Johns Hopkins APL launches cyber tech pilot
On July 13, Johns Hopkins Applied Physics Laboratory (APL) announced that APL and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) are working together to help state and local governments boost their online defenses.
Under a pilot program, Arizona, Louisiana, Massachusetts and Texas, as well as the Multi-State Information Sharing and Analysis Center (MS-ISAC), are applying Security Orchestration, Automation and Response (SOAR) to this effort. SOAR tools enable organizations to collect security-threat data through multiple sources and perform triage response actions significantly faster than with manual processes. This initiative will enable state, local, tribal and territorial (SLTT) governments to quickly and broadly share information. The program will also leverage automation to prevent or respond to cyberattacks.
The SLTT Indicators of Compromise (IOC) automation pilot will focus on the curation of the feed and the processes used by the participants to triage, prioritize and act upon the resultant IOCs. Automation and orchestration will be used to gain efficiencies in tasks, processes and resultant actions for the producer and consumers of the IOCs. In particular, the program will:
- Identify key areas for potential reduction of manual tasks
- Promote actionable information sharing across government levels and agencies
- Identify orchestration services needed to integrate responses — such as sensing, understanding, decision-making and acting — to cyber threats
The effort stems from recent APL research and pilot programs with critical infrastructure industries that showed how automated information sharing can shore up cyber defenses by reducing response time.
“The opportunity to work with state, local, tribal and territorial organizations as they adopt the IACD framework is rewarding,” said Cindy Widick, APL’s deputy principal investigator on the SLTT pilot. “Automating low regret, high impact indicators will improve the security of their networks and alleviate some of the manual processing required today. This will allow talented network security personnel to address more complex cyber threats.”