Hackers, Drug Lords and Killer Bots: Why AI in Cybersecurity Is the Last Line of Defence

07. February 2018 Cyber, Transportation 0
Hackers, Drug Lords and Killer Bots: Why AI in Cybersecurity Is the Last Line of Defence

Cyberattacks on airports, ports, pipelines and hospitals are no longer hypothetical. The question is whether artificial intelligence can stop them.

The Mafia Hacked a Port. And Got Away with It.

It sounds like a heist film. But it happened.

Transnational criminal organizations, working in coordination with elements of the Mafia, hacked the computer systems of the Port of Antwerp. Their goal was precise: obtain the exact location and security details of shipping containers storing billions of dollars worth of illegal drugs they had already smuggled into the country. Once they had that intelligence, they moved in and walked the containers out. The operation was only uncovered as a result of the Silk Road Bitcoin takedown in the US, which pulled back the curtain on the extent to which organized crime was using the DarkNet to traffic drugs globally, with Bitcoin as the payment rail. Europol confirmed the details.

The port hack is not an isolated incident. It is a window into a much larger and more dangerous reality: critical infrastructure around the world is vulnerable, the attacks are escalating, and the consequences can be catastrophic. Cybercrime now costs the global economy US$445 billion annually. Nearly 178 million personal records were exposed in data breaches in 2015 alone, including records from the Department of Homeland Security and the FBI. The Department of Homeland Security reported a 383% increase in cyberattacks against critical infrastructure.

AI and machine learning are increasingly the primary line of defence. And the race is on.

Ships, Yachts and Phantom Vessels

The shipping sector is more exposed than most people realize. Researchers have shown how the Automatic Identification System, the global system that identifies and tracks ships in real time, can be broken into through ISPs to alter AIS data. An attacker can change the position, course, cargo or flag of any vessel in the system. The implications are stark: a ship with dangerous cargo could be made to falsely appear off the coast of the US. False weather data can be pushed to a ship to alter its route. Or the AIS channel can simply be flooded with traffic, blocking communications from marine authorities and other vessels entirely.

It gets more personal. Researchers have managed to use GPS equipment to take over the navigation systems of large ships in the Mediterranean. In 2013, University of Texas students proved the point by spoofing an 80 million dollar, 213-foot yacht off its course using false GPS signals, gaining full control of the vessel’s receiver without the crew detecting the intrusion. The security of prominent persons at sea is, it turns out, far more precarious than anyone has publicly acknowledged.

Aviation: The System Is Not as Secure as You Think

The aviation industry depends on one of the world’s most complex and integrated technological systems, and it is increasingly at risk. Air traffic control systems are especially susceptible because parts of the system are unencrypted, unauthenticated and can be circumvented by a smartphone. Experts say it is theoretically possible to take over an airplane’s flight and communications system with a smartphone to change its heading and speed, although no known instances have been publicly confirmed.

The consequences of exploiting aviation vulnerabilities can be fatal. The 2008 Spanair crash that killed 154 people was caused by a Trojan horse that infected the central computer system used for monitoring technical problems on board. In April 2013, hackers broke into the Dubai International Airport website and leaked the email addresses and passwords of airport employees. Airports’ private wifi networks used for baggage tracking and passenger ticketing remain vulnerable to intrusion.

Critical Infrastructure Attacks Are Terrorism. Most People Do Not Know That.

The importance of the threat cannot be overstated. When cyberattacks target critical infrastructure for ideological purposes, they constitute terrorism under the law. Yet they routinely go unnoticed, unreported and uninvestigated because managers of critical infrastructure are unfamiliar with terrorism statutes. When those managers pay Bitcoin ransoms to attackers who are, in fact, terrorist organizations, they are unwittingly committing terrorist financing. The legal exposure is significant. The awareness is almost nonexistent.

The sectors of critical infrastructure most vulnerable to cyberattacks are airports, oil and gas pipelines and hospitals. The frequency and complexity of attacks is growing and has reached the point where AI is no longer optional for defence. It is necessary.

How Machine Learning Fights Back

In 2016, US$3.1 billion was invested in 279 cybersecurity startups, with those specializing in AI and machine learning attracting the top investments. Machine learning in cybersecurity is projected to drive spending in big data intelligence and analytics to as much as US$96 billion by 2021.

A key advantage of machine learning is scale. Developers can conduct predictive testing against cyberattackers using machine learning the same way an attacker might, canvassing threats on a scale no human team could match. AI learns patterns, identifies deviations and saves critical time by analyzing vast amounts of data quickly. Predictive AI gives security teams the edge needed to stop threats before they cause damage rather than responding after the fact.

There is, however, an honest caveat. AI cannot currently function without human oversight because it generates too many false positives and allows too many real threats to slip through. It may be at least three years before AI can lead cybersecurity decisions autonomously. For now, the model is human and machine working together, with AI doing the heavy lifting on volume and pattern detection, and humans making the final calls.

Who Is Building the Defence

In the startup space, US-based Tanium develops a cybersecurity management system to assess and display the security status of Internet-connected devices for enterprises and institutions. In the UK, Darktrace uses machine learning algorithms to spot patterns and identify potential cyber threats across energy, manufacturing, retail and transportation. Comae, a UAE-based AI-powered cybersecurity provider, develops endpoint detection and response software to identify threats in business applications.

MIT’s Computer Science and Artificial Intelligence Lab is developing a cybersecurity platform using machine learning and human analysts working together to flag threats. The goal: reduce the daily review burden for analysts from tens of thousands of items to as few as 100 to 200, dramatically improving response time and accuracy.

The US Government Is Taