8CIOReview | | DECEMBER 2020IN MY OPINIONTHE IMPACT OF AI & ML ON CYBERSECURITYBy Michael Anderson - CISO Dallas CountyI can recall in my youth watching Star Wars and gravitating toward characters such as R2-D2 and C-3PO because they were unique and futuristic. As if it were yesterday, I remember asking myself questions like: Could the movie be a portrayal of the future? Would I see a time in my life when robots and humans had meaningful interactions? The question of all questions ­ will robots ever evolve to such an extent that they are as smart as or smarter than humans are? I could not really grapple with those questions then, but I believe I have some interesting insights now!BackgroundThe advent of the personal computer (PC) and its mainstream adoption in the early 1980's ushered in an unforeseen world of opportunity. Given the mathematical capability of the computer, research, development, and engineers flourished like never before leapfrogging technological advancement in record times. Shortly thereafter, we began to see groups of computers connecting together on local networks and over long distances via Plain Old Telephone Service(POTS) lines. PC modems were commercialized making it easy to access Bulletin Board Systems (BBS) that offered legal, illegal and other nefarious services. Information sharing and online service offerings exploded in 1989 with the introduction of the World Wide Web ­ also known as the Internet.Fast forward to present day and we see the proliferation of personal computers in all facets of our daily lives. At the very core, products, services, and information sharing are still the primary tenants of the Internet. We see advancements across just about every business vertical as a direct result of the computer. Cures for debilitating diseases, solutions for complex environmental issues and the speed with which an honest hardworking person can have their identity stolen and shmeared can occur within a matter of minutes. The age-old problem that humankind has faced since the beginning of time (good vs. evil) has worked its way into our computing lives. How do we prevent the hostile impact of computer bad actors? With Artificial Intelligence (AI) and Machine Learning (ML).The ScienceAI is an area of computer science that concentrates on the creation of intelligence of computers, also coined as machines. The big idea is to have them work while simulating human behavior. The typical activities or use cases commonly associated with AI are speech recognition, learning, planning, and problem-solving. ML is the application of AI. Software Programmers make use of algorithms and statistical models to perform tasks without specific instructions relying on patterns, anomalies, and inferences in the data. Hence the term Machine Learning. The AI and ML practices would not be possible without big data. Big data is the accumulation and continuous expansion of the source data its metadata ­ data about the source data. How does AI and ML impact cybersecurity?Red Team OperationsTaken from Military combat operations, the term "Red Team" is synonymous with the opposing force while the "Blue Team" corresponds to the defender. In this case, the red team refers exclusively to bad actors, hacktivists and nation-state actors. At the time of this writing, we have no documented cases of attacks stemming from ML. The theoretical impact or advantage ML could create for the red team is frightening. Malware programs could be written to install a specific variant depending on the vulnerability found on the target computer. Additionally, ML behavioral analytics could be trained to focus exclusively on compromising perimeters or targets with an extremely high percentage of security coverage. Instead of looking for weaknesses in the 99.5%,ML programs would focus the attack on the .05% shortfall between 99.5% and 100% efficacy. The typical cybersecurity program would not account for or detect these so-called "smart attacks". Moreover, the traditional red team evaluations, such as vulnerability and penetration tests would prove ineffective as well. Fortunately, the red team is finding it very challenging to get their hands on the hardware and software components necessary to develop bad-actor algorithms. However, powerful big data open-source platforms like Hadoop offer the opposing force the capability to ingest hundreds of terabytes of data per day. We established that the big data element is foundational for ML. Add this capability to Cloud-based platforms like Microsoft Azure, Amazon AWS and Google Cloud where bad actors can rent powerful computer resources for pennies on the dollar and suddenly, the theoretical Michael Anderson
< Page 7 | Page 9 >