NASA to Rely on Automation for Basic Security Threats
NASA plans to rely on automation to deal with basic security threats as the agency moves to a zero-trust architecture, freeing up analytical resources for customized attacks, according to an official.
Mike Witt, associate chief information security officer for cybersecurity and privacy at NASA, said the agency's zero-trust project will take several years but is being expedited by employees' shift to telework, FedScoop reported.
"We've got to get away from the mindset of: You can account for every alert. You've got to embrace orchestration … artificial intelligence, machine learning," Witt said during a webinar hosted by the American Council for Technology and Industry Advisory Council.
He added that NASA will take full advantage of commercial support for the benefit of the agency's analysts.
Mike Benjamin, senior director of threat research at Black Lotus Labs, said phishing and basic credential attacks are still the most prominent attacks that agencies deal with.
He explained that the criminal market typically does not invest much in the said methods as the goal is profit rather than intelligence.
Phishing emails tend to be similar to each other and use the same domains because it is not worthwhile for attackers to develop specialized attacks, Benjamin added.
“As an industry, we have to pay attention to how it is we are going to stop those more commodity level attacks or at least monitor for their occurrence and mitigate them quickly after they do,” the director said.
Witt added that while NASA has dealt with "really incredible" attacks crafted by nation-states, simple phishing attacks still continue to work.
Category: Popular Voices
Tags: analytics artificial intelligence automation Black Lotus Labs FedScoop machine learning Mike Benjamin Mike Witt mitigation NASA phishing Popular Voices profit zero trust architecture