On December 14th, GovSummit was held in our nation’s capital Washington, D.C. It was the first opportunity post-pandemic for us to meet with our peers and discuss the latest developments in cybersecurity and observability. Cyber resilience was high on the agenda. We discussed it with four of Splunk’s customers on the main stage: Rick Haugerud, Assistant Vice President for IT and CISO for the University of Nebraska system; Dr. Gina Ligon, Director of the National Counterterrorism Innovation, Technology, and Education Center (NCITE); Kodi Kirchofner, Infrastructure Monitoring Architecture and Standards Manager for the Department of Veterans Affairs; and Dana Ahrens, Chief, Emergency Response Operations (ERO) Branch with the Cybersecurity and Infrastructure Security Agency (CISA) within the Department of Homeland Security (DHS).
What is Cyber Resilience?
The concept of cyber resilience is an evolving one, but essentially, it’s a strategy to fortify structures so they can operate continuously and without disruption, even when under attack. Effective cyber resilience protects data and operational and business continuity – going beyond traditional cybersecurity defenses to build a more adaptive, proactive and embedded security stance.
A good solution for cyber resilience should provide all the tools you need to deal effectively with uncertainty. But how? Splunk brings all of your data together on a single platform, regardless of source and scale, so you can quickly and easily detect, identify and respond to incidents. Whether supervising services, ensuring the proper functioning of infrastructure, managing apps, or protecting from emerging threats, operational resilience helps IT professionals sleep soundly at night.
Cyber Resilience: Feedback from Splunk’s Customers
GovSummit 2022 was an opportunity for long-time Splunk customers to share their cyber resilience experiences and why they use Splunk.
Universities Partnering to Fight Cyber Terrorism
“Protecting the world and reshaping tomorrow”
Rick Haugerud, Assistant Vice President for IT and CISO, University of Nebraska, said his organization thinks about Splunk beyond just protecting the University of Nebraska. They also think about how Splunk can help them advance the university’s mission, which is to transform and improve the quality of life locally, nationally and globally.
The university has formed a partnership with NCITE and supports this partnership by sharing data it gathers in Splunk and insights on attacks occurring across its campuses.
The university “generates foundational knowledge for the government around the human-centered threat of counterterrorism,” said Gina Ligon, Director of NCITE. NCITE takes the data from these attacks and other threats and creates custom visualizations in Splunk to determine how they happened and then crafts prevention strategies with DHS so that they can prepare to respond quickly to whatever comes next on a global scale.
“Splunk provides NCITE and the university the visibility we need to quickly and continuously analyze these large data sets, secure research and university data and systems, and maintain compliance requirements that come from DHS and a variety of other government agencies.
DHS then uses these prevention strategies at a global scale to protect the world against terrorism” said Rick Haugerud, Assistant Vice President for IT and CISO, University of Nebraska.
The NCITE research program is made up of 19 different institutions and has a mission to produce actionable research by 2030 — combining a broad range of academic backgrounds, from social science to business to technology. “The whole goal of all of this knowledge we’re trying to generate is to be able to develop prevention strategies,” Ligon said. “It’s important for us to be able to educate about who the bad actors are that are trying to attack our critical infrastructure.”
“Building the workforce of tomorrow”
The center also seeks to address the growing shortage of cybersecurity professionals in the field. The second part of NCITE’s mission is to build the future workforce with the “most innovative, curious, and security-minded students” so they can take their cybersecurity expertise straight to federal agencies.
Cybersecurity workforce shortages and skills gaps across government were frequently discussed this year. In his session, Chris Cleary, Department of Navy (DON) Principal Cyber Advisor, Department of the Navy and US Marine Corps, discussed the challenges within his agency and how he is driving their mission forward while addressing this critical need.
“[It’s] a very nice way to get a trained pipeline growing,” said Dana Ahrens, Chief of the Emergency Response Operations Branch at DHS’ Cybersecurity and Infrastructure Security Agency. “We get folks coming up to these programs, we get to introduce them to our organizations, agencies, and mission set.”
VA Using Splunk Capabilities for Preparedness
“Seeing into the future”
The Department of Veterans Affairs (VA) is using capabilities from Splunk to see “into the future” to answer questions such as whether or not the agency will hit telehealth capacity, Kodi Kirchofner, Infrastructure Monitoring Architecture and Standards Manager explained. The VA has several use cases where it makes sense to use Splunk.
One of those use cases — and the one Kirchofner said the VA is “most proud of” — is in the telehealth space. He said the VA has thousands of telehealth visits in a day, and in the past, that data was very siloed. Using Splunk, he said his team can now see a full visual representation of their tech stack, with forward-looking capabilities. Additionally, he said the VA can help its customers determine future use cases for data they bring into Splunk. For example, he said his team is working with customers to show them how Splunk can help them along their journey and “see the value.”
“We need to know why you want to bring in that data. I’ve seen it in the past where Splunk is treated as a dumping ground, and because I have a log it has to go into Splunk — and it’s just not true. It’s not what it’s designed for,” Kirchofner explained. “So, I make it clear to my teams that are instrumenting, as well as to our customers, that we need to have a use case, we need to have a reason why we’re bringing this data in,” he continued. “And in many cases, we work with them to find that — because they don’t always know. They know that they need to meet 21-31, but they don’t know exactly what they need to bring in, how they need to bring it in, and what they can do with it.”
Resilience starts with visibility across your environment from front-end applications to back-end infrastructure. Splunk enables you to see across teams and end-to-end processes, to spot problems, investigate, and remediate. Detection leads to investigation, and investigation leads to response — Splunk’s Security Orchestration, Automation and Response (SOAR) playbooks cut response times down to minutes. Intelligent routing capabilities ensure the right people are assigned the right cases based on their expertise.