The Cyber State of the Union

The Cyber State of the Union.

On the 17^th of June 2019, The Senate Homeland Security and Governmental Affairs Subcommittee on Investigations released a report spelling out a decade of Federal cyber protection initiatives that have failed to live up to expectations. This is the latest in a series of negative sentiment reports since the signing of Executive order 13800. “Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure” in May 2017.

 Our chronology begins one year later, in May 2018 when OMB and DHS released “Federal Cybersecurity Risk Determination Report and Action Plan” containing unsatisfactory findings and proposed recommendations of sweeping change to the various agencies.

1)    OMB and DHS determined that 71 of 96 agencies (74 percent) participating in the risk assessment process have cybersecurity programs that are either at risk or high risk.

2)    OMB and DHS also found that Federal agencies are not equipped to determine how threat actors seek to gain access to their information.

OMB and DHS go on to recommend 4 key changes

1.    Increase cybersecurity threat awareness among Federal agencies by implementing the Cyber Threat Framework to prioritize efforts and manage cybersecurity risks;

2.    Standardize IT and cybersecurity capabilities to control costs and improve asset management;

3.    Consolidate agency SOCs to improve incident detection and response capabilities;

4.    Drive accountability across agencies through improved governance processes, recurring risk assessments, and OMB’s engagements with agency leadership.

Then, OMB in a letter to DHS in September 2018 highlighted that DHS had allocated $250 million dollars of funds to the Intrusion detection and prevention solution, “EINSTEIN” which had only managed to detect approximately 2000 of the 84,000 reported incidents in federal agencies from 2016-2018.

In December 2018  GAO released their own report to congress “Agencies Need to Improve Implementation of Federal Approach to Securing Systems and Protecting against Intrusions”.

Calling out the requirement of the Federal Cybersecurity Enhancement Act of 2015, that DHS deploy, operate, and maintain capabilities to prevent and detect cybersecurity risks in network traffic, traveling to or from an agency’s information system. The report noted that DHS has taken actions to improve these capabilities and has other actions underway including functionality that would detect deviations from normal network behavior baselines. In addition, according to DHS officials, the department was operationalizing functionality intended to identify malicious activity in network traffic otherwise missed by signature-based methods.

In March 2019, DHS released its FY 2020 Budget Request Stating, DHS and other federal agencies are looking for ways to leverage emerging technologies like Artificial Intelligence (AI), machine learning (ML) and related technological approaches to improve their mission effectiveness, stretch their workforce capacity and improve efficiencies. DHS explicitly mention,

1)    The National Cybersecurity Protection System (NCPS) (a.k.a. EINSTEIN) – NCPS plans to continue to enhance analytics capabilities that leverage artificial intelligence to detect malicious activity and further automate cyber threat analysis. NCPS allocates $21.6M in FY 2020 for analytics efforts.

2)     Data Analytics Technology Center (DA-TC) – The center provides an agile core technical service that helps DHS to adapt and leverage growing data sets and rapidly evolving technologies, including social media, live streaming, real-time analytics, machine learning and artificial intelligence. Established in FY 2016, DA-TC receives $10.4M in the FY 2020 budget.

Summary.

Lack of budget, lack of skills, same old security controls, have all led to the underwhelming performance of current federal cyber initiatives.  Predictably, the federal agencies charged with the cyber security of the nation under the mandate of executive order 13859 "Maintaining American leadership in Artificial Intelligence" are turning towards AI and ML as an important part of the answer. 

However, to be effective, any AI/ML model will have to deal with two critical challenges in order to tip the balance away from our adversaries.

Firstly, having a performing model that is real world relevant, that means, being able to consume and compute using extreme amounts of real time and historical data. As noted in the "THE NATIONAL ARTIFICIAL INTELLIGENCE RESEARCH AND DEVELOPMENT STRATEGIC PLAN: 2019 UPDATE", - The current renaissance in deep machine learning is directly tied to progress in GPU-based hardware technology and its improved memory, input/output, clock speeds, parallelism, and energy efficiency.

Secondly, being resilient to adversarial attempts to manipulate the model, security decisions based on probability will have to be vetted against evil mastermind intervention or we risk further deteriorated levels of security by allowing our adversaries to hide in the percentages.