59 min
Ep. 146 The cyber wild west is still wild Feds at the Edge
-
- Tecnología
When the United States expanded westward, there was a surprise around every corner; in a similar vein, we see unlimited storage, fast speeds, and artificial intelligence creating a technical “wild west” environment for the federal government.
Instead of a posse of Texas Rangers, we have a group of federal experts who have demonstrated their ability to corral malicious code and prevent robbers from stealing you blind.
Marisol Cruz Cain from the GAO highlights some of the unpublicized aspects of AI. She mentions that its ability to rewrite code can make attribution difficult. In other words, AI can allow malicious code to mutate frequently, preventing any signature identification.
Although the federal government has many cyber compliance requirements, the idea of using an independent group to attack a system was discussed. In the parlance of the cyber community, this is called a “red” team. They attack systems to see what weaknesses they can find. This effort can help address unanticipated weaknesses.
One anticipated weakness that is sitting in the front of many is legacy systems. Paul Blahusch Dept of Labor recommends taking a prudent view of your system to see which ones are legacy and which have unique vulnerabilities. He suggests funds can be appropriated based on vulnerabilities.
We are at a level where leaders may be confronted with cyber tools heaped upon cyber tools. JD Jack from Google suggests a practical approach called “security validation.”
This gives leaders a report on what could happen in an attack. With this method, you look at the tools you have and find a way to evaluate them.
When the United States expanded westward, there was a surprise around every corner; in a similar vein, we see unlimited storage, fast speeds, and artificial intelligence creating a technical “wild west” environment for the federal government.
Instead of a posse of Texas Rangers, we have a group of federal experts who have demonstrated their ability to corral malicious code and prevent robbers from stealing you blind.
Marisol Cruz Cain from the GAO highlights some of the unpublicized aspects of AI. She mentions that its ability to rewrite code can make attribution difficult. In other words, AI can allow malicious code to mutate frequently, preventing any signature identification.
Although the federal government has many cyber compliance requirements, the idea of using an independent group to attack a system was discussed. In the parlance of the cyber community, this is called a “red” team. They attack systems to see what weaknesses they can find. This effort can help address unanticipated weaknesses.
One anticipated weakness that is sitting in the front of many is legacy systems. Paul Blahusch Dept of Labor recommends taking a prudent view of your system to see which ones are legacy and which have unique vulnerabilities. He suggests funds can be appropriated based on vulnerabilities.
We are at a level where leaders may be confronted with cyber tools heaped upon cyber tools. JD Jack from Google suggests a practical approach called “security validation.”
This gives leaders a report on what could happen in an attack. With this method, you look at the tools you have and find a way to evaluate them.
59 min