Why Investment in Autonomous Cyber Defense is Needed

Written by

Despite the many evident opportunities for lucrative careers, the number of young people opting for IT-related qualifications in schools is still falling - down 17% this year says the British Computer Society.

Compared with the shiny surfaces of using digital devices, a day job working with the sometimes ugly nuts and bolts of IT is not proving to be appealing to new generations. In response to the shortage, there are increasing calls for a national cyber-skills strategy, for creating a stronger stream of young recruits, accompanied by a new professionalization of roles and the up-skilling and re-skilling of general IT staff. It will take time before the impacts are realized for organizations and their security. 

The scale and level of organization behind the threats will look very different by then. There has already been a sharp evolution of cyber-attacks from hobby to highly organized, targeted and strategic activity, and this will only accelerate. With huge rewards on offer, cyber-criminals are patient and think terms of ongoing negotiation rather than one-off assault.

While cybersecurity will always be important - true cyber resilience comes with equal attention to cyber defense: we have become too reliant, too focused in terms of our research and development, on cryptography, firewalls, anti-virus software, authentication methods, etc.

We’ve also become too reliant on humans and human skills for a future where attack technologies will be far more sophisticated and strategic: shifted from simple programs that can override IT systems’ functionalities to scripted pervasive software capable of replication and designed to take control of systems’ security privilege management functions, and finally to remotely controlled software agents that can be activated by a Command & Control server itself masked behind layers of camouflage false IP addresses and routes. Cyber defense involves some tricky tactics.

A clumsy response from a cyber response team, looking to just switch off a system or stop a piece of malware, may spark even more damaging retaliation in terms of wiping data or causing IT paralysis. Humans can be good at handling such tactics, but are mostly late and slow, especially when it comes to complex systems.

This is why we need to be investing in the potential of non-human defenses. Developing autonomous cyber defense systems can provide the next level of sophistication needed to monitor and manage this escalation.

The growing use of Big Data and machine learning techniques will provide the ‘always on’ supervision power that any number of skilled cyber-professionals couldn’t compete with - swarms of pro-active, self-learning cyber defense agents to work across the web on the side of national infrastructure and lawful activities. These can be designed to recognize patterns of attacks and the agents can be used to manage the most appropriate forms of counter-measures for each individual attack.

This is one future for cyber defense, one that is far less dependent on the vagaries of human resources.  It will also become essential in a context where the attacks are being run themselves through their own multi agent systems, which would be impossible to defend against with solely human expertise.

To test this new technology, a first step is to create a large-scale Internet of Things simulator, involving interactions with and between millions of objects in a fast-moving cyber environment. Autonomous cyber defense is for the medium-term - we’re talking in terms of being operational within seven to 10 years - but needs to be part of cyber-resilience planning now. Under this model, fewer people will be needed to run defense systems, but for those with a supervisory role, the most valuable skills will be in Big Data analysis and strategic planning.

What’s hot on Infosecurity Magazine?