Cyber threats against public sector organizations continue to evolve, and security strategies need to keep pace in an ongoing game of cat-and-mouse. According to industry and government security leaders, threat trends to pay attention to include artificial intelligence-enabled attacks and defensive measures, an increase in persistence in the network and risks associated with software supply chain and open-source technology.

These reflections were shared in a recent interview series, produced by Scoop News Group, for CyberScoop, and underwritten in part by Google Cloud and Mandiant.

Improving security resilience with AI

“AI is going to provide a tremendous amount of opportunities on the cybersecurity defender side,” said Stacy O’Mara, government strategy, policy and partnerships with Google Public Sector, “it’s about being as smart and safe and transparent as possible when you’re thinking about those entities that are developing AI capabilities and government entities who might be procuring them.”

Several leaders in the series echoed a similar view — that the degree to which the government will regulate artificial intelligence will decide the effectiveness of its adoption.

Secretary of Information Technology for the State of Maryland, Katie Savage, touched on how her state works to ensure it has appropriate guardrails to develop responsible, ethical and secure AI capabilities. She is leaning on the White House’s AI Bill of Rights for guidance.

“We also want to work together to think about a series of pilots for how [the state] might actually deploy AI in the wild and get after some of the larger problems, new constituent services and cybersecurity needs,” she stated.

“There are tremendous amounts of data that we’re looking at. Not just for security, but that enables the citizens themselves to be better protected or better informed,” added Jon Ford, senior practice leader with Mandiant. He spoke about AI being used by cities to leverage new capabilities that help to protect and serve the citizenry and touched on how generative AI can be used to extend access to information for those citizens who don’t speak English as a first language.

Rising to the challenge of new threats

Leaders discussed some of the biggest challenges the public sector faces in combating evolving cyber threats.

Stressing the criticality of zero trust, Savage shared that when states like Maryland share resources and data with executive agencies — such as the Department of Labor and the Department of Health — it is incumbent upon the states to ensure those endpoints are protected.

“We’re taking a really hard look right now at how our enterprise IT teams and our cybersecurity team can work together more seamlessly to better manage identity and access management, for example, and mobile device management,” she said of Maryland’s efforts to improve its security posture.

Strengthening zero-trust security must continue to evolve, echoed Jean-Paul Bergeaux, CTO, federal with GuidePoint Security. Government agencies, he explained, have to bridge complexity divides and silos and start to consolidate the number of security tools and technologies they are managing. He stressed the importance of a “holistic architecture” where tools and capabilities work together within a zero-trust framework.

Google Public Sector’s Head of Mandiant Government Solutions, Ron Bushar, added that moving to a zero-trust posture and complying with the various executive orders on security modernization are extensive and complicated efforts that will require reengineering entire parts of the infrastructure. The result will be a valuable payout from a risk, security and resiliency perspective. However, in the meantime, leaders also need to focus on a reality: they are still fighting against threats every day to protect their assets.

Several leaders also distinguished the challenges for federal versus state government agencies, with Ford stating that funding is a big driver for what can or can’t be accomplished. He shared a trend among state and local governments to centralize security operations center (SOC) operations that enable cities, localities and counties to roll up into a larger cybersecurity ecosystem.

Overall, each leader underlined the importance of using the resources and frameworks available to further develop their security posture.

O’Mara explained that the sophistication of threat actors is constantly moving, which requires a posture shift from defenders.

“I think we’re moving away from one-off cyberattacks and really focused on how to get after long-term persistent campaigns from nation-state actors, which could really have tremendous impacts on security [and] our economy,” she said.

Jeremy Corey, principal cybersecurity strategist for August Schell, echoed that sentiment, adding that the adversary is no longer focused on a “full frontal assault.” Rather, they are targeting weaknesses in government alliances and partnerships among industry partners and exploiting a growing reliance on open-source technologies.

This video series was produced by Scoop News Group, for CyberScoop, and sponsored in part by Google Cloud and Mandiant.