Should the work of cyber defense be running on autopilot?
These four states (and one county) are trying it out.
Massachusetts, Texas, Louisiana, and Arizona (and one Arizona county) just became lab rats in a cybersecurity experiment.
Researchers at the Johns Hopkins Applied Physics Laboratory (APL) are hoping to determine the viability of automated responses to cyber threats.
These tools wouldn't need the approval of a human being to take action in the name of cybersecurity. They're called the Security Orchestration, Automation, and Response, or SOAR, and they're part of APL's Integrated Adaptive Cyber Defense framework.
This set of guidelines aims at automating the more repetitive tasks of cybersecurity so that human workers can be freed up to think and act more strategically.
StateScoop explains the benefit of tools like these:
"Human workers can't keep pace with the growing number of threats their organizations face, said Charlie Frick, an APL researcher and the pilot project's lead investigator.
'It's a scalability issue,' he said. 'The massive amount of attacks and the rate at which they're increasing, it's just not a human-tenable problem. Currently, we're bringing people to a software fight.'"
And an automatic system certainly makes the system more efficient, according to Frick.
"The participating financial institutions were able to cut down the average time it took to act on an FS-ISAC alert, like blocking a range of IP addresses, from 14 hours—a span that would include waiting for someone to read the alert, meetings and discussions about the alert and manual data entry—to about nine minutes."
When it comes to security automation, though, one concern inevitably rises to the surface: jobs.
Particularly when unemployment is higher than ever, does automation risk eliminating even more job opportunities?
Frick explains why security professionals shouldn't worry:
"'I have not seen security automation be a staff-reduction tool,' he said. 'I've seen a lot of refocusing. You do still need the human to make the decisions. We just want to get to that point, orders of magnitude faster so they're doing what they're good at and the machines can do the repetitive tasks. You don't need to manually type in a 'Whois' or VirusTotal search 10,000 times by hand.'"
Do you think automating cybersecurity is a good idea? Let us know in the comments below.
