Former FBI CISO shares latest cybersecurity trends
Arlette Hart, Senior Technologist for Cybersecurity at Leidos, is a recognized, world-class expert across all aspects of cybersecurity. She gained her cybersecurity expertise during her time as Chief Information Security Officer (CISO) for the Federal Bureau of Investigation. In that role, she ensured that the FBI’s data, capabilities, and networks were available where and when the Bureau and its partners needed them. Hart discusses current trends and state of cybersecurity today.
Your previous job was the CISO at FBI and now with Leidos, you’ve managed through the cybersecurity challenges of both public and private entities. In your view, what is the biggest threat to cybersecurity today?
Hart: I think the biggest threat is the unevenness of attention to cybersecurity. Some organizations are very concerned about cybersecurity, and they dedicate significant resources to making sure they are secure. But others are much less engaged – and the impact of organizations that aren’t engaged can adversely affect the others. Even within an organization some parts are more engaged than others, and some people are more engaged. The result is a huge amount of vulnerability that is built into the IT environment everywhere, across all organizations and people.
There has been a lot of change in the cyber technology industry over your tenure - what technologies are you most excited about?
Hart: SOAR (Security Orchestration, Automation and Response) is really exciting – so we can perform cybersecurity at machine speed and at a lower cost. This capability is critical to the commodity threats, and it frees up hard-to-find resources to pay attention to difficult problems. This helps keep the analysts engaged, and gives a much improved mean-time-to-detect, so attacks have a shorter dwell time on the environment. But my first choice is Artificial Intelligence and Machine Learning (AI/ML) as it applies to Big Data. It really is meaningful to have machines find patterns and anomalies across large amounts of data. AI/ML and SOAR work together to raise the protections across environments. They also offer the potential of lowering costs, which would make the protections available to a broader swath of society. Lowering the costs will help eliminate that big threat I mentioned above.
What do you see as some of the major pain points and what approaches do you seek to alleviate?
Hart: Some of the major cybersecurity pain points go to risk management and associated costs. Cybersecurity costs money, and it does not deliver a product to an end-user. So making sure you are investing the right amount in protection compared to risk is hard. It means understanding what risk looks like, both for an organization and for the people who run that organization. Making decisions about how much and where to invest depends on an organization’s priorities. Usually we think that confidentiality is the most important piece of cybersecurity, but for some organizations, the priority is access instead. The investment in cybersecurity has to be commensurate with the risk to the organization, and risk in cybersecurity is really hard to quantify (and it can be expensive). The approach I take is looking at a couple subsets of an organization and extrapolate their security posture – it’s not perfect, but it gives a starting point for tuning. And the subsets (if selected according to the organization’s priority mission) can drive to valid risk results. And that can also justify cybersecurity investment decisions.
How is cybersecurity impacted by advances in digital modernization and AI/ML?
Hart: Digital modernization, including AI/ML and other forward leaning technologies, deliver opportunities for much better cybersecurity by leveraging the capabilities for analytics or for segmentation. But it also brings risk – because those advances have to be protected. They can also be used both to defend, and attackers can use the capabilities to improve their approach. So, it’s at least a two-edged sword. The promises are really compelling – we can isolate better, we can use AI/ML to find anomalies or patterns in ways that human beings can’t do because the data is just too vast. One strong positive is the increasing inclusion of security in the DevOps work. Adopting DevSecOps instead of just DevOps means that we are actively securing code while it is being developed, so it is inherently safer. This is a significant improvement because code vulnerabilities are the basis for the challenges in cybersecurity. Addressing it early in the lifecycle can drive real improvement in cybersecurity, and can dramatically increase the cost of the attack – the attacker will have to work harder, and that is the goal.
To learn more about Hart’s view on cybersecurity, listen to her here.