The Security Detail Download: Cyber Threats to the Public Sector

The Security Detail is a podcast series by SURGe, Splunk’s strategic security research team.

Every other week, co-hosts Audra Streetman and Kirsty Paine interview security experts about the cyber threat landscape across different industries.

Episode one features an interview with Splunk Chief Cybersecurity Advisor Paul Kurtz about the top cyber threats to the public sector. In the late 1990s, Kurtz began his cybersecurity career in the U.S. government, where he served at the White House on the National Security Council as director of counterterrorism and senior director of the Office of Cyberspace Security. He also served on the Homeland Security Council as special assistant to the President and senior director for critical infrastructure protection.

Read more for a few key takeaways from the interview, or download the full episode.

1. Collaboration is key to defending against cyber threats

Kurtz says it’s time to break out of the idea that each organization is seeking to defend itself. “Are we going to continue to build castles and seek to defend those individual castles?” He asks. “Or are we going to begin working with each other and exchanging data on these threats that actually move at the speed of light?” He recommends moving to a more collaborative approach to exchange threat intelligence data. This could be through information sharing and analysis centers (ISACs), regional law enforcement agencies such as FBI field offices, or CISA’s Joint Cyber Defense Collaborative (JCDC), which aims to improve information sharing between the public and private sectors.

2. To understand threats in real time, automate the flow of critical data

Building on the collaboration point above, Kurtz said we need to begin automating the flow of critical data in order to understand what’s happening inside our systems in real time, whether we’re running on-prem, in the cloud or in an hybrid environment. One area where Kurtz says automation will be “exceptionally important” is generative artificial intelligence (AI).

“Not to be too controversial, but I think APTs (advanced persistent threats) are going to look quaint in the context of what we have now with AI and ChatGPT. CISOs are rapidly coming to grips with the idea that the pervasiveness of attacks could be much higher, far more frequent and exceptionally difficult to defend against,” Kurtz explained.

3. Digital resilience is critical

Resilience is an organization’s ability to adapt to a changing environment and respond effectively to incidents. “Do we really understand what’s going on in our networks,” Kurtz explained, “And can we mitigate risks very quickly?” To accomplish this, Kurtz says we need to have a clear understanding of what’s happening inside our networks so we can reduce MTTD (mean time to detect) and MTTR (mean time to respond).

Listen to the full interview to hear Paul Kurtz’s thoughts about SolarWinds, the U.S. Infrastructure Investment and Jobs Act, hiring challenges in the public sector and more.

Learn more about The Security Detail podcast and listen to more episodes.