Education Department CISO Steven Hernandez joined MeriTalk’s CDM Central: the Age of the Cyber Defenders virtual conference on May 12 to discuss how the Continuous Diagnostics and Mitigation (CDM) program and automation are impacting the agency.
“We’re aggressive and excited adopters of zero trust architecture and when we look at the zero trust architecture, we cannot look at that without thinking about how are we leveraging automation, and how are we leveraging the capabilities that CDM is already delivering and will deliver as part of that service delivery around zero trust architectures,” said Hernandez.
Two components that Hernandez said the Education Department is looking at include the concept of “least functionality, least privilege,” and collecting great data from CDM and other places. He said the agency would like an analyst to focus more on the data and the impact, and less time on the repeatable action of analysis.
“That’s really what we’re focused on and we see that as the sweet spot for automation in our enterprise,” said Hernandez.
Hernandez added that “when we talk about AI and machine learning, what we’re really talking about is can we take just oceans of information? And that’s what’s interesting, that’s changed for us – five years ago, 10 years ago – we didn’t have enough information, but now we have too much information. And how can we use technologies like automated machine learning and machine learning to start to understand what does normal look like in all of these recent breaches?”
Using the SolarWinds Orion breach as an example, Hernandez explained that it’s important to make sure the agency is understanding behavior and making sure a system is behaving as it should. Machine learning can be a resource “to understand what does normal look like or what should normal look like,” he said.
For the next iteration of CDM, Hernandez said the agency is starting to talk about Secure Access Service Edge (SASE) and where that intersects with CDM. Additionally, identity access management will play a larger role in the next iteration of CDM, according to Hernandez, who said, “if we can’t identify with great assurance authorized individuals, authorized services, and what level of authorization they have … it’s going be really hard to do some of the other more advanced pieces of CDM, until we get the foundational pieces.”