How artificial intelligence plays a role in cybersecurity for critical infrastructure

How artificial intelligence plays a role in cybersecurity for critical infrastructure

Given the global importance of cybersecurity and the daily occurrences of cyberattacks, AI and machine learning play an increasingly important role in cybersecurity. In due course, we will see AI being employed as the main defensive strategy to combat cyberattacks. Cyberattacks represent the biggest threat to businesses, governments and institutions, with cybercrime costing the global economy US$445 billion annually. Nearly 178 million personal records were exposed in data breaches in 2015, including records from the Department of Homeland Security and the FBI.

In 2016, US$3.1 billion was invested in 279 cybersecurity startups, and those that specialize in AI and machine learning were the top investments. Machine learning in cybersecurity will boost spending in big data intelligence and analytics, reaching as much as US$96 billion by 2021. Prospective buyers are from industries that are especially vulnerable to cyberattacks such as government, defence or banking, where there is either a strong interest in using machine learning for threat detection by analyzing data at scale or legal requirements to protect personal data. Sectors of critical infrastructure most vulnerable to cyberattacks are airports, oil and gas pipelines and hospitals.

The importance of both the threats of cyberattacks, and its attendant economic and commercial damage, particularly where it involves extortion demands for anonymous payments of Bitcoin, cannot be underestimated. When cyberattacks involve critical infrastructure, they threaten international security and democratic institutions. They also threaten the rule of law and in cases where cyberattacks are undertaken to critical infrastructure for ideological purposes, they constitute terrorism. Often threats of terrorism from cyberattacks go unnoticed, unreported and uninvestigated because managers of critical infrastructure are unfamiliar with terrorism laws and when they pay ransoms in Bitcoin from cybersecurity attacks that are terrorist based, they are unwittingly engaging in terrorist financing.

The Department of Homeland Security reported a 383% increase in cyberattacks against critical infrastructure. The frequency and complexity of cyberattacks in critical infrastructure systems is growing and has reached the point where AI is needed for defence of critical infrastructure systems to protect the public from harm.

Aviation is a case in point. The aviation industry depends on one of the world’s most complex and integrated technological systems to function and it is increasingly at risk from threats because of the interconnected and interdependent character of the world of commercial aviation. Air traffic control systems are especially susceptible to exploitation because experts say parts of the system are unencrypted, unauthenticated and can be circumvented by smartphones. Experts also say it is possible to take over an airplane’s flight and communications system with a smartphone to change the heading and speed of an airplane, although there are no known instances of this occurring or of it being made public.

Vulnerabilities in aviation that are exploited can have devastating effects. The 2008 Spanair crash that killed 154 people was caused by a Trojan horse that infected the central computer system used for monitoring technical problems in airplanes. In April 2013, hackers broke into the Dubai International Airport website and leaked email addresses and passwords of airport employees. Wifi networks pose additional risks. Airports provide Internet access on private wifi networks for baggage tracking and passenger ticketing which are vulnerable to threats.

The threats are not just in aviation. The shipping sector is also vulnerable. Researchers have shown how the Automatic Identification System, the global system that identifies and tracks ships in real time, can be broken into through ISPs to alter the AIS data to change ship information being disseminated, such as the position, course, cargo on a ship or its flag, and could be used to falsify information (e.g., an Iranian ship with nuclear cargo ostensibly appearing in AIS off the coast of the US). According to hacking researchers, flaws in the AIS system can also be exploited to send false weather information to a ship (e.g., storm approaching) to route around or cause ships to transmit AIS traffic much more frequently, flooding the channel and blocking communications from marine authorities and other vessels in range. Bad actors could exploit these vulnerabilities, leading to serious consequences.

Researchers have managed to use GPS equipment to take control of the navigation systems of large ships in the Mediterranean. In 2013, university students discovered they could coerce a 213-foot yacht off its course using GPS. The students spoofed the yacht by creating false GPS signals to gain control of the yacht’s GPS receiver. The issue with gaining control of planes or ships is not only one of international safety but an issue of the security of prominent persons who are at their most vulnerable when in the air or at sea.

Cybersecurity is particularly attractive to transnational criminal organizations, including the Mafia. Europol discovered that transnational criminal organizations hacked the systems of the Antwerp Port to obtain the location and security details of certain containers that were storing billions of dollars worth of illegal drugs that the Mafia had smuggled into the country, allowing them to move in and steal those containers from the Port with the illicit drugs inside. The operation was only uncovered from the Silk Road Bitcoin takedown in the US that revealed the extent to which transnational criminal organizations used the Silk Road to traffic illegal drugs on the DarkNet on a global scale, facilitated by Bitcoin payments.

