Cyber Constructs for an Emerging World
Bhavani Thuraisingham, the Founders Chair professor of Computer Science at the University of Texas at Dallas, is conducting necessary research into advanced artificial intelligence (AI) and machine learning to protect against future adversarial attacks. About 50% of the cyber pioneer’s work is focused on trustworthy machine learning, developing constructs to verify if an AI application can be relied upon.
“We are applying data science, machine learning and AI to lots of problems, including cybersecurity,” Thuraisingham said. “AI is being used in almost everything, healthcare, finance, manufacturing, the Internet and transportation, almost every aspect of our lives. What happens if these AI and machine learning techniques get attacked? That's a very real possibility, and so, imagine the consequences.”
That area of computer science research is somewhat new, she said, “and the challenges are so huge.” Researchers at Cambridge University in the United Kingdom are looking into trustworthy AI to develop a formal identification approach for machine learning. In the United States, the discipline also is starting to pick up with researchers, Thuraisingham shared.
Another burgeoning area of cyber development is the examination of adversarial machine learning techniques. Cyber marauders are already studying our AI models and our data to find techniques with which to attack through machine learning, she warned.
“So, we are trying to look at what the adversaries are up to and then trying to court the adversary,” Thuraisingham explained. “It's becoming a certain gameplay between the U.S. and the adversary. We are modifying the machine learning algorithms so that the adversary cannot figure out what we're doing.”
Nancy Patel, vice president of Public Sector at ImmutaData, raised concerns about how the evolving capabilities of adversarial AI could be incorporated into existing cyber constructs. “How do we make sure that what we understand about adversaries and their approach is efficiently fed back into what we're building as protections, or into risk management,” she said.
Quantum computing is already on the minds of Air Force leaders, according to Wanda Jones-Heath, Senior Executive Service, principal cyber advisor, Department of the Air Force. The advent of such powerful computers puts at risk current cryptographic protections. “Crypto-modification will happen in our lifetime,” Jones-Heath noted. “We are focusing on that too because we know it is going to be a huge impact on the way we do business.”
To strengthen its cyber defensive posture and prepare for more operations in the U.S. Indo-Pacific Command’s (INDOPACOM) area of responsibility, the service’s principal cyber advisor created a task force earlier this year to examine the cyber vulnerabilities of Air Force systems located in the region. “From January to March, in a four-month sprint, we looked at our assets that we need in INDOPACOM, and we looked at assets at the Pacific bases,” Jones-Heath explained. “We found a lot of challenges and presented it all back to the commanders, and we are doing a lot of analysis going through it all.”
In addition, the National Security Agency (NSA) and the National Air and Space Intelligence Center, or NASIC, are working with the service to understand the Air Force’s current cyber gaps in the region to get “that picture and really understand what the adversary can do to us,” she stated. The plan, at least partially, is to build more sensors into its weapons systems.
“It is how do we fix the gaps, whether it's technology that we need money for or whether it's adding some different types of sensors to the weapons.”
Moreover, the Air Force’s principal cyber advisor is looking past our near-peer adversaries to discern other cyber and space threats. “Everyone is focusing on China and Russia, but we have multiple adversaries, whether they're individuals or state-sponsored actors, and we have to understand what they're doing,” Jones-Heath said. "We spend a lot of time with the NSA and NASIC and other intelligence agencies. And one area we are certainly getting more focused on is space and understanding how space assets are being used by the adversary. We've never talked about that a lot before.”
Industry and government have to be frank about what is realistic, given budget constraints. It is a real issue. And we have to be realistic on what we can do and what we can’t do and not overpromise.
Meanwhile, the Navy’s cyber defense leader, Capt. Christina Hicks, commanding officer, Cyber Defense Operations Command, has seen early success in leveraging the security tools of Microsoft 365 Defender. “What we found was that it was transformative in how we executed defensive cyberspace operations for the Navy,” Capt. Hicks stated. “We essentially went from 170-plus sensors across all of our Navy networks and by turning on the Microsoft endpoint detection on all of our endpoints, we now can see half a million sensors and counting as that number just continues to grow. It's just opened the aperture for us to get to all that monitoring capability.
On top of that, the Navy is building an asset awareness map, which is greatly decreasing its cyber defense response times. “Each of those nodes or endpoints maps back to the cloud, and now you get an IP [Internet Protocol] address for every one of those, and now all of a sudden we know specifically where an endpoint is geographically linked to whatever command,” Capt. Hicks said. “Before, that whole process could take up to weeks just to respond to an alert. Now with this endpoint detection capability, we can reach out within seconds.”
As far as the industry’s contribution to cyber solutions, Victoria Washington, CEO of Vision IT, emphasized that not only does the government have to be frank about its financial limits and technology needs, but the private sector must be straightforward about its specific capabilities. “We have to have the discussion,” she emphasized. “Industry and government have to be frank about what is realistic, given budget constraints. It is a real issue. And we have to be realistic on what we can do and what we can’t do and not overpromise.”
The cyber experts spoke on August 17 as part of a senior cyber leaders’ panel at AFCEA International’s TechNet Augusta conference. At its major conferences, the organization features such panels of cyber leaders, with the next panel presenting at TechNet Indo-Pacific in Hawaii in November.