Discussions of cybersecurity and automation generally focus on digital spaces: networks, end points, databases, clouds. But the Food and Drug Administration is also taking physical spaces into account with its systems management center, placing its watch desk and engineering components side by side to facilitate communication.
“The SMC gives us real time capability to not only detect, but respond,” Todd Simpson, FDA chief information officer, said on Cybersecurity Automation month.
He said that with the personnel aligned in this way, while the help desk begins the process of opening tickets and bringing all of the appropriate people into the loop, the engineers are already responding to the problem.
And considering the FDA received about 1.66 billion attempts to penetrate its system in March alone, that kind of responsiveness is key to keeping up with, or even getting ahead of, the bad actors.
The SMC is part of FDA’s implementation of a continuous diagnostics and mitigation (CDM) phase two.
“It really focuses in on the prevention, detection and correction of incidences, insider threats and making sure that we have a formidable security posture that is adaptive and ready to evolve,” Simpson told the Federal Drive with Tom Temin.
Another part of CDM phase two is a new suite of CDM tools, he said. That includes new customized security dashboards that integrate various facets of cybersecurity monitoring, like threat landscapes and systems status, into a single dashboard, where ordinarily they’d be separate.
“These dashboards are focused on watching the specific things we are trying to watch,” Simpson said. “And when it comes to the continuity of our operations, what we try to do is customize those dashboards as closely as possible to serve the needs of the most people.”
Todd Simpson, chief information officer, Food and Drug Administration
He said there was one instance in which an FDA deputy CIO was monitoring one of these customized dashboards, saw a node go down in real-time, and was able to get ahead of the problem before it was even reported.
“We were so far ahead of this that the notifications started to flow, the customers were contacted and we were able to intervene without any issues,” Simpson said. “What I saw there was the power of these dashboards. I was so proud to see that tool serve that way. At an executive level, we got ahead of the problem before the operations.”
This isn’t the first time FDA has opted for the holistic view when it comes to cybersecurity monitoring. It took a similar approach with its automated cloud security.
“We worked very hard in the beginning to build a cloud brokerage model,” Simpson said. “But what we found as we started to rely on that brokerage model to do business is that it wasn’t a standalone thing. It needed more. So that’s where we started to develop our security brokerage model that sits on top of that. So the security brokerage model is that layer that watches everything.”
Although the customized dashboards and security brokerage model are improving FDA’s ability to monitor its networks, Simpson looks forward to greater levels of automation.
“Just think of the day when we fully automate these things, and we set triggers to send alerts at certain thresholds,” he said. “So when the node goes yellow, our SMC won’t have to actually have their eyes physically on the screen. They’ll just have to feel that vibration in their pocket, or feel the ding, and they’ll be ahead of it. And that’s really the future we want to be positioned for.”
Eventually, this level of automation may lead to self-healing and intervention. An artificial intelligence would be able to not only monitor but react to cyber threats.
“I think machine learning and artificial intelligence is going to be a part of every area of IT within a very short time,” he said. “I think that we’ve now uncovered the power of the ability of software to evolve on its own, and to deny that on the security side of the house would be denying ourselves a great opportunity to move forward. And I don’t think we’re going to be able to do it with how rapidly the threat landscape is evolving. We’re going to need the help of artificial intelligence and automation to do some of the legwork because the threat never sleeps.”