Government is beginning to grasp using security tools internally, but the next level of cybersecurity will require agency leaders to move beyond their enterprises and into a collaborative environment with one another, Dewand Neely, Indiana’s chief information officer says in a video interview.
“I think where that next level of effectiveness can come into play is figuring out how to share information amongst one another better,” Neely says in a May video interview from FireEye’s Cyber Threat Intelligence Forum, produced by CyberScoop and FedScoop.
Neely specifically encouraged not only interagency sharing at the state level, but sharing between state and local agencies, as well as state and federal agencies as well.
“I think they’re starting to do that in other areas, breaking out of those siloes, and I think this is one where we need to put a focused effort on just sharing more across the board and we can help one another out,” Neely says.
In Indiana, Neely says the state is looking to standardize and automate as many cyber operations as possible across the state, in an effort to free up analysts and security team members to focus on activities that are “not normal now.”
“I think those pieces there that fall outside of that normalcy will start pointing us towards a little bit more of a proactive state and really just getting ahead of this stuff as much as we can,” Neely says.
The state is also turning to cyber threat intelligence tools to help staff prioritize what different groups need to focus on.
“An effective platform can probably help prioritize across different groups, not just the security team,” Neely says. “I think as you continue to tune, and you get comfortable, you can bring in new data sets and help other groups around the organization make sure they’re looking at the correct things.”
But through the automation of information sharing across agency lines, and government lines, security leaders can speed up incident response almost more quickly than humans can alone.
“I think figuring out ways to take the human interaction of it with that sharing piece and that alerting piece is more automated so that we’re getting timely information, not only internally, but timely information out to other folks,” Neely says. “It could be that split second, or a few seconds, that [a threat] gets into their system.”
But with better automation, and systems configured to work together on that automated information sharing, it could be the “deciding indicator,” Neely says, on whether or not their systems are infiltrated too.
“Waiting on people to share that information is just too slow to keep up these days,” Neely says.
This video was produced as a part of FireEye’s Cyber Threat Intelligence Forum on May 31, 2018.