Creating strong cybersecure cities of the future

By: Dean Iacovelli, Director – Secure Enterprise, Microsoft

Cybersecurity challenges are bombarding state and local governments from every angle: sheer number and increasing complexity of attacks, lack of funding, scarcity of qualified cybersecurity professionals, disparate legacy systems, and the pandemic-driven move to remote working. Currently, only 35 percent of U.S. states have specific budget set for cybersecurity. Government is the second-most attacked and the single-most breached of all industries. All of this pushes states and cities, especially smaller municipalities, into a perfect storm of threats that have the potential to disrupt essential government services.

Automation to achieve Zero Trust

In order to respond to these challenges, state and local governments must move towards a more real-time, comprehensive security model like Zero Trust. This requires continual validation of identities and security credentials across all network users and making resources available to implement them.

Automation then becomes the endgame for state and local governments: they must look at cloud scale and work towards automating both the boring and the essential to achieve Zero Trust.

To help understand the significance of the need to automate, historically in cybersecurity, we’ve gotten away with checking one place, the firewall, for one thing, location. Entities inside the firewall were considered safe and trusted but those outside it were not. That approach does not work anymore largely because of the changes introduced by the pandemic and working from home. If location is the only thing being checked, now 90 percent (or more) of your workforce is outside the firewall and the IT department is grappling with a myriad of new risk scenarios.

Today, achieving Zero Trust means you must be able to evaluate trust anywhere and in any location. Instead of checking in one place for one thing, every asset and every battleground where cyber criminals first gain access must be checked all in real-time and under many conditions. The only way to deal with that computational burden is cloud-scale and introducing artificial intelligence (AI) and machine learning to automate those processes. No army of people could ever keep up with this volume.

Frisco shores up cybersecurity

The City of Frisco in Texas is one example of a city bolstering security through AI and automation. It is relying on a suite of integrated solutions including Azure, Windows Defender, and Microsoft Endpoint Manager. The IT team is now taking advantage of the layered Microsoft security components to help protect critical data and systems while ensuring privacy regulatory compliance. With Windows Defender ATP, the team has a comprehensive dashboard for the city’s security operations that is used to detect malicious events on employee laptops and also identify which files or services were affected.

They’re able to keep track of compliance and governance measures so that sensitive data stays safe. With a large mobile workforce and increasing use of hybrid offices, the IT team has been able to bring disparate legacy systems up to date, improve cyber-resilience and create a more secure and compliant infrastructure.

Using AI and machine learning, in conjunction with playbooks that are created by real-world threat hunters, IT teams, like the one in Frisco, can automate a large percentage of those investigations. Instead of having three people concurrently investigating events over three days, AI and machine learning can run 400 concurrently in just 90 seconds. That is the kind of radical improvement in outcomes that moves a small and understaffed team from barely treading water to providing successful and proactive change.

For another perspective, internally at Microsoft we have arguably one of the largest cyber defence operations centers (CDOC) in the world. What we found when we started implementing automation in our CDOC (spearheaded by integration of our security platform and led by machine learning and AI for scale and better correlation of threat data) was that we were able to handle twice the number of alerts with the same staff. The additional benefit is this frees up the team to focus on more proactive ways to invest their time.

The talent pipeline

In the United States, the May 2021 Executive Order from President Biden is a good step towards stimulating public and private sector collaboration to fight malicious cyber campaigns. However, the threat landscape remains asymmetrical in nature and will never be a fair fight. Cyber criminals will always go after the low-hanging fruit: poorly funded and understaffed public entities. It is difficult, if not impossible, to devote only security workers to the problem because the resources required to defend far outweigh the resources required to attack. This leaves municipalities facing a perpetual resourcing gap.

To help address these distinct challenges, Microsoft is partnering with the American Association of Community Colleges, the National Cybersecurity Training & Education Center (NCyTE), and the Last Mile Education Fund to help skill 250,000 people in cybersecurity by 2025. Community colleges play a critical role in preparing students for in-demand technical roles and this programme is providing colleges with faculty professional development, grants for cybersecurity programmes, scholarships, and ready-to-teach curriculum materials. Annually, only three percent of US students are attaining a credential in computer and information sciences and this will help build an inclusive pipeline of professionals that can quickly enter the workforce.

The endgame: Integration and automation  

Microsoft is committed to helping address the many challenges and cybersecurity gaps across this landscape. Governments need to have thoughtful and thematic approaches for developing and maintaining security plans that focus on the endgame: moving towards automation and integration across disparate legacy systems. This approach will help ensure better data protection and increased resiliency for business operations and essential government services.