July 9, 2020 — Metrics are a new frontier for automating certain cybersecurity measurements, according to Mariam Baksh, a staff correspondent at Nextgov.
In a Thursday Nextgov webinar, moderated by Baksh, panelists discussed the benefits of utilizing automation to gather data for more informed metrics, in order to ultimately solve pressing cybersecurity issues in both the federal and private sector.
“It’s important to remember when we say ‘metrics,’ we just mean measurements,” said Brandon Valeriano, senior advisor of the Cyberspace Solarium Commission.
Automation and metrics are currently being utilized by the Continuous Diagnostics and Mitigation Program, a leading effort to reduce cyber risk and provide asset visibility to the federal government.
By distributing automated tools to federal agencies, their ability to monitor and manage the threat of cyber vulnerabilities is strengthened.
The goal of CDM is to improve the federal governments respective security posture, said program manager Kevin Cox.
“Agencies are not aware of their attack surface,” Cox said, referring to all of the places an advisory is able to exploit a network.
When the CDM program was utilized, researchers “found that agencies have 75 percent more assets than they were manually reported,” Cox said.
The objectives of the program are to reduce agencies’ threat surface, increase visibility into the federal cybersecurity posture and improve federal cybersecurity response capabilities.
Valeriano, who Baksh mentioned had more experience in the private sector than his fellow panelists, spoke of utilizing metrics and automation to solve an alternative problem.
“We’re generally collecting data on security risks for no real purpose of analysis,” Valeriano said. “We only know about what we’re already looking for.”
Valeriano called for utilizing metrics to develop a better situational hyper-awareness, so eventually attacks could be predicted and mitigated.
Other panelists reported that they are not doing the type of work that Valeriano described, revealing a division in development between segments of the private and public sector.
“Automation is the way to go,” said Vijay D’Souza, director of the information technology and cybersecurity team at the Government Accountability Office. “The more tools you have to handle the vast amounts of data we’re dealing with the better.”
However, automation may not catch major threats, such as attackers going for harder to exploit targets, D’Souza said.
To solve this, a “marriage of artificial intelligence and human intelligence is ideal,” he said.
- Americans Skeptical About Tech, Funding For Broadband Maps, Court Classifies Uber and Lyft Drivers as Employees
- Ninth Circuit Upholds FCC’s Small Cell Deployment Order Designed to Promote 5G
- Breakfast Media Minute: August 12, 2020
- Telemedicine is Increasingly Important, But Comes With Challenges, Say Route Fifty Panelists
- Open Access Infrastructure Important, But Difficult to Develop, Say Digital Infrastructure Investment Panelists
Signup for Broadband Breakfast
Artificial Intelligence1 month ago
U.S. State Department Employing Artificial Intelligence Against COVID-19 Misinformation
Broadband Roundup1 month ago
Artificial Intelligence Task Force, State Cybersecurity, ADTRAN Offers Rural Funding Guidance
Infrastructure1 month ago
Michigan Broadband Cooperative Calls Report Saying Municipal Broadband Has an Unfair Advantage ‘Laughable’
Open Access4 weeks ago
In Danville, Virginia, an Early Adopter of Open Access Seeks to Prove the Business Model
Digital Inclusion1 month ago
‘Disconnection Day’ Looms as a Flouted ‘Keep Americans Connected’ Pledge Expires
5G1 month ago
Verizon CEO Hans Vestberg Describes 5G-to-the-Home Vision, Claiming U.S. Leads in 5G Deployment
Innovation1 month ago
Telecommunication Industry Working Group Aims to End Robocalls Through Cryptographic Credentials
Broadband's Impact3 weeks ago
Stakeholders and Tech Experts Gather to Discuss the Future of Internet Governance