State and local governments – facing technology skills gaps and difficulties hiring and retaining talent – can be especially vulnerable to cyber threats. Increasingly complex network infrastructures add new cybersecurity challenges. In a recent interview with MeriTalk, Mike Lauer, national director of public sector at Fortinet and former chief technology architect for the state of Iowa, discusses how platform approaches coupled with artificial intelligence (AI) can give state and local governments the boost they need against threat actors.
MeriTalk: The adoption of new technologies and the shift to hybrid work models have led to more complex network infrastructures, making it difficult to manage and secure them effectively. In your experience, what are the top technical or organizational challenges for state and local governments as they secure their networks?
Lauer: The big challenge on the organizational side is that state and local government security teams are overwhelmed. There is a scarcity of skills, it’s difficult to hire and retrain staff, and retirement rates are high. On the technical side, device inventories are sprawling, data volumes are massive, and teams are dealing with a lot of security events. Those attacks are no longer common phishing email campaigns. They are evasive, staged attacks. Siloed security tools and fragmented perimeters create more complexity.
MeriTalk: How does the evolving cybersecurity threat landscape contribute to these challenges for state and local governments?
Lauer: The basic issue is that what has worked in the past is not working now. It’s not that threat actors are doing things we’ve never seen before. They’re just doing them faster and breaking them up into siloed events that are harder to see. Traditionally, we’ve had provision-oriented security technologies that enable us to block threats by domain, tactic, geolocation, or some other attribute. And while that still might work in some cases, breaking attacks into stages makes it hard for us to react – especially because data volumes are enormous. It’s like looking for a needle in a haystack.
MeriTalk: As state and local governments modernize their cybersecurity strategies to solve these challenges, what new approaches or technologies should they consider, and why?
Lauer: The two approaches I get asked about are platforms and using AI to implement automation. Platforms can help with staffing and expertise challenges, provide better visibility into data volumes, and increase visibility and interoperability – and manufacturers are including native AI tools that have automation built in.
We’re seeing state and local governments realize significant benefits from the platform approach in secure networking and security operations. We have a platform approach at Fortinet with our Secure Access Service Edge (SASE) and FortiOS. The Fortinet SASE enables secure access to the web, cloud, and applications for the hybrid workforce, while simplifying operations by consolidating security tools in a single management console. FortiOS is the foundation of the Fortinet Security Fabric, which converges security and networking tools across on-premises, cloud, and hybrid environments, as well as IT, OT, and IoT infrastructure.
One of the main components of SASE is a next-generation firewall (NGFW). All networks should have a robust NGFW in their architecture. We tend to take this device for granted, but it really is the core enabler of all security networks. Having a strong NGFW enables and multiplies capabilities for public sector-based networks. A great example of this is deep packet inspection (DPI) on encrypted data. More than 95 percent of all data on the internet is encrypted. How do you know what’s in that data packet? Is it legitimate data payload or malware? Where is that data coming from or going to, and what is executing that data? Without a NGFW that enables DPI, you are blind to what is really going on in and out of your network.
Before you dive into platforms, though, it’s important to ask broader questions like: What are you trying to gain? Do you need visibility? Do you understand your inventory? Does your staff have the expertise to get you there, even with limited resources and budget? Once you answer those questions, you understand how the platform can help you. Asking lots of questions helps you buy what you need, not the latest shiny object.
MeriTalk: Where is AI being used most effectively in network security today?
Lauer: Predictive AI and generative AI are the two big use cases in cybersecurity. Predictive AI is king in the network platform and network security. It is helping state and local security teams get their foot up on threat actors because we have good models that have been trained for threat intelligence and anomaly detection. These models have helped us identify and stop some significant threats. AI can act based upon approved, built-in playbooks, notify you about the action it took, and invite you to review it.
Generative AI is streamlining threat detection and remediation in the security operations center (SOC). You’re starting to see a lot of manufacturers, including Fortinet, create agents that you can interact with in the SOC. You can use these AI agents like chatbots and ask them in real time, ‘I want to identify this flow server issue. Can you help me understand what’s going on here?’ The agent will automatically bring up the tools that you might have to go through – in a couple of clicks on your management platform. Ultimately, the agent will give you a single output, recommend the next step, and ask you if you want to execute it.
MeriTalk: What results should state and local governments expect from investments in new network security approaches and technologies, including those that incorporate AI?
Lauer: Cybersecurity has historically been a race between threat actor and defender, and we’ve always had a really hard time gauging baselines of operations. That’s what a platform and AI help you do – find measurably lower mean times to detect and remediate threats. In the SOC, for example, the AI has offloaded the initial triage steps from the analyst, who has an interface that provides the full scope of the issue. The AI agent is being trained on trusted data and understands the parameters of the platform. The process of detecting and remediating threats can be reduced from 12 to 15 hours to less than an hour through our platform.
On top of that, AI and platform approaches help state and local governments create playbooks for responding to specific issues. In my past life, I was chief technology officer for eight agencies in the State of Iowa, dealing with critical services. We had standard operating procedures and continuity of operations plans, but we didn’t have time to create playbooks for everything. That’s a challenge across state and local governments. Now, generative AI is going to help us create playbooks for specific situations and systems, so we can respond even faster.
MeriTalk: What are the key questions state and local governments should ask vendors as they evaluate new network security technologies and approaches?
Lauer: To start, ask something like: How are you going to help my team remediate threats faster? Ask them in detail what their technologies do today. Don’t hesitate to ask basic but important questions like: Do you support automation in your platform, and can you show me how it works? What does your product testing look like?
You also want to talk about integration, because not everything is going to be 100 percent interoperable around the world. So ask vendors: What are some integrations that you have that might work in my current environment? And what can I expect from deploying this solution? You can ask probing questions like: How do you find your own vulnerabilities? Everybody has them. So find out if they are proactively, internally, searching for their vulnerabilities.
It’s okay to be granular. It’s okay to be that annoying person because you are making a critical investment of taxpayer money.