States sign on for automated security pilot
To help state and local governments enhance their online defenses with near-real-time information sharing and automated cyberattack response, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency and the Johns Hopkins Applied Physics Laboratory (APL) will be working with Arizona, Louisiana, Massachusetts and Texas, as well as the Multi-State Information Sharing and Analysis Center on a pilot project to test automated threat response.
The State, Local, Tribal and Territorial (SLTT) Indicators of Compromise (IOC) automation pilot program will deploy security orchestration, automation and response tools into state IT systems that collect data from multiple sources and respond to threats much faster than manual processes.
Specifically, the pilot will curate the feeds and the processes states use to triage, prioritize and respond to IOCs by automating manual processes, enhancing threat intelligence information sharing and identifying the orchestration services needed to integrate responses — such as sensing, understanding, decision-making and acting — to cyber threats.
The states will use the Integrated Adaptive Cyber Defense framework, developed by APL, that leverages automation to speed and scale cyber defenses and moves human defenders into response planning and approval roles. ICAD has reduced response time from 11 hours to 10 minutes. In some instances, preapproved responses were implemented in one second, APL officials said in the announcement.
“The opportunity to work with state, local, tribal and territorial organizations as they adopt the IACD framework is rewarding,” said Cindy Widick, APL’s deputy principal investigator on the SLTT pilot. “Automating low-regret, high-impact indicators will improve the security of their networks and alleviate some of the manual processing required today. This will allow talented network security personnel to address more complex cyber threats.”
The results of the pilot, due this fall, could serve as a model for other states and local governments to quickly and easily augment their cyber defense capabilities, APL officials said.
Connect with the GCN staff on Twitter @GCNtech.