In late 2017, a government employee in Livingston County, Mich., plugged a personal laptop into the workplace server -- inadvertently exposing the network to malware. "We had 9,000 attacks within a few minutes from this computer," says Rich Malewicz, CIO and security officer for Livingston County. The county detected the attack and stopped it quickly using a program called Darktrace, which uses artificial intelligence (AI) and machine learning to provide real-time alerts about abnormal activity on the network. "No device on the network detected [the attack] except for Darktrace," he says. More local and state governments are eyeing AI and machine learning as tools to help combat cyberattacks, in part because hackers themselves have adopted the technology.

Over the years, I've been asked what I like best about my job. Since I spent the majority of my career in the public sector, one top answer is that I love the challenge of helping organizations with security solutions and enabling new technologies to help the business of government. I also enjoy learning and sharing what works and doesn't work in different contexts. This sharing works out in press interviews or speeches on cyberthreats, I really enjoy moderating panels and leading executive roundtables with public- and private-sector leaders at security and technology events. I often get asked to be a moderator for a few sessions at SecureWorld Expo events, InfraGard Conferences and regional technology forums, such as the upcoming MidWest Technology Leaders event. During these panel sessions, the participants typically talk about a range of (hopefully intriguing) topics that include top cybercrime trends, cyberthreat intelligence, attracting and retaining cybertalent, big industry security breaches, internal security incidents or the always interesting (but overused question) "what's keeping you up at night?" Inevitably, security and technology topics include well known themes that I have written about such as ransomware, IoT botnets, cloud computing, smart cities, smartphone security, government CISO plans, securing the smart grid, end-user training, etc. Hopefully, we get beyond the problems and spend a few minutes on solutions.

I'm often asked what I like best about my job. One of my top answers is public speaking, learning and networking at security and technology events around the world. Besides giving press interviews or speeches on cyberthreats, I really enjoy moderating panels and leading executive roundtables with public- and private-sector leaders at security and technology events. I often get asked to be a moderator for a few sessions at SecureWorld Expo events, InfraGard Conferences and regional technology forums, such as the upcoming MidWest Technology Leaders event. During these panel sessions, the participants typically talk about a range of (hopefully intriguing) topics that include top cybercrime trends, cyberthreat intelligence, attracting and retaining cybertalent, big industry security breaches, internal security incidents or the always interesting (but overused question) "what's keeping you up at night?" Inevitably, security and technology topics include well known themes that I have written about such as ransomware, IoT botnets, cloud computing, smart cities, smartphone security, government CISO plans, securing the smart grid, end-user training, etc. Hopefully, we get beyond the problems and spend a few minutes on solutions.

This past February marks the two-year anniversary when Livingston County, Michigan, was hit by ransomware. The wealthiest county in the state had three years' worth of tax information possibly at the mercy of cybercriminals. As a local government, county CIO Rich C. Malewicz said they have been a target of ransomware, but in this instance they had backups at the ready. He said the most memorable ransomware attack was a result of a watering hole campaign using malvertizing to infect users visiting a local news website. "This attack was very clever in that all you had to do to get infected was visit the website, you didn't even have to click on the page. Once the user went to the local news website, they were immediately redirected to a site hosting exploit code and the infamous page appeared demanding a ransom with instructions," he said.

To modernize cybersecurity for Livingston County, Mich., officials turned to a machine learning tool that can find anomalies in behaviors without previous knowledge of what to look for. Darktrace's Enterprise Immune System is powered by unsupervised machine learning, meaning county officials didn't have to tell it what to watch out for using rules or signatures. Instead, they plugged it in and let it run for three weeks so that it could learn about the network's typical behavior, establishing what's called a "pattern of life." Then when the system detects something out of the ordinary, an alert is issued in real time. "A tool like this works best when it's placed where it can see the traffic we're most interested in," county Deputy Chief Information Security Officer Paul Curylo said. "We placed it such that we can see traffic of interest traversing through our core as well as traffic traversing out to the internet."