How Will Artificial Intelligence Change Cybersecurity?

According to recent research conducted by Trend Micro, Artificial Intelligence (AI) will replace the need for human beings by the end of 2030. It means AI will play a crucial role in reducing the cybersecurity skills shortage in the future.

Cyber has traditionally been about machines and sensors producing, collecting, and sometimes aggregating data from across your network and boundaries, with humans throughout analyzing the data and trying to make sense of what actions to take, if any. Humans are working to keep up the defenses, and if there’s an attack, humans will work on ways to remediate the damage. It’s a very human-centric approach. Even the way our organizations are set up is based on humans, such as CISOs, network operators, and cyber warriors.

With AI, we will go from a human-centric world to an algorithmic-centric world. This will allow us to go from responding at human speed to responding at machine speed. How we approach cyber is going to fundamentally change. It’s like we were in the era of bi-planes, but someone’s about to introduce jets. Buckle up.

WHAT DOES AN AI-POWERED CYBERSECURITY ATTACK LOOK LIKE?

At our current rate of technological innovation and with broader access to AI tools, it is not inconceivable to think threat actors are building machine learning into their attack systems right now. In the near future, we’re going to see AI-powered cyber-attacks happening here in the U.S., including against our critical infrastructure.

Consider the scenario where a threat actor builds an AI-powered attack tool to exploit the network of a critical infrastructure entity. Imagine the attack system then hits a firewall that blocks its entry. In this scenario, the adversary’s AI-enabled tool would feed that information back into a reinforcement learning algorithm, which would adapt and launch another attack at machine speed to see if it will work. Rinse and repeat. And repeat. And repeat.

HOW AI CAN HELP CYBERSECURITY

Shutterstock 754753744

While this is certainly a challenge to those charged with protecting against these attacks, with the right combination of private sector innovation and government partnership, we can use these same technologies to help our cybersecurity posture. AI will power a new kind of defense within a machine-to-machine cyber battlefield that keeps us one step ahead of malicious threat actors.

The key will be flipping the script on the current “human-must-be-in-the-loop” approach of identifying and responding to breaches and move towards a machine-first model. By using advanced technologies, as our adversaries will, we can go beyond leveling the playing field to actually giving us an advantage. We can predict attacks by watching adversary activity and evaluating it with a machine learning model trained on hundreds of thousands of previous attacks. We can know their next steps, and proactively prevent them from succeeding even before the bits hit the wire.

Currently, most cyber defense approaches focus on or recommend “pulling the plug” and shutting systems down when a vulnerability is exploited or a breach has been identified. But making it so the adversary cannot operate in the short-term doesn’t necessarily solve the larger problem and, in fact, can make it worse by generating a denial of service attack on oneself. These threat actors have already accomplished a top objective—getting in—and will come back more robustly in the future. The answer lies in creating AI-enabled cyber defense solutions that waste the adversary’s time, anticipate their moves, increase their uncertainties, and leave them frustrated. 

BUILDING THE FOUNDATION FOR AI-ENABLED CYBERSECURITY

Companies like LookingGlass are laying the foundation for this now—and public sector partnership will be key to its success. For over a decade we’ve been working with government agencies to gain comprehensive views of their attack surfaces and understand threat actors’ tactics, techniques, and procedures. This information gives us an external view of the organization—what it looks like from the outside when a threat actor is trying to exploit vulnerabilities or find risks. This outside-in approach is one-half of the puzzle. An upcoming product we expect to launch in 2022 will map an organization’s internal network. Together, these solutions will provide complete visibility into an entity’s infrastructure.

By illuminating where threat actors could gain access (outside-in) and how they would move through internal networks (inside-out), we will have a comprehensive understanding of how an adversary might attack and where to apply machine learning defenses. Marrying these views will lay the foundation for AI-powered capabilities—and ultimately lead us to a more strategic and proactive way to secure government, businesses, and infrastructure. We’re innovating at the intersection of man and machine—moving the human from their current tactical role to that of a strategic AI overlord with the ability to control the equivalent of millions of brilliant and adaptive cyber warriors.

WHAT DOES THAT MEAN FOR FEDERAL AGENCIES?

Government partnership has been critical to the success of our threat intelligence and adversary tracking products, scoutPRIME and scoutTHREAT, and we know the support of civil servants and federal agency officials will be even more crucial as we build out AI-enabled defenses, together.

Secure,connection,concept,with,safe,closed,padlock.,internet,technology,abstract.

Right now, we are in a transitional phase where we are going to see an increasing amount of human-machine teaming. That’s where humans, machines, and algorithms are going to work together to not only defend but pre-position to be able to shape the battlespace for an organization. 

In an AI-powered world, federal officials will become cyber orchestrators focusing on the strategy while the algorithm will be charged with executing the strategy. We will then see a gradual increase to the point where the algorithms—still by following human guidelines—will begin to operate more autonomously as the systems become more sophisticated. Though partners in the federal government will always be a vital part of the security equation, the gradual ramp up of machine learning will be crucial as threat actors are going to be using equally sophisticated algorithms to probe, attack, shape, and break apart brittleness in AI defenses.

Technological innovation is moving fast, and so are our adversaries. It’s time for government and industry to come together like never before—harnessing today’s most advanced technologies to get ahead of those who want to use them against us. We must continue to invest in cyber research and development, and double down on building and honing AI-powered solutions. The safety of our nation’s financial, economic, and national security interests depends on it.

If you’re interested in learning more about how LookingGlass can help your cyber team prepare for future security issues and leverage emerging technologies to supercharge your defenses, contact us today.