Today, we hear how to leverage the much-vaunted AI and ML technologies to make practical cybersecurity improvements for the federal government. The analysis includes comments about setting a base line, prioritizing alerts and a quick dive into the characteristics of Operational Technology (OT).
BASELINE: Signature-based risk analysis has proven to be easy to deceive. Alex Maier from August Schell suggests that the solution is a move to a "behavior" based tool. In other words, see where a user's behavior varies from the norm. If that is the case, then you must know what "typical" is all about and begin by observing typical patterns to discern noticeable differences.
AERTS: Some estimates suggest that a Security Operations Center (SOC) can receive 10,000 alerts a day. It is no wonder operators suffer from "alert fatigue" and miss problems. Rubrik has technology that can establish a risk-based alerting system to filter out low-level concerns.
ELEMENTS OF OT: Mark Hadley of Pacific Northwest National Laboratory describes OT as deterministic. That is to say, given a signal, always produce the same output with a fixed set of rules. Given that understanding, a heighted importance must be given to the value of the specific commands given to OT devices.
The discussion also covered the need for transparency and accountability, as well as the potential risks of AI-based attacks.
