There's a machine learning arms race taking place between system defenders and hackers, and the advantage boils down to which side has the most training data, according to Jason Matheny, director of Intelligence Advanced Research Projects Activity at the Office of the Director of National Intelligence (DNI), speaking at The Washington Post's Cyber 202 Live event in Washington Friday. If big tech pooled all the data it had on cyberattacks, however, it would have a data set greater than that of any attacker’s.
Despite the clear advantages of pooling resources and combining intel to fight threats, these practices lag. But countering the force of malicious actors will demand cooperation between the enterprise, the government and the American people, said Tonya Ugoretz, director of the DNI's Cyber Threat Intelligence Integration Center (CTIIC), speaking at the event.
Without a concerted and full government effort, the cybersecurity landscape is only going to get worse. "America's in a cyber war, most Americans don't know it, and I am not convinced we're winning," said Mike Rogers, former chairman of the House Intelligence Committee and host of "Declassified" and national security commentator on CNN, speaking at the event.
Integrity of data is critical to develop AI algorithms and automation tools that counter threats effectively; one need only look so far as Norman, the world's "first psychopath AI" created by MIT researchers, to see the consequences of what bad data can do, Elizabeth Joyce, VP and CISO of Hewlett Packard Enterprise, told the Cyber 202 audience.
Companies have to figure out how to protect their data and intellectual property with security controls and processes, said Antonio Neri, president and CEO of HPE, speaking at the event. But with the extension of a company's networks from the cloud to the intelligent edge, this is more difficult than ever.
There are 3 forms of protection: protection of the core, detection and recovery, according to Neri. Encryption, analyzing user activity, coordinating action between the security team and business team, and utilizing embedded technologies like AI are all key pieces of building out a security system that serves the business' mission.
Along with increasing scale and speed of attacks, the pool of malicious actors has expanded over the last several years, Joyce said. Nation states, hacktivists and for-profit attackers pelter businesses from all directions.
At the federal level, agencies like CTIIC promote interagency collaboration, information sharing and support. CTIIC famously attributed the WannaCry attack to North Korea after compiling and analyzing data from the intelligence community and private sector, according to Ugoretz.
But starting with the basics — semantics and clarity of mission — will be important when handling cybersecurity issues. For example, the National Protection and Programs Directorate leads the Department of Homeland Security's efforts to protect physical and cyber infrastructure. But offering $5 to anyone in the audience who knows what "NPPD" stands for, the department's undersecretary Christopher Krebs noted that it sounds like "a Soviet-era intelligence agency."
The NPPD is waiting on a hung-up bill that would change the segment's name to the Cybersecurity and Infrastructure Security Agency, he said. Clearly conveying function will move cybersecurity to the front of conversations, figuratively and literally.