key to meeting such challenges, Blyth said, making the case that artificial intelligence and machine learning can detect anomalies faster and more consistently than human operators. Automated solutions can sweep resources and detect problems.

“If we had good configuration detection in the cloud, we would have been able to see that and stop that from occurring,” Blyth said. “We have to have capabilities that are taking all of the information and taking in context of what is really going on.”

“Often, if we could see the full context, we could stop an attack,” Blyth said.

Pandemic Proved the Value of CISOs to Business Operations

Speaking on the same panel, Washington state CISO Vinod Brahmapuram agreed that automation was the future of cybersecurity, but also explained how cybersecurity is a business enabler. The pandemic elevated the visibility of cybersecurity functions, he said, and gave CISOs a seat at the table hosting business deliberations and decisions.

“Security officers have learned you are not just a reactive person. You have the opportunity more than ever now to be proactive. You are part of the business discussions,” Brahmapuram said.

Threat actors are far more sophisticated, he warned. More important, they are tremendously persistent. This persistence calls for automation that can keep up with unrelenting attacks around the clock.

“Cybersecurity done right is a business enabler,” Brahmapuram said.

Blyth underscored the importance of machine learning and automation as well as threat intelligence. These elements help CISOs adapt and evolve cybersecurity protections to keep pace with threats.

“The security operations center must evolve to incorporate all of those things,” Blyth said.

She recalled that Colorado’s SOC was staffed with three skilled analysts. However, when one analyst would depart for the private sector, colleagues would also be recruited. SOCs may benefit from automation, freeing analysts to handle a diverse range of tasks including scripting. This change in business may produce a wider pool of talent from which to hire analysts, Blyth said.

“There are better things for analysts to be doing with their time than looking at their monitors,” she said.

MORE FROM STATETECH: Find out how agencies can guard against a new wave of phishing attacks.

Training Employees Remains Critically Important for Security

Blyth recalled that when Colorado sent employees to work from home when the COVID-19 pandemic struck in March 2020, many had never previously used VPN tools. Even using a long-trusted technology, they still required training to do their jobs.

Similarly, the Colorado Governor’s Office of Information Technology had instituted two-factor authentication for accessing state networks remotely, but many employees never had to use the security measure before 2020. 

“We had already rolled out two-factor authentication, but we still had to teach a lot of people how to use two-factor authentication,” Blyth said.

Training also can open employees to adopting new things, Blyth said. Some information specialists still resist cloud because they don’t know the cybersecurity capabilities of cloud computing, for example. “If you haven't trained your security teams, they are going to be resistant,” she said.

Check out more coverage from the NASCIO 2021 Annual Conference and follow us on Twitter at @StateTech, or the official conference Twitter account, @NASCIO, and join the conversation using the hashtag #NASCIO21.

Tinpixels/Getty Images