Data integration and normalization is one of the oldest problems in cybersecurity. It’s common practice for companies that build endpoint devices — more traditionally laptops and smartphones, but increasingly also Internet of Things devices like internet-connected appliances, sensors, cameras and even medical devices — to create their own data formats. But for federal agencies and other organizations that are now collecting more data than ever before, that presents a cybersecurity challenge: How do they how can they reconcile all those disparate forms of data to tell a single story?

Elena Peterson, cybersecurity researcher at Pacific Northwest National Laboratory, said there are many approaches, but some work better than others. Normalizing all of the data, for example, requires significant processing power, is time-consuming, and simply may not be viable in real-time. But newer technologies may offer better options. For example, automation and artificial intelligence can sift through the data at much faster speeds and pull out insights, which can then be integrated to get a complete picture.

“AI certainly supports that. It can process data very quickly. It can find patterns pretty quickly,” Peterson said on Improving Cybersecurity Through Autonomous Endpoint Management. “You certainly have to be careful of the AI you use because you can spoil it in a way on accident or potentially on purpose. So like I said, there’s a bit of that cyclical nature of making sure that you’re also using A.I. that has not been, let’s say, modified for good or bad. But it can be very helpful.”

Another challenge with AI, Peterson said, is that while it has potential to supplement cyber defenders, it’s also lowering the bar for cyber attackers. AI can be used to code simple cyberattacks by bad actors who don’t actually have to know what they’re doing. It’s a dark mirror to the cybersecurity professionals who are using AI to code cybersecurity and cyber resilience into software during the development phase.

“Also, things like cloud computing and high performance computing that can bring a lot of processing to the data even closer to where the data is at,” Peterson said on the Federal Drive with Tom Temin. “If you can process some of the data at what we call the edge, a lot closer to where it’s being generated, get what you need out of it, then the amount of data you get is much smaller that you need to integrate with other data. And then that can improve your ability to analyze it quicker.”

Protecting physical devices

Peterson said critical infrastructure is another area of focus for PNNL. The challenge there is that some of that infrastructure, like at power and water plants, is several decades old and was never intended to be secure, because it was never intended to be connected to the internet. That sometimes requires a new approach.

When trying to secure legacy infrastructure devices, Peterson said the go-to option is to upgrade them, or at least their IT systems, so that they can take advantage of newer cybersecurity protections. But sometimes, it’s easier to install an intervening technology between the device and the network, so if the device gets compromised, the bad actor can’t use it as a vector into the main systems.

“Trying to protect everything at the edge is our first order, then using zero trust principles for anything that might get through, it doesn’t get through too far,” she said. “A lot of work we do is in what we call resilience, which is the idea of, if somebody does manage to get in, we can continue the mission that we have, maybe keeping the power going in a power plant, but still defend the attack that’s happening. There’s a lot of interesting ways to do that, just depending on the situation.”

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.