One of the fundamental problems is that the internet wasn’t designed with security in mind.
With criminal hackers becoming more effective at breaking into computer systems, cybersecurity researchers, government agencies, and academics are looking to artificial intelligence (AI) to detect — and fight — cyberattacks.
In fact, in the past year, security startups, academics, government agencies, and some of the largest digital security firms in the country have invested heavily in AI technology for cybersecurity, believing that recent advancements in processing power could allow computers to outperform humans when it comes to many aspects of defending networks. What exactly is AI and could it make a difference in protecting your company? Michael Whitener, partner at VLP Law Group, sat down with Inside Counsel to discuss this topic in depth.
Today, AI is generally defined as technology that enables machines to simulate intelligent human behavior such as thinking, learning, reasoning, planning, etc. But today AI is increasingly able to accomplish “unhuman” tasks, such as instantly sharing knowledge and cooperating with a network of AI agents to solve problems. So, the big question is “will AI revolutionize cybersecurity? The answer is yes, according to Whitener.
“Reliance on current security monitoring tools (anti-virus software, firewalls, encryption, secure protocols, etc.) is proving to be ineffective,” he said. “The only hope is ‘intelligent’ IT systems that not only react instantly in real time to cyber threats, but are constantly learning about new threats on the horizon and how to detect and respond immediately to them.”
The fundamental problem is that the internet wasn’t designed with security in mind. Internet data flows are governed by something called “border gateway protocol,” or BGP. According to Whitener, BGP is sometimes jokingly referred to as the “three napkin protocol,” because supposedly one day in 1989, a couple of engineers sat down for lunch in Austin and worked out BGP on three napkins. BGP was intended as a short-term fix, but by default it ended up as the global internet standard.
Unfortunately, BGP is inherently insecure and vulnerable to attacks, because there’s no governing map or authority deciding how internet traffic gets routed. He explained, “With so much of the value in today’s economy tied to the internet in the form of digital data, it’s no wonder that the old-fashioned crimes of theft and fraud have migrated to cyberspace. In the cybercrime arms race, the criminals are managing to stay one step ahead of security measures, constantly probing for IT system vulnerabilities and developing new tools for exploiting them.”
There are many things that cybersecurity researchers, government agencies, and academics can do with AI to detect — and fight — cyberattacks, according to Whitener. First, there are nature-inspired AI technologies that mimic biological systems — these technologies work like a biological immune system does — detecting and inoculating against intrusions just as a living organism would, adapting to changing environments and capable of continuous and dynamic learning.
Second, are multi-agent AI techniques that allow the agents to communicate with one another, sharing data and cooperating to combat cyberattacks. Third, genetic algorithms, which are a machine learning AI approach based on the theory of “evolutionary computation,” which allows for adaptation to changing circumstances and development of rules for different types of security attacks.
There has been an explosion of research and investment in cyber defense over the past decade (currently $75 billion annually by one estimate), with no end in sight – the prediction is $170 billion by 2020. AI applications are driving a lot of this investment, since they hold the greatest promise, according to Whitener.
For example, IBM recently announced “Watson for Cybersecurity,” a partnership between IBM and several research universities aimed at harnessing the power of IBM’s Watson computer (famous for dominating the “Jeopardy!” TV game show) to protect against cyberattacks. The first step in this project is feeding a huge amount of data into Watson about security vulnerabilities, spam messages and malware.
Even with current state-of-the-art security monitoring tools, companies and government agencies may only learn of cyberattacks after they’ve occurred and the damage has been done. AI permits instant reactions in real time to cyberattacks or data breaches by detecting changes in the network and user behavior.
In addition, it enables an IT system to learn what may constitute suspicious activity signaling a cyberattack and immediately launch countermeasures to protect the system. Conventional IT security measures, which rely on fixed algorithms are simply not effective in fighting against evolving cyberattacks.
He said, “These dynamic capabilities are what enable AI-fueled cybersecurity protocols to outmaneuver the bad guys.”