The Johns Hopkins University Applied Physics Laboratory (APL) and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) are teaming up to help state and local governments enhance their online defenses.

Under a pilot program, Arizona, Louisiana, Massachusetts and Texas, as well as the Multi-State Information Sharing and Analysis Center (MS-ISAC), are applying Security Orchestration, Automation and Response (SOAR) to this effort. SOAR tools enable organizations to collect security-threat data through multiple sources and perform triage response actions significantly faster than with manual processes.

This initiative will enable state, local, tribal and territorial (SLTT) governments to share information quickly and broadly – in near real time – and leverage automation to prevent or respond to cyberattacks.

Specifically, the SLTT Indicators of Compromise (IOC) automation pilot will focus on the curation of the feed and the processes used by the participants to triage, prioritize and act upon the resultant IOCs. Automation and orchestration will be used to gain efficiencies in tasks, processes and resultant actions for the producer and consumers of the IOCs. In particular, the program will:

  • Identify key areas for potential reduction of manual tasks
  • Promote actionable information sharing across government levels and agencies
  • Identify orchestration services needed to integrate responses – such as sensing, understanding, decision-making and acting – to cyber threats

The effort stems from recent APL research and pilot programs with critical infrastructure industries that showed how automated information sharing can shore up cyber defenses by reducing response time.

Using the Integrated Adaptive Cyber Defense (IACD) framework, developed by APL under an effort sponsored by DHS and the National Security Agency for cybersecurity automation, orchestration and information sharing, response time dropped from 11 hours to 10 minutes. In some instances, preapproved responses were implemented in one second.

The results of the pilot, anticipated this fall, will be technology agnostic and could serve as a model for other states and local governments to augment their cyber defense capabilities quickly and easily.