While pundits in all manner of fields are predicting that 2018 will be the year where Artificial Intelligence (AI) comes into its own, that promise really will hold true in cybersecurity, and particularly in the federal government.
As we’ve seen time and again over the last few years, the federal government has been the target of an unrelenting barrage of cyberattacks and while these attacks are not always successful (see: WannaCry), there are still far too many that penetrate the national digital fortress. This is not to level any criticism against the acting federal CISO or his agency peers.
Not only are the attacks against federal agencies constant, but the tools that they have inherited are woefully inadequate. While traditional cyber defenses might be able to detect a certain range of attacks – often referred to as the “known-knowns” – they are blind against the unknown. The attacks that haven’t been seen before are the very ones that do the most damage.
Moreover, the need to provide far more robust and sure security to federal agencies is assuming an even greater importance, as agencies look to take advantage of technologies such as voice integration and the myriad of possibilities in the Internet of Things (IoT) to deliver on the mission much more cost effectively and intuitively. We’re talking about securing all interactions and data, from delivering citizen-services via home assistants, like Alexa, to protecting the warfighter while in theater.
While these are brilliant and necessary innovations, they also dramatically expand the attack surface for adversaries. Not only does this mean that security must be incorporated into the architecture of networks and systems, but that unless we can integrate a much smarter form of security, our cybersecurity teams will tie themselves in knots chasing red herrings and failing to secure much of anything from attack.
Even though security practitioners are used to their legacy signature-based defenses being minimally effective and forcing them to be reactive to security threats, rather than pro-active, there is another more effective way. It is at this intersection of defeat and frustration that AI-powered cybersecurity comes into its own.
In being able to detect the unknown events and thwart them before they develop into a full-scale attack, AI provides a far more certain and effective defense from cyberattacks. Take, for example, the WannaCry attack; we developed an algorithm that could thwart WannaCry in 2015. While no one had heard of WannaCry then and it certainly hadn’t been used as a mass exploit, it was just two years later that it was used to provoke a global crisis in healthcare and manufacturing, and supply chains. The same trajectory applies to NotPetya and will, I predict, become more common in 2018 as the number of ransomware outbreaks ticks upwards and more sectors are affected.
But if we have the tools that can adapt to, and manage, this furious volume and velocity of attacks, why aren’t we putting them in the hands of our frontline cyber defenders?
Want to learn more about the AI revolution in cyber security? Download a primer here.