{"id":2091,"date":"2023-11-21T20:32:00","date_gmt":"2023-11-21T20:32:00","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=78098"},"modified":"2023-11-21T20:32:00","modified_gmt":"2023-11-21T20:32:00","slug":"security-trends-public-sector-leaders-are-watching","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2023\/11\/21\/security-trends-public-sector-leaders-are-watching\/","title":{"rendered":"Security trends public sector leaders are watching"},"content":{"rendered":"
<\/div>\n

Cyber threats against public sector organizations continue to evolve, and security strategies need to keep pace in an ongoing game of cat-and-mouse. According to industry and government security leaders, threat trends to pay attention to include artificial intelligence-enabled attacks and defensive measures, an increase in persistence in the network and risks associated with software supply chain and open-source technology.<\/p>\n

These reflections were shared in a recent interview series, produced by Scoop News Group, for CyberScoop, and underwritten in part by Google Cloud and Mandiant.<\/p>\n

Improving security resilience with AI<\/strong><\/p>\n

\u201cAI is going to provide a tremendous amount of opportunities on the cybersecurity defender side,\u201d said Stacy O\u2019Mara, government strategy, policy and partnerships with Google Public Sector<\/a>, \u201cit\u2019s about being as smart and safe and transparent as possible when you\u2019re thinking about those entities that are developing AI capabilities and government entities who might be procuring them.\u201d<\/p>\n

Several leaders in the series echoed a similar view \u2014 that the degree to which the government will regulate artificial intelligence will decide the effectiveness of its adoption.<\/p>\n

Secretary of Information Technology for the State of Maryland, Katie Savage<\/a>, touched on how her state works to ensure it has appropriate guardrails to develop responsible, ethical and secure AI capabilities. She is leaning on the White House\u2019s AI Bill of Rights for guidance.<\/p>\n

\u201cWe also want to work together to think about a series of pilots for how [the state] might actually deploy AI in the wild and get after some of the larger problems, new constituent services and cybersecurity needs,\u201d she stated.<\/p>\n

\u201cThere are tremendous amounts of data that we\u2019re looking at. Not just for security, but that enables the citizens themselves to be better protected or better informed,\u201d added Jon Ford, senior practice leader with Mandiant<\/a>. He spoke about AI being used by cities to leverage new capabilities that help to protect and serve the citizenry and touched on how generative AI can be used to extend access to information for those citizens who don\u2019t speak English as a first language.<\/p>\n

Rising to the challenge of new threats<\/strong><\/p>\n

Leaders discussed some of the biggest challenges the public sector faces in combating evolving cyber threats.<\/p>\n

Stressing the criticality of zero trust, Savage shared that when states like Maryland share resources and data with executive agencies \u2014 such as the Department of Labor and the Department of Health \u2014 it is incumbent upon the states to ensure those endpoints are protected.<\/p>\n

\u201cWe\u2019re taking a really hard look right now at how our enterprise IT teams and our cybersecurity team can work together more seamlessly to better manage identity and access management, for example, and mobile device management,\u201d she said of Maryland\u2019s efforts to improve its security posture.<\/p>\n

Strengthening zero-trust security must continue to evolve, echoed Jean-Paul Bergeaux, CTO, federal with GuidePoint Security<\/a>. Government agencies, he explained, have to bridge complexity divides and silos and start to consolidate the number of security tools and technologies they are managing. He stressed the importance of a \u201cholistic architecture\u201d where tools and capabilities work together within a zero-trust framework.<\/p>\n

Google Public Sector\u2019s Head of Mandiant Government Solutions, Ron Bushar<\/a>, added that moving to a zero-trust posture and complying with the various executive orders on security modernization are extensive and complicated efforts that will require reengineering entire parts of the infrastructure. The result will be a valuable payout from a risk, security and resiliency perspective. However, in the meantime, leaders also need to focus on a reality: they are still fighting against threats every day to protect their assets.<\/p>\n

Several leaders also distinguished the challenges for federal versus state government agencies, with Ford stating that funding is a big driver for what can or can\u2019t be accomplished. He shared a trend among state and local governments to centralize security operations center (SOC) operations that enable cities, localities and counties to roll up into a larger cybersecurity ecosystem.<\/p>\n

Overall, each leader underlined the importance of using the resources and frameworks available to further develop their security posture.<\/p>\n

O\u2019Mara explained that the sophistication of threat actors is constantly moving, which requires a posture shift from defenders.<\/p>\n

\u201cI think we\u2019re moving away from one-off cyberattacks and really focused on how to get after long-term persistent campaigns from nation-state actors, which could really have tremendous impacts on security [and] our economy,\u201d she said.<\/p>\n

Jeremy Corey, principal cybersecurity strategist for August Schell<\/a>, echoed that sentiment, adding that the adversary is no longer focused on a \u201cfull frontal assault.\u201d Rather, they are targeting weaknesses in government alliances and partnerships among industry partners and exploiting a growing reliance on open-source technologies.<\/p>\n

This video series<\/a> was produced by Scoop News Group, for CyberScoop, and sponsored in part by Google Cloud and Mandiant.<\/em><\/p>\n