Feds Embracing Partnerships, Cyber Incident Sharing Amid AI Threats – MeriTalk
As Federal agencies look to protect themselves against AI-fueled cyberattacks, government cybersecurity officials explained today that they are shifting their mindsets to embrace partnerships and no longer be embarrassed about sharing their incident data.
At today’s GDIT Emerge: AI on the Frontlines event in Washington, D.C., an official from the Department of Treasury said that the agency recently launched Project Fortress. This new public-private partnership aims to share cybersecurity indicators “automatically” with financial institutions.
“It’s having a very, very positive effect right now. We’re just onboarding some more companies and organizations, but the idea there is to have that automated indicator, you know, any kind of information sharing ability so that we can get the word out,” said Sarah Nur, the associate chief information officer (CIO) and chief information security officer (CISO) at the Department of Treasury.
“Luckily, right now we’re not really seeing aggressive AI attacks, but I know over time as these tools get more sophisticated it’s going to be a lot,” she said. “But, the goal here is to ensure that we have that culture, that mind shift to no longer be embarrassed to share our incident data, but rather just be forthcoming and hopefully we can use that.”
Nur explained that everyone in the Federal government needs to shift their mindset “to expect an incident to occur.” In the past, she said Federal agencies wouldn’t share that information out of “embarrassment” or “that reputational impact.”
However, she said it’s “okay” to shift mindsets to expect “at least two to three a year, and even more.”
Over at the Department of State, an official explained a similar automated information-sharing initiative within the Federal government.
Gharun Lacy, deputy assistant secretary and assistant director of the State Department’s Diplomatic Security Service for Cyber and Technology Security, said that his agency is teaming up with the Cybersecurity and Infrastructure Security Agency (CISA) to share phishing emails automatically.
“Every piece of a phishing email that comes to us and gets reported is now sent immediately to CISA within minutes, so they see the entirety of our phishing activity,” Lacy said. “That’s one of those nice, low-hanging fruit things that we can do in order to one, utilize our technology better. And two, facilitate the real-time communication.”
“Now it’s up to CISA to use their model to sift through all of that, because I know what the volume looks like, but it’s a case where we’re using both the collaboration and the technology simultaneously and developing those relationships across the board,” he added.