For over 40 years, the President’s National Security Telecommunications Advisory Committee (NSTAC) has demonstrated a long track record of providing forward-looking private sector advice to the President of the United States on the most critical issues at the nexus of technology and national security. On March 7, the NSTAC issued its latest series of recommendations in a new report, Measuring and Incentivizing the Adoption of Cybersecurity Best Practices (2024).
The report makes dozens of recommendations for government policymakers, ranging from the establishment of a Cybersecurity Measurement Center of Excellence to the creation of a national Grand Challenge for Artificial Intelligence (AI)-enabled Cybersecurity.
Within these substantial recommendations is perhaps the simplest and most profound finding – organizations are spending more on cybersecurity, but struggling to understand whether their investments are measurably reducing risk.
Reducing point product complexity, what the industry calls platformization, and embracing the power of artificial intelligence may hold the solution.
Disparate Cyber Investments Are Creating Operational Complexity
The evidence is apparent in the headlines. Against a backdrop of ever-increasing risks and expanding attack surfaces, significant cybersecurity incidents are continuing. Despite significant cybersecurity investments, one core reason the NSTAC posits is that a reliance on incompatible and disparate point solutions is leading to complexity in ingesting and managing data. “The dynamic where point security solutions are developed anew for each emerging threat creates a challenge to identify operational strategies that are effective over time,” the report argues.
This isn’t the first time the NSTAC has opined on the challenges of cybersecurity market fragmentation and the benefits of consolidated cybersecurity platforms. In 2017, the NSTAC’s Report to the President on Emerging Technologies Strategic Vision (2017) warned that organizational reliance on a patchwork of point products would:
“...create a dependence on one of the least scalable resources organizations have – people – to manually intervene to combat increasingly automated, machine-generated cyber attacks.” (pages 63-65)
Embracing Automation to Measurably Reduce Cyber Risk
In addition to consolidating cyber defense assets into one platform, how else can organizations reduce operational complexity to measurably reduce cyber risk? The 2024 NSTAC report highlights the promise of AI to more effectively automate cyber defenses and optimize security investments as one solution. The report warns:
“The absence of either sufficient numbers of trained security professionals or mechanisms to scale and automate efforts to draw insights about anomalous cyber activity and action responses is a serious barrier to effectively securing our nation’s security future.” (page 10)
Indeed, network defenders have historically been inundated with massive amounts of security data across dozens of different cybersecurity products. Triaging this data in aggregate to make it actionable has challenged even the most sophisticated cyber defenders.
Fortunately, AI-driven cybersecurity platforms are helping flip this paradigm–with clear and measurable results of their effectiveness. Perhaps two of the most important metrics to consider when measuring overall cyber resilience are mean time to detect (MTTD) and mean time to respond (MTTR), which provide quantifiable data points about how quickly organizations discover and respond to potential security incidents.
Our research shows that the industry average of MTTR is 6 days, while adversaries begin exfiltrating data in just hours. This misalignment epitomizes the challenge of the point product driven, legacy-cybersecurity status quo. But there is a better way, and we’ve seen the evidence firsthand. Leveraging AI across our own cybersecurity platform, Palo Alto Networks reduced its organizational MTTD to just 10 seconds and MTTR to just 1 minute for high-priority alerts.
The NSTAC report highlights a number of specific AI-enabled cyber capabilities that can help organizations drive down incident response times and address other scaling challenges.
Salient AI-Related Excerpts
- AI-Enabled Vulnerability Management and Remediation:
“Many organizations struggle to understand and manage their internet-facing attack surfaces. AI-powered tools can help organizations continuously map the vast public-facing internet to discover an organization’s exposed assets, vulnerabilities, and misconfigurations through the eyes of the adversary, empowering human analysts to remediate in a prioritized manner accordingly.” (page 29)
- Early Threat Detection and Improved Monitoring and Alerting:
“AI/ML systems can quickly examine very large data sets such as log files... AI/ML systems can perform such reviews for anomalous activity at greater speed and scale, giving defenders a better chance to detect and stop attackers in the early stages of their attacks, even if the threat vector or attack technique was previously unknown.” (page 29)
- Improved Incident Response Capabilities:
“AI/ML systems combined with security technologies such as extended detection and response and security orchestration, automation, and response can help security teams increase the speed and efficiency of their responses to security incidents thus potentially reducing the blast radius of attacks, reducing dwell time of attackers in their IT environments, and reducing associated costs of recovery.” (page 29)
Dating back to the early 1980s, the NSTAC has built a strong reputation of utilizing private sector knowledge to anticipate future cybersecurity threats and advancements. This latest report continues in that tradition. Every organization, across both business and government, would be wise to pay close attention to its recommendations and embrace a more focused, measurable and informed strategy for cybersecurity investment. To read the full report, visit Measuring and Incentivizing the Adoption of Cybersecurity Best Practices (2024).