Awaiting an Autonomous Cyber-defense System

The internet of things is the phrase coined to describe the move to make all type of things in our daily lives digital. CybercrimeThe possibilities are endless and expanding fast. Digitized items span every area of our lives, even roads and farm fields are being upgraded with digital sensors. According to the research firm, Gartner, by 2020, the internet of things will reach 20.8 billion.

The world could be see this as a hopeful outlook in that the internet of things will be an enabling technology that will help make the people and physical systems of the world — health care, food production, transportation, energy consumption — smarter and more efficient.

On the other hand, hackers will have another playground to explore and users will also have to enhance their protection systems to avoid intrusions, if they are even aware of the dangers. Michael Walker, a program manager and computer security expert at the Pentagon’s advanced research arm says, “If we want to put networked technologies into more and more things, we also have to find a way to make them safer,” said Michael Walker, “It’s a challenge for civilization.”

One encouraging fact is that work on the way started by the Defense Advanced Research Projects Agency (Darpa) who created a contest with millions of dollars in prize money, called the Cyber Grand Challenge, To win, contestants would have to create automated digital defense systems that could identify and fix software vulnerabilities on their own — essentially smart software robots as sentinels for digital security.

The attack on the East Coast last week that took down the Dyn servers, is a reminder of the urgent need for such sentinel systems that can protect and prevent such intrusions. Level 3 researchers working with Flashpoint, found as many as one million devices, mainly security cameras and video recorders, had been harnesses for so called botnet attacks. They called it “a drastic shift” towards using the internet-of things devices as hosts for attacks instead of traditional hosts, like the one that hijacked data center computers and computer routers in homes.

Darpa held a contest in 2013 that offered a challenging computer security contest similar to the contest served to jumpstart the development of self-driving cars which is in fact becoming a reality. The project showed how machine automation and human expertise could be efficiently combined in cyber security.

In the security industry discussions abound about “self-healing systems”. The new competition offered a human hands-off approach in which software would find and exploit flaws in the opponent’s software, scan networks to find incoming assaults and write code to tighten defenses. The winners succeeded in integrating different software techniques in unprecedented ways into automated “cybersecurity systems”. The contest was conducted in an enclosed walled off environment and not on the internet. The scientists agreed that further development was needed for the technology to be broadly used on commercial networks and the open internet.

Smart OfficeAs David Melski, captain of the second-place team whose members came from the University of Virginia and a spinoff start-up from Cornell University, GrammaTech, where Mr. Melski heads research said, “This was a demonstration that automated cyberdefense is mature enough, and it’s coming,”

The first-place team, which won $2 million, was a group from ForAllSecure, a spinoff from Carnegie Mellon University. Hours after the Darpa contest, its cyber-reasoning software, called Mayhem, went up against the best human teams at Defcon, an annual hacking competition.

In that three-day contest, Mayhem, the first place team, held its own for two days and proved itself to be extremely strong on defense. But by the third day, the human experts had come up with more innovative exploits than Mayhem, said David Brumley, a professor at Carnegie Mellon and chief executive of ForAllSecure.

Humans are still better than computers at understanding context — and security is so often defined by context. For example, you do want to broadcast your GPS location data to friends in a social app like Glympse; you do not want a program sending out location data if you’re in a battlefield tank.

“In the real world,” Mr. Shoshitaishvili, a Ph.D. candidate who led the third-place team, a group from the University of California, Santa Barbara said, “humans can assist these automated systems. That’s the path ahead.”

To those shaken by the outage last week of Netflix, Amazon , and others , there is hope for the world that we will be protected against unwanted intrusions that could have devastating effects on our lives. This research will definitely continue and we can feel assured that our lives will be more secure. If you find this information encouraging and support this progress please leave a comment.

Leave a Reply