The adoption of a new statewide threat intelligence platform will enable Oklahoma's IT agency to better share information about bad actors with the other public entities throughout the state.
Oklahoma has announced the procurement of a statewide threat intelligence sharing platform, giving its Office of Management and Enterprise Services (OMES) a new tool by which to improve its overall cybersecurity posture.
OMES's new partnership is with security vendor Anomali, whose flagship platform ThreatStream will help share threat data with public agencies, municipal offices, and police departments throughout the state.
“All public organizations are targeted by nefarious actors with extreme frequency, Oklahoma is no exception. Since the beginning of the current global health crisis, we’ve experienced a spike in related attacks,” said Matt Singleton, the state's CISO, in a statement. “Anomali will show us who the attackers are, when they are coming after us, and provide context needed to prioritize and speed our response to the most serious threats we face.”
Threat sharing has long been a crucial part of cybersecurity, but it hasn't always been an easy process to streamline. Sharing information effectively requires the ability to “cut through the noise” — to sort through large amounts of data, identify what is relevant (and what isn't), and convert it into actionable intelligence. Threat intelligence platforms (TIPs) have become popular in recent years — showing how automation and algorithms can be leveraged to aid human cyberanalysts in their quest for greater clarity.
Like a lot of companies in its industry, Anomali promises its platform can solve some of the persistent issues that thwart analysts, allowing them to more effectively collect, organize and manipulate large amounts of threat data and operationalize it towards their strategic security goals.
“ThreatStream can ingest raw Threat Intelligence data from a wide variety of sources, including hundreds of commercial and community Threat Intelligence feeds, structured documents such as spreadsheets and databases, and unstructured documents,” said Anomali CEO Hugh Njemanze, in an email. “Among other things, it makes it easy to ingest Intelligence from disparate sources into one system, while taking advantage of machine learning algorithms to weed out false positives or 'red herrings' from the data, greatly improving signal to noise.”
Oklahoma's Cyber Command, which operates from within the Information Services Division of OMES, includes a Security Operations Center (SOC) which is responsible for monitoring threats throughout its environment. With ThreatStream, the SOC will be able to more effectively communicate about those threats to entities throughout the state. That's a good thing, given the new challenges the novel coronavirus has created for secure governance.
Njemanze explained that as indicated by Anomali's new partnership with Oklahoma, his company had seen a definite rise in interest since the beginning of the pandemic. The public health crisis has "resulted in several new threats," he said, noting the uptick in unemployment fraud and phishing schemes that have pervaded the public sector in recent months.
Like a lot of other states, Oklahoma has had its share of cybersecurity issues this year. Just two weeks ago, hackers wormed their way into a public school data system operated by OMES, managing to deface the system's landing page (while no data was apparently compromised, it was surely an unsettling incident for security staff, nonetheless). At the same time, the state has also struggled with its fair share of COVID-related security issues, including ransomware attacks and unemployment fraud via a notorious Nigerian hacker ring.
"Invariably, when we start talking about intelligence sharing I get asked the question, 'Does it really matter?'" said Singleton, speaking Thursday at a webinar about the new partnership. Singleton launched into an explanation of why it does: a critical element in the fight against the recent COVID-related cyberschemes has been threat intel, he said. "Every state has been struggling with this, but we're actually using intelligence to better inform our defense, our preventative efforts and [security] controls we've put in place, and really to inform our investigations," said Singleton, explaining that to combat such new threats, knowing who the bad actors are and how they are operating is critical.
Looking for the latest gov tech news as it happens? Subscribe to GT newsletters.