Cyber Network, Heal Thyself
Rather than people finding and fixing problems, computers might do it.
Society’s insatiable appetite for connecting objects in the physical world to the Internet has industry’s wheels turning to fuel the materializing disruptive ecosystem called the Internet of Things, or IoT. But the good of convenience goes hand in hand with the bad of cyber risks, experts warn, spurring the U.S. government’s search for the self-healing networks of the future based on the automation tools of today.
Consumers globally are expected to use 28.4 billion connected devices this year, all with some form of networking capability. The deluge of data shaking up governments and businesses has prompted their somewhat frenetic search for solutions to manage system functions better and secure networks without hindering innovation.
“Three major, irreversible thrusts are driving this massive investment: pervasive, cheap and tiny sensors; decreasing compute and storage costs; and ubiquitous connectivity,” says Steven Sarnecki, vice president of federal and public sector at OSIsoft in San Leandro, California. “With this massive growth in all forms of connectivity comes a corresponding increase in threat levels as networks’ IoT ecosystems expand. For federal agencies, this means more attention needs to be paid to these connected devices if we are going to spot problems in real time that indicate attacks.”
A bit of irony comes into play as some of the answers to securing the IoT environment can be found within the IoT environment, Sarnecki says. The methods used to inspect, manage and optimize a staggering volume of data across networks are the same processes developers can leverage to repair a system after a breach, he points out. Still, agencies will require tools that not only continuously monitor data but also log the results in perpetuity for future comparison and analysis. “Doing so allows us to create a baseline performance metric against which the real-time data can be compared. Many tools are available that do variations of this, but not all do it well,” Sarnecki says.
Over the past few decades, agencies have met their network needs with products and services from multiple vendors and even technological eras, he notes. The practice has created a patchwork system that makes connecting sensors and devices especially challenging. “Due to the number of devices on a network, having full situational awareness across operations is critical,” Sarnecki says. “Having software that pulls and records data in real time for 10,000 assets scattered across your network is just the start. That data is only useful if you are able to analyze it efficiently—and in the ways you need.”
Governments seek analytic and software tools that not only make networks more efficient but also spot errant behavior, send breach alerts and purge threats in real time before much harm can be done. “Agencies’ missions take place in real time. That is true whether you are in charge of power plant operations at a military installation or ship, or in a [sensitive compartmented information facility] overseeing theater-level warfare,” Sarnecki says. “As you can imagine, the ability to spot and react to changes in a network must not only happen in real time but also be anticipative. Through a collection of analytics, network data dissemination, visual monitors and automated notifications, agencies can ensure the right data is in the right hands, and the data they are viewing is the accurate view of their network’s current activity.”
For Sarnecki, the results speak for themselves. He cites the effects of OSIsoft’s real-time data management software called the PI System. “With almost four decades of providing the PI System to the most critical mission facilities around the world, we’ve found that global [information technology] and facility managers are able to develop more pinpointed, anticipatory and effective procedures,” he says.
Several efforts to harness tools to identify and react to network changes are afoot within the Defense Department. The Defense Information Systems Agency (DISA) is considering a redesign of its Defense Information Systems Network so that it can instantly spot a cyber breach and, if necessary, self-heal in real time to prevent any system outages, said DISA’s chief information officer, David Bennett, earlier this year.
Additionally, the Defense Advanced Research Projects Agency (DARPA) set out to develop self-healing networks with its first Cyber Grand Challenge, a competition last summer to create fully automated, scalable, machine-speed network defense systems. Seven teams of top security researchers and hackers competed against each other to find and patch network vulnerabilities using sophisticated bug-hunting systems. “Today, the process of finding and countering bugs, hacks and other cyber infection vectors is still effectively artisanal,” the agency said in its appeal to industry and academia. “Professional bug hunters, security coders and other security pros work tremendous hours, searching millions of lines of code to find and fix vulnerabilities that could be taken advantage of by users with ulterior motives.”
Developing self-healing networks is not as daunting as it might appear at first, contends Judson Walker, systems engineering director at Brocade Communications Systems. Although information technology experts must create a new network management paradigm built around the IoT—one that is just as dynamic and adjustable as the emerging ecosystem—the foundation, as Sarnecki has stated, already exists. “There is a platform in place that can help steer architects in the right direction,” Walker says. Solutions lie in clearly defined software and application program interface frameworks that centralize control over devices and provide the ability to change multiple IoT sensors simultaneously with minimal instructions or keystrokes.
In addition, the effects of the IoT—the sheer volume of data it generates and the constant connectivity—provide administrators unprecedented microlevel system awareness. Getting a handle on the avalanche of information has contributed to the huge push toward machine learning, or artificial intelligence (AI), Walker says. “That is kind of the nirvana,” he says of AI. “We are now seeing the development of algorithms that can be integrated into networking and sensor components that basically takes a more dynamic look at the information exchange, can understand what the current state is, immediately recognize deviation … and then make decisions on how that data needs to be modified.”
Gone is the human from the decision-making loop—and not a moment too soon. “The human intervention piece is more of a hinderance than a help,” Walker surmises. “We just can’t react fast enough. We need machines to instantaneously recognize when something is inappropriate [in the network] and then self-correct just as fast.”
The technology to do this exists, he continues. It is trust that is lacking. Administrators will have to learn to put faith in their expertise as well as the machines. “That’s the chasm,” Walker says. “Trust is going to be the hard hurdle to get over. We’re integrating machine-learning algorithms into the environment and trusting that those devices are going to make the right decision at the right time.”