Tracy Barnes, chief information officer (CIO) for the state of Indiana, said the use of artificial  intelligence (AI) and machine learning (ML) technologies are a crucial component of the state’s automation strategy. Employing the latest automation tech, he said, helps the state punch above its weight in the continuing battle to protect networks and data against cyberattacks.

Speaking on September 27 at MeriTalk’s State Tech Vision online event, Barnes said his operation is investing in AI and ML security automation tools as a way to overcome the scarcity of available cybersecurity talent as security threats “continue to evolve … and are moving faster than we can keep up with them.”

“For any IT leader that does not have those [automation] items on their priority list, they’re missing out,” Barnes said.

“The talent shortage has had a major impact and will continue to be a limiting factor not just for us, but for any organization that is in the position that we’re in,” Barnes said. “So that’s where we have to look at that additional investment in those automation tools and things like artificial intelligence and machine learning, and how do we utilize technology to help offset some of the limitations we have with resources.”

Employing automation tools, he said, is aimed at giving his operation’s security analysts “a lot more ‘hot’ items to pursue” as they monitor possible intrusion attempts, versus “the large volumes of ‘cold’ items that we’re constantly receiving” through voluminous log data that can bog down his security staff.

The clear value of AI and ML tools, he said, is allowing his security analysts to “look in the right places” for more serious threats.

“We can’t do it all ourselves,” Barnes said. “We will continue to chase the goal, but there’s no way we’ll be able to get completely in front of it. The goal is to stay up beside it and not get too far behind, and AI and ML and tools of that nature are crucial in order for us to make that happen.”

Leading the discussion at the State Tech Vision event was MeriTalk’s Senior Advisor-Government Programs John Thomas Flynn, who is former state CIO for California and Massachusetts, and past president of the National Association of State Chief Information Officers (NASCIO). He asked Barnes about the kinds of cyber incidents that his operation sees frequently, and how automated tools are helping in the defense.

“One of the big ones that we look out for and we’re utilizing our tools to try and manage are those brute force attacks where we know that the threat actors have in some capacity identified a user list or a password list, and they’re scripting and automating their tools to keep trying various flavors and variations of passwords, just to try and see what works,” Barnes said.

“Those types of activities are very easily picked up by the AI/ML setups and configurations, and that can give some indication that we have too many attempts coming from one location [so] that we can step in and start to put some stronger Internet Protocol monitoring in place or block the connections completely,” he said.

“Denial of service attacks are also areas where you start seeing large volumes of attempted technology scripting to reach or impact or impair an environment,” Barnes said. But those kinds of exploits, he said, have “a lot of heuristics and indicators that identify where there’s a concern [and] that someone should be checking into and someone should be putting some extra tools in place and extra attention on to prevent and to mitigate.”

To hear the whole conversation, please access a full replay of the September 27 event.

Read More About
John Curran
John Curran
John Curran is MeriTalk SLG's Managing Editor covering the intersection of government and technology.