North Dakota Cybersecurity Chief Michael Gregg said his state has turned to automation and machine learning in order to keep up with the growth of its security toolset, which has grown by about 200 percent in the last year.
During a June 29 GovLoop event, Gregg explained that AI and machine learning have served as a solution to keep up with the state’s security toolset’s growth, without having to hire more staff.
“Obviously, you would think I’m going to have to have more people and more staff to deal with these security incidents and issues that come up,” Gregg said. “We said, ‘how can we handle 200 percent more as far as our alerts, but with the same amount of staff and the same individuals we have now so we don’t have to grow that stat?’ What we actually came up with was automation and machine learning.”
Gregg said his team was able to come up with a list of five to 10 items they could automate that they felt would offer “the most bang for the buck.” However, Gregg wanted to ensure they could prove those items offered the “the most bang for the buck,” and that the “juice is worth the squeeze.”
“What we did is we built in the key metrics up front,” he said. “So, when we built in these key metrics, and then we went to implement each one of these items, we looked back and we could measure before and after.”
“As an example, through the use of automation, we were able to cut about three FTEs [full-time equivalent] worth of work per year out of what was manually done, and we now have that in an automated process,” Gregg said.
Throughout this process, Gregg said the state brought together its automation engineers, resident engineers, and analysis and response team. He explained that the analysis and response team is the one that typically responds to incidents, but the state put the other two teams with them “for a few hours each week [to] work through these incidents together as a group.”
After four months of working together, Gregg said the teams were able to bounce ideas off of each other and find new ways of doing things.
“That drastically reduced the amount of time our analysts have to spend on keyboard in front of these incidents – that we can automate this and automate this process,” Gregg said. “So, by putting these individuals together and having them work as a group, they then started to communicate more, communicate more openly, and share those ideas that they had with the others.”