What cybersecurity can learn from the automotive industry

What cyber can learn from the auto industry

Henry Ford was on to something with the Ford Motor Company. He wanted to democratize vehicle ownership and enable the masses to afford transportation.  In 1908, the Model-T sold for $825. By 1925, it sold for only $260, making it more affordable to individuals everywhere.

I know. It's not exactly cutting-edge automation in today's terms.

The use of robotics in modern assembly lines was introduced in the 1960s by General Motors. Robots and automation have been common in modern plants since then. What does robotic automation do? Some will argue it takes jobs away. I don't see it quite that way. 

The Bureau of Labor Statistics estimates more than 800,000 unfilled jobs in the automotive sector. Even with robotics and automation, auto companies still find meeting demand a challenge.

Automation has relieved human workers from many repetitive, soul-crushing, and potentially risky tasks. For example, a class of personal injury lawyers specialize in repetitive motion injuries. 

But there are many benefits. As Robotics and Automation News reports, the robots are used in tasks such as attaching car seats and door handles, connecting frames, and bolting bulky parts together, such as engine hoods, hatches, and wheels.

The cognitive abilities of humans still outstrip what robots can do in making subjective decisions about quality assurance, scheduling, and unanticipated events.

The robotic assembly line can also work 24-hour days. It needs no breaks, only routine maintenance and upgrades to hardware and software. It doesn't get bored with repetitive tasks. And so far, I have yet to hear of a single personal injury lawsuit filed on behalf of a robot. (Give it time.)

What lessons can we take from the automotive industry? There are too many to count. But let's try.

To defend against the proliferation of threats and threat actors, we must ensure everyone can afford and adopt a baseline capability that automates and democratizes the security operations center.

Like the automotive industry, cybersecurity execs still struggle to fill open positions. We are not hiring our way out of this deficit. According to CyberSeek, there were 469,930 openings this year requesting cybersecurity-related skills, and employers are struggling to find workers who possess them. On average, cybersecurity roles take 21% longer to fill than other IT jobs.

What are some of these jobs? They are repetitive, soul-crushing, and potentially risky tasks like collecting and analyzing terabytes of log files. Or working long hours on a data breach, stopping occasionally for an infusion of caffeine and some type of chips. Getting the proper rest, exercise, and eating healthy doesn't rank near the top.

Automating the SOC requires increasing the speed and precision of the decision-making process, taking care of routinely overworked analysts, and leveling the playing field. Many of the routine tasks that are low-value activities rob many analysts from the ability to perform high-value activities. 

We can start at Tier 1 by automating the triaging of raw data and alerts and determining the priority for response. If there’s a human in the loop, they should serve as a room monitor, making sure there are no hijinks and everything runs smoothly. The use of AI and LLMs – large language models – unleash Tier 1 SOC analysts to focus on higher-value outputs of the automated analysis.

It's not like the Tier 1 SOC analysts are the Spartans, and all they have to worry about is Xerxes and his huge army. In this scenario, at least it's one adversary, and the team can have a good idea of where they are.

However, we also have to face that multiple huge armies funded by nation-states are attacking from all directions, using all manner of tactics, tools, and procedures. Analysts are overwhelmed and get alert fatigue, which forces them to pick the least worst option sometimes.

A modern autonomous SOC should require fewer people for Tier 1. Through AI-driven automation and using LLMs, when an issue gets escalated to Tier 2, it should run like the operating room in a hospital. Make everything ready for the Tier 2 SOC analyst to gown and glove up, spending no more time than necessary to operate and save the patient.

Even surgeons need expert assistance. In that case, a Tier 3 analyst, armed with data distilled down to the absolute essence of what’s required, equipped with all the facts in context, can hunt down the big game. 

Developing new and critical skills makes more sense than the usual, a rote dissection of a terabyte of log files to sort out an issue. Automation allows resolution and remediation to occur nearly instantaneously. Before a Tier 1 analyst can jump out of bed to answer the fire alarm, an autonomous SOC has already fixed the problem.

Autonomous response capabilities serve a bigger purpose: unleashing the creative and cognitive abilities that only humans possess. No machine can think like a person...yet. When companies use automation strategically, it lets analysts focus on higher-value activities while dispensing with mundane, repetitive tasks, adding value and worth to their jobs.

Morgan Wright, chief security advisor, SentinelOne

Morgan Wright

Morgan Wright, an internationally recognized expert on cybersecurity strategy, cyberterrorism, national security, and intelligence, serves as a senior fellow at The Center for Digital Government, chief security advisor for SentinelOne, and the chief technology analyst for Fox News and Fox Business. In addition to 18 years in state and local law enforcement as a state trooper and detective, Morgan has developed solutions in defense, justice and intelligence for the largest technology companies in the world, including Cisco, SAIC, Unisys and Alcatel-Lucent/Bell Labs.



Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.