2019 Forcepoint Government Cybersecurity Predictions Report 1 Introduction 03 1: The winter of AI 04 2: Industrial IoT disruption at scale 07 3: A counterfeit reflection 09 4: Courtroom face-off 12 5: A collision course to cyber cold war 14 6: Driven to the edge 16 Conclusion 19 Works cited 20 2 Introduction nnovation thrives when people can collaborate in a trusted manner, As data and digital experiences are placed into the hands of others, the I leveraging data creatively and freely through technology. concept of trust becomes even more crucial. Both government and private sector businesses can rise or fall based on trust—for example Take the commute to work, for example, as it offers a glimpse into the companies abusing their customers’ trust face millions or billions relationship between trust and innovation. Everything a person does in of dollars in regulatory fines and lost market value, as in the case of that commute to the office is underpinned by trust: they trust a train to Facebook and Cambridge Analytica. In government sectors, the 2015 run per the specified timetable, that their barista will not mix up their OPM data breach eroded the public’s trust in the agency and in the coffee order. And, since trust is established between parties, employers government to protect personal data. trust employees to protect critical data at all times, with an expectation to remember their cybersecurity training. This is especially important in In the 2019 Forcepoint Government Cybersecurity Predictions Report, a government environment, where a data breach incident could mean our Global Government Security Labs, Innovation Labs, CTO, and CISO extensive damage for a great number of citizens. As a result, trusted teams offer intriguing predictions for 2019 and beyond. We chose to not interactions are a priority for government agencies. restate the obvious—agencies will, of course, continue to modernize and shift to the cloud. Instead, we chose to explore the impact of putting trust The intersection between end-user and data is the point of greatest in cloud providers to protect government data, the impact of end-user vulnerability and the primary source of data breaches, driving cyber risk trust in those securing personal biometric data, and trust in algorithms within government environments to all-time highs. How can security and analytics successfully piloting automobiles and alerting security professionals know if an end-user login is the result of an employee’s professionals to potential data loss incidents. coffee-shop WiFi access or an attacker abusing authorized credentials? How do they know whether a user identity is behaving consistently or Our global Security Labs, Innovation Labs, CTO, and CISO teams have put erratically on the network compared to an established routine? Knowing forward their top predictions for the year to come. Read on to discover and acting on the difference between an individual legitimately trying to their predictions for 2019. How will you guide your agency through the get their job done and a compromised identity is the difference between increasingly complex trust landscape? innovation and intellectual property (IP) loss, the difference between an agency’s success or failure. 3 onstantly evolving threats in today’s The winter of AI? Clandscape have been accompanied by a considerable federal IT cybersecurity 01 knowledge gap spanning two to three years. Disillusionment sets in as AI and machine learning In an attempt to fill the void, there have been a number of discussions on how government are held accountable for can leverage artificial intelligence (AI) for their claims vulnerability and threat risk management. And why not? In other industries, these Prediction: technologies represent enormous potential. There is no real AI in In healthcare, AI opens the door to more cybersecurity, nor any likelihood accurate diagnoses and less invasive for it to develop in 2019. procedures. In a marketing organization, AI enables a better understanding of customer buying trends and improved decision making.2 In transportation, autonomous vehicles represent enormous potential for consumer convenience and safety. The Trump administration has prioritized funding for foundational AI research, making the buzz for government cybersecurity AI palpable. In the past two years, the promise of machine learning and AI has enthralled and Contributor: attracted marketers and media, with many Raffael Marty falling victim to feature misconceptions and Vice President of muddy product differentiations. In some Research and Intelligence cases, AI start-ups are concealing just how 4 much human intervention is involved in their system’s “baseline” or “normal” activity and product offerings.3 In others, the incentive to flagging anything unusual for human review. include machine learning-based products is Government analysts can then pinpoint one too compelling to ignore, if for no other threats sooner through correlation, pattern reason than to check a box with an intrigued matching, and anomaly detection. While customer base. it may take a SOC analyst several hours to triage a single security alert, a machine can Today, cybersecurity AI in both the do it in seconds and continue even after Click above to see Raffael Marty, Vice President of government and private sector in the purest business hours. Research and Intelligence, discuss this prediction. sense is nonexistent, and we predict it will not fully develop in 2019. While AI is about However, government professionals should reproducing cognition, today’s solutions are be aware that organizations are relying actually more representative of machine too heavily on these technologies without learning, requiring humans to upload new understanding the risks involved. Algorithms training datasets and expert knowledge. can miss attacks if training information has Despite increasing analyst efficiency, at this not been thoroughly scrubbed of anomalous time, this process still requires their inputs— data points and the bias introduced by the and high-quality inputs at that. If a machine is environment from which it was collected. 54% fed poor data, its results will be equally poor. In addition, certain algorithms may be too Machines need significant user feedback to complex to understand what is driving a fine-tune their monitoring; without it, analysts specific set of anomalies. cannot extrapolate new conclusions. Aside from the technology, investment is On the other hand, machine learning provides another troublesome area for cybersecurity Only 1 in 2 (54%) employees belonging to companies clear advantages in outlier detection, much AI. Venture capitalists seeding AI firms expect with extensive experience in machine learning check for fairness and bias.8 to the benefit of security analytics and a timely return on investment, but the AI SOC operations. Unlike humans, machines bubble has many experts worried. Michael can handle billions of security events in Woodridge, head of Computer Science at a single day, providing clarity around a the University of Oxford, has expressed his 5 concern that overhyped “charlatans and The gold standard in hacking efficiency, snake-oil salesmen” exaggerate AI’s progress weaponized AI offers attackers unparalleled 99% of surveyed customers to date.4 Researchers at Stanford University insight into what, when, and where to strike. identified evolving cyber attacks to be an important security issue for launched the AI Index, an open, not-for-profit In one example, AI-created phishing tweets their organization.9 project meant to track activity in AI. In their were found to have a substantially better 2017 report, they state that even AI experts conversion rate than those created by have a hard time understanding and tracking humans.7 Artificial attackers are formidable progress across the field.5 opponents, and we will see the arms race around AI and machine learning continue A slowdown of funding for AI research is to build. imminent, reminiscent of the “AI Winter” of 1969, in which Congress cut funding as results lagged behind lofty expectations.6 But attacker tactics are not bound by investments, allowing for the continued advancement of AI as a hacker’s tool to spotlight security gaps and steal valuable data. Today’s AI solutions are not built to deal with ambiguity. Humans, on the other hand, are better able to balance multiple variables and context associated with behavior to make decisions-especially when dealing with the unexpected. The cybersecurity industry can’t avoid dealing with this ambiguity. — Audra Simons, Head of Innovation & Prototyping, Forcepoint 6 etworked industrial control systems Industrial IoT N (ICS) that require “always-on” connectivity represent an expanded attack disruption surface, and nowhere is that more apparent 02 than in IoT devices. For government at scale environments, IoT sensor technologies could result in significant cost savings and efficiency Attackers seek out increases; however, there are serious concerns vulnerabilities in cloud about IoT security with regard to these infrastructure and hardware systems, given that attacks on consumer IoT are so prevalent. For example, the Department of Defense has been forced to rethink how its Prediction: service members use fitness devices after Attackers will disrupt Industrial Internet of Things (IIoT) devices discovering that service member movements using vulnerabilities in cloud infrastructure and hardware. could be tracked through a heat map created by the devices’