Johns Hopkins APL Enlists States for Cyber Defense Technology Pilot Program

As cyber threats to the nation grow and adversaries move with increasing stealth, the Johns Hopkins Applied Physics Laboratory (APL) and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) are teaming up to help state and local governments enhance their online defenses.

Under a pilot program, Arizona, Louisiana, Massachusetts and Texas, as well as the Multi-State Information Sharing and Analysis Center (MS-ISAC), are applying Security Orchestration, Automation and Response (SOAR) to this effort. SOAR tools enable organizations to collect security-threat data through multiple sources and perform triage response actions significantly faster than with manual processes. This initiative will enable state, local, tribal and territorial (SLTT) governments to quickly and broadly share information — in near real time — and leverage automation to prevent or respond to cyberattacks.

Specifically, the SLTT Indicators of Compromise (IOC) automation pilot will focus on the curation of the feed and the processes used by the participants to triage, prioritize and act upon the resultant IOCs. Automation and orchestration will be used to gain efficiencies in tasks, processes and resultant actions for the producer and consumers of the IOCs. In particular, the program will:

• identify key areas for potential reduction of manual tasks
• promote actionable information sharing across government levels and agencies
• identify orchestration services needed to integrate responses — such as sensing, understanding, decision-making and acting — to cyber threats

The effort stems from recent APL research and pilot programs with critical infrastructure industries that showed how automated information sharing can shore up cyber defenses by reducing response time.

Using the Integrated Adaptive Cyber Defense (IACD) framework, developed by APL under an effort sponsored by DHS and the National Security Agency for cybersecurity automation, orchestration and information sharing, response time dropped from 11 hours to 10 minutes. In some instances, preapproved responses were implemented in one second.

“The opportunity to work with state, local, tribal and territorial organizations as they adopt the IACD framework is rewarding,” said Cindy Widick, APL’s deputy principal investigator on the SLTT pilot. “Automating low regret, high impact indicators will improve the security of their networks and alleviate some of the manual processing required today. This will allow talented network security personnel to address more complex cyber threats.”

The results of the pilot, anticipated this fall, will be technology agnostic and could serve as a model for other states and local governments to quickly and easily augment their cyber defense capabilities. For more information, contact Charles Frick, pilot principal investigator, at charles.frick@jhuapl.edu.

About the Partners

CISA

CISA is the nation’s risk advisor, working with partners to defend against threats and collaborating to build more secure and resilient infrastructures.

APL

For more than 75 years, the Applied Physics Laboratory, a not-for-profit division of the Johns Hopkins University, has met critical national challenges through the innovative application of science and technology. APL has integrated more than 50 commercially available security and information technology management products, information feeds and cybersecurity services into the IACD framework. Most recently, the Laboratory provided technical assistance and consultation to the first financial institution implementation of IACD.

Arizona

Within Arizona’s Department of Administration, the Arizona Strategic Enterprise Technology program’s mission is to deliver forward-thinking and secure IT solutions to state agencies by putting the customer first, offering world-class services and focusing on value, not cost.

Maricopa County, Arizona

Maricopa County’s Office of Enterprise Technology (OET) provides enterprise infrastructure and application support that allows the county to effectively operate on a daily basis. OET also provides IT consulting as a trusted advisor to over 30 county departments.

Louisiana

The Office of Technology Services functions as the centralized provider of IT support services for executive cabinet agencies of state government and is designated as the sole authority for information technology procurement.

Massachusetts

The mission of the Massachusetts Executive Office of Technology Services and Security (EOTSS) is to provide secure and quality digital information, services and tools to customers and constituents when and where they need them. EOTSS offers responsive digital services and productivity tools to more than 40,000 state employees as well as digital services and tools that enable taxpayers, motorists, businesses, visitors, families and other citizens to do business with the commonwealth in a way that makes every interaction with government easier, faster and more secure.

Texas

Both the Texas Department of Information Resources (DIR) and Department of Public Safety (DPS) are participating in the SLTT IOC automation pilot. DIR serves the Texas government by leading the state’s technology strategy, protecting state technology infrastructure and offering innovative and cost-effective solutions for all levels of government. DPS’s mission is to proactively protect the citizens of Texas in an ever-changing threat environment while always remaining faithful to the U.S. and state constitution.

MS-ISAC

MS-ISAC, managed by the Center for Internet Security, is the focal point for cyber threat prevention, protection, response and recovery for the nation’s SLTT governments. The mission of MS-ISAC is to improve the overall cybersecurity posture of SLTT governments. Collaboration and information sharing among members, the U.S. Department of Homeland Security and private sector partners are the keys to success.