Companies are using more sophisticated machine learning models to guard against more sophisticated threats. A key advantage of machine learning is scale because developers can do predictive testing against cyberattackers using machine learning the same way an attacker may, so as to canvas potential threats on a scale that humans alone cannot. AI can be utilized to learn patterns and identify deviations. As well, AI is important to save critical time by analyzing vast amounts of data quickly and comprehensively. However, one limitation of AI for cybersecurity is that it cannot generally function without human oversight because the technology detects too many false positives and allows too many threats to slip under the radar. And at the moment, AI and machine learning are unable to replace human decision-making to protect corporations from cyberattacks and it may be at least 3 years before AI can lead cybersecurity decisions.

Predictive AI can give security teams an edge needed to stop threats before they become an issue rather than afterward. In due course, the cybersecurity industry will have to determine the balance between supervised and unsupervised machine learning and define data formats and flows so that AI systems are adequately able to monitor operations of corporate systems on their own.

In the startup space, US-based Tanium develops a cybersecurity management system to assess and display the security status of Internet-connected devices for institutions and enterprise. In the UK, Darktrace uses machine learning algorithms to spot patterns and identify potential cyber criminality in certain sectors, including energy, manufacturing, retail and transportation. Comae, a UAE-based cybersecurity solutions provider powered by AI, develops endpoint detection and response software to identify threats for business applications.

MIT’s Computer Science and Artificial Intelligence Lab is developing a cybersecurity platform that uses machine learning with the help of analysts to review data and flag cybersecurity threats which eventually may mean that analysts only have to view 100-200 items per day, compared to the tens of thousands of items that cybersecurity analysts typically deal with on a daily basis.

In the public sector, one of the biggest players in the AI space for cybersecurity is the US government.The US Department of Defence views AI and autonomous robotic systems as a crucial part of its national defence strategy and is designing AI-based cybersecurity software to detect and respond to threats quicker than is humanly possible.

The Pentagon’s Fort Gordon, the Army’s Cyber Command Center, has a training institution for cyberspace operations. Its Cyber Command Center and Cyber Center of Excellence will employ more than 1,200 people by 2020 to monitor threats, develop cyberspace capabilities, defend against cyberattacks and support combat units.

The Digital Finance Institute wrote and published a Report on Commercial AI (available here) that canvassed the pulse of AI from media stories and academic reports, covering various sectors of the economy. This article covers the Cyber Security portion of the Report.

[1] Caleb Barlow, The Hill, “Artificial intelligence makes cybersecurity the ideal field for ‘new collar’ jobs,” March 22, 2017.

[2] Hira Saeed, Venture Beat, “AI and cybersecurity will be more important than ever in 2017,” December 27, 2016.

[3] Chris Bing, Cyberscoop, “While startups cashed in, total cybersecurity venture funding fell in 2016,” February 9, 2017.

[4] Tamlin Magee, Computer World UK, “Machine learning in cybersecurity: what is it and what do you need to know?,” February 10, 2017.

[5] Christine Duhaime, Duhaime’s Financial Crime Law, “Potential liability over terrorist attacks on critical infrastructure,”December 13, 2013.

[6] Leslie Meredith, NBC News, “Malware implicated in fatal Spanair plane crash,” August 20, 2010.

[7] E Hacking News, “Dubai International Airport website hacked by Portugal Cyber Army,” April 19, 2013.

[8] UT News, “UT Austin researchers successfully spoof an $80 million yacht at sea,” July 29, 2013.

[9] Tamlin Magee, Computer World UK, “Machine learning in cybersecurity: what is it and what do you need to know?,” February 10, 2017.

[10] Hira Saeed, Venture Beat, “AI and cybersecurity will be more important than ever in 2017,” December 27, 2016.

[11] Edd Gent, “Battle of the Bots: How AI is Taking Over the World of Cybersecurity,” November 9, 2016.

[12] Danielle Correa, SC Magazine, “Carbon Black warns that artificial intelligence is not a silver bullet,” March 28, 2017.

[13] Nick Ismail, Information Age, “The role of AI in cyber security,” April 19, 2017.

[14] Michal Lev-Ram, Fortune, “Palantir Connects the Dots with Big Data,” March 9, 2016.

[15] Scott Carey, Tech World, “UK AI startups to watch: the hottest machine learning startups in the UK,” January 19, 2017.

[16] Sindhu Hariharan, Entrepreneur, “Digital Detectives: UAE-Based Startup Comae Technologies,” November 22, 2016.

[17] Dave Gershgorn, Quartz, “The US government seriously wants to weaponize artificial intelligence,” August 26, 2016.

[18] Bianca Cain Johnson, The Augusta Chronicle, “Ground broken on new cyber command headquarters at Fort Gordon,” November 29, 2016.

51,021 thoughts on “How artificial intelligence plays a role in cybersecurity for critical infrastructure”