Like many other areas the emerging field of artificial intelligence will transform how we secure our critical data and infrastructure and how our adversaries will use it to exploit our weaknesses.
The use of AI is today a growing threat to information security, and our critical infrastructure. We know our political adversaries and criminal hacker alliances flush with Ransomware cash, are investing heavily in AI as an offensive weapon. They’re making good progress.
With respect to Information Security, we know there are three traditional pillars: Confidentiality, Integrity, and Accessibility. All face increasing risks.
The ability to keep data confidential is clearly threatened by AI to legacy systems and applications. Machine learning can be very effective in hacking poorly designed and tested code enabling data corruption and extraction. The older the code the more vulnerable it probably is.
No amount of “Patch Tuesdays” can overcome a process that relentlessly probes and tests for
weaknesses in applications using a constantly learning algorithm.
Malware that constantly morphs into newer versions can defeat traditional signature matching detection and prevention. We must reduce the ability to introduce malware by reducing the areas where intrusions can occur or “attack surface”. Implementing zero trust designs can help addresses the issue by reducing the “attack surface” by treating each interaction or request as an intrusion until the legitimacy of the request can be positively confirmed.
The integrity of communications and collaboration can also be distorted to an adversary’s advantage – especially using deepfake tools. The ability to a fully create a completely realistic online version of anyone saying anything is in our near future.
Deepfake attacks are happening now, and deepfake tools are growing in sophistication. Good tools to create your own deepfake video are available today for download. Detection now requires special scanning tools to detect minor image abnormalities and are the only way to detect real from fake images, videos, and voice.
Collaboration tools face rapidly growing threats from artificial intelligence that may threaten the trustworthiness of online. You could soon have a convincing zoom call with a deep learning created version of your co-worker or boss. Recently hackers used a deepfake voice and forged emails to convince a manager to transfer $35 million to their account.
Siri & Alexa are still both funny and frustrating to use. These AI based tools are rapidly improving their ability to listen to complex speech, process, and give detailed intelligent responses approaching increasingly normal speech.
AI industry leader DeepMind is rapidly optimizing their WaveNet product used by Google Assistant and others, to create very sophisticated artificial speech responses. The new version of their AI technology produces realistic voices for responses to queries and does this 1,000 times faster than the previous generation with dramatic drops in needed processing power. Our adversaries are investing heavily in AI and it would be safe to assume their systems are as good or better than ours.
While it would be nice to have a synthesized version of yourself show up to online meetings while you sleep off last night’s party, there are big implications and challenges to integrity from deepfake AI based attacks.
The same AI techniques used to penetrate our information systems can of course be used to degrade and disrupt accessibility to information. Of special concern is the ability of AI to probe weaknesses and gain control of our critical infrastructure systems – especially those with legacy controllers.
Loss of accessibility to everything from GPS to military communications is a greater danger when AI is used to find weaknesses.
As Presidio Federal represents most of the leaders in Cybersecurity, we evaluate the best technologies when designing solutions, and we look at the growing incorporation of AI’s into security tools. Like other AI uses, incorporating machine learning to defend the network is continuing to rapidly mature. Traditional security providers are heavily investing in improving their products and well-funded startups are exploring new approaches.
At this point machine learning uses for security is in a maturing stage. Currently one of the best uses is to augment existing log analysis techniques to provide responses for humans to evaluate.
Machine learning is being incorporated into zero trust tools, especially access management to analyze the changing risk levels in order to decide when to approve requests.
Machine learning used in log analysis is especially effective in distilling a few significant events from a sea of unimportant events. It can look at a long horizon of normal baseline activity to find subtle patterns that traditional analysis tools may miss.
Like Signals Intelligence, machine learning can examine patterns of malware attacks in encrypted traffic.
However, some problems exist.
At this point incorporating machine learning to defend the network is continuing to rapidly mature and innovate and we expect rapid advances in functions and usability in the future.
It is hard to plan for security with the many future unknowns AI brings. Hackers are too clever and well equipped, the opportunities for intrusion are too vast, and using AI in the future will greatly increase hackers’ chances.
What we know is that throwing products and money at current network designs will not solve today’s security issues – much less future ones. Taking a traditional “castle-and-moat” design into the cloud will create even more opportunities for intruders.
Fundamental network redesign is needed to meet the challenges of an AI enabled attack. A hardened environment to vastly shrink the ability for an intruder to get in, move around, and get anything out is needed. The tools to support this re-design are available today. Planning for cloud adoption is an ideal time to consider this re-design. The security solutions currently used may not provide visibility into cloud applications. Look at security solutions that monitor both premise and cloud infrastructure.
Point solutions to problems creates a disjointed response and a typical network may have 40 or more individual products in their security suite. Look to products that can consolidate all phases of security response – including your current products. Bring those products into a unified “single pane of glass” where security detection and responses can be quickly implemented. Security orchestration, automation and response (SOAR) products that provide these features are quickly emerging.
As future AI threats emerge you will have a network designed to adopt new capabilities incorporating increasingly sophisticated AI to counter the threats from AI.
First, embrace the principles of zero trust, micro segmentation, and limit access to only what is required. Protect your data by assuming all requests for access to anything is an intrusion attempt until proven wrong. Remove all passwords for users, admins, and software and require secured access. Eliminate any way for data to leave your cloud or premises without explicit permission.
Second, improve your code pipeline beginning with acquisition. Insist any software entering your environment has been designed with security baked in and know where it came from.
Third, realize your legacy applications may not adapt to newer security requirements. Plan for a tech refresh.
Finally plan and budget for future security costs, 2023 budgets are being planned for now, and a typical federal budget for security is only 4% of the IT budget. That is not close to what is needed to protect from an AI future.
Pure is redefining the storage experience and empowering innovators by simplifying how people consume and interact with data. Pure is delivering a modern data experience—empowering agencies to run their operations as a true, automated, storage as-a-service model seamlessly across all clouds
Our team doesn’t disappear after delivery. Your federal workforce and systems will be supported with the right level of resourcing and thought leadership to take your systems into the future.
We leverage the knowledge and experience of our extensive partner ecosystem to create an environment of collaborative efficiency. The teaming process is agile, accountable and transparent. We work with clients to make sure that their entire chain of command is well-informed and educated. No surprises, only mission-driven delivery of innovation.
Our solutions leverage proven Knowledge Centers to repurpose relevant past experience for efficiency, but are then customized to match the moment and unique circumstances of an agency customer. We bring the right partners to the table to collaborate around architecture and design and then innovate beyond the challenge; often introducing next-level opportunities for automation, collaboration and commerce. Our solutions address those modernization challenges that require breadth, depth and a level of technical thought leadership that comes with a team that has worked both inside and outside government. We often work with agency customers as they are thinking through a problem and arm them with the tools and knowledge to articulate project scope, timing and budget.
We are wholly mission-focused, providing our government clients with broad and deep technical expertise and independent perspective on leading technology solutions. We take the time to deeply understand client challenges from the start – as well as their definitions of success. We guide them in harnessing advances in emerging technology while also looking ahead to anticipate future applications and opportunities that are entrepreneurial, ripe for automation.