Lonnie Price, Peraton’s VP of cyber and information warfare, sat down with Steve King from Cybersecurity Insights to discuss the state of cybersecurity and implications for tomorrow.
May 24, 2023
Can you tell me about the impact the War in Ukraine is having on the cybersecurity landscape?
- We’ve witnessed how synchronized cyber and kinetic attacks disrupted operations, decision making, and prevented quick responses.
- At the height of the crisis, Western technology firms used modernization to help Ukraine stay operational and resilient by moving their information assets and infrastructure to the cloud. This transition helped them be able to respond at scale and in response to needs.
- Peraton’s strategic partners, like Google, AWS, and Microsoft, lent support during the conflict and helped protect Ukrainian assets from cyberattacks and anomalous behavior by mitigating and preventing threats.
This was a unique moment in history where we witnessed a crossover of public/private industry leaders to support government partnerships.
- One thing I learned in 38 years of government services is that we could not accomplish our missions without strong industry partnership. As a former government executive, I’m able to help the company tailor our solutions and provide what’s needed.
- Modernization was the key. Moving to the cloud and enhancing one’s cyber resiliency protects assets and infrastructure when kinetic locations are compromised.
- Starlink is an example of the “power of technology”, which provided Ukraine with uninterrupted communications through a secure network.
I wrote a book about how we’re not winning the cybersecurity war on industry and we’re getting trounced. How can we do this differently going forward?
- Let’s get down to the basics. Awareness and education are huge components. The messaging coming out of CISA is that basic principles, like multifactor authentication (MFA) and zero trust (ZT), need to be applied. They prevent 85-95% of potential compromises. While it’s relatively easy for people to implement MFA on their home devices, it’s extremely hard for federal agencies to implement it at their scale using legacy systems that may be outdated and slow.
- Peraton has been helping government agencies modernize along their digital transformation years before the executive order.
- We are no longer watching for adversaries to cross a perimeter in order to understand that we’re being attacked. Perimeters are shifting. You have to trust no one, at no time, at no place, which are the principles of zero trust.
What’s our biggest Achilles heel and why can’t we get to cybersecurity?
- Our cyber defenders (threat hunters, analysts, operators, incident responders) need help. We’re bringing in data from all corners of the IT ecosystem, including telemetry from multi-cloud environments, etc. at heightened velocity to increase operational visibility within the infrastructures from a security and network health aspect.
- All networks have widely varied formats, and the human cyber defenders are drowning in data.
- We need better data management and cyber-analytic tools to extract information.
- If your garage is very well laid out with storage units for each tool, you can later extract and easily find what you need.
- Peraton operates the largest US government data management platform in existence. We helped architect and build that platform. As a federal agency, you need experts who know the process – from collection and ingest to data sharing – and all the steps in between.
- There’s a very real fear across industry and we already have evidence of adversarial behavior within our networks that we won’t be able to fully detect until we have the right capabilities.
We’ve had bad guys lurking in our networks for what seems like forever. You have this huge data storage model. Are you using generative AI to further enhance the model?
- We are absolutely venturing down this path, but it must be done with due diligence. The PT for GPT is pre-training which means anything that’s contributed (in terms of queries or parameters) from around the world becomes part of the training and can be accessible by anyone.
- Federal government organizations and industry are seriously looking at the corporate and organizational policies needed to govern employee-use of generative AI.
- You can put things into the system that retrain parameters and divulge sensitive info about the organization. As much as this is an incredible tool, it can also lead to unfortunate ramifications.
You guys have put together an online training focused on building skills for cyber warriors with tabletop exercises, sims, and hack-a-thons.
- We have great academic programs at graduate and undergraduate levels where students augment their hands-on skills with internships at places within industry like Peraton, which is extremely helpful.
- Once we get these cyber candidates into our programs, we rely heavily on continuous learning. We bring together various skillsets – both offensive and defensive – and cross-pollinate expertise with vendors and researchers. These tabletop exercises are facilitated in a way that they can be applied to real world incidents with nation states.
- We do cyberattack simulations through Peraton Labs’ CyberVAN solution. You can conduct simulations and prepare your teams ahead of time.
- We participate in Hack-A-Sat last fall, sponsored by the Air Force Research Lab and Space Force, with the goal to take over the ground station and command & control the digital twin of the satellite.
- All these continuous learning activities allow us to take this knowledge through partnerships within academia where our full-time employees work with faculty and students on active programs, including classified facilities for government research and program work. This is how we strengthen the cyber workforce pipeline but we’re going to have to be patient until the workforce graduates and, in the meantime, rely on technology to help bridge the gaps.
ThreatBoard is another product of yours that’s similar to CyberVAN. How does that work?
- It’s a single pane of glass where all of the data feeds can be viewed to save human operators time. It’s an ingestion and enrichment of data that weeds out duplicate and erroneous data that needs to be observed by an actual human. It uses AI for the enrichment and national language processing (NLP) for the critical speed.
- The idea is to identify the adversarial behavior and predict it within patterns to stop it. As you mentioned, too often we’re finding out about the compromise after the initial breach, lateral movement, info has been exfiltrated or the operation’s been disrupted.
- We use scale agile for our devsec ops app development and ThreatBoard is one tool that’s available and being demoed to customers.
As vice president of Cyber and Information Warfare, Lonnie leads Peraton’s corporate strategy for cyber and information warfare. He drives the development of advanced cyber solutions across Peraton’s diverse portfolio of full spectrum cyber capabilities, including offensive and defensive cyber operations and information operations. Lonnie has extensive expertise in cyber, technical countermeasures, counterintelligence, counterterrorism, threat analysis, cyber investigations/ forensics, and emerging technologies (Internet of Things). Prior to joining Peraton, Lonnie served in senior roles at the U.S. State Department, including 17 years overseas in more than 100 countries managing security risks at various embassies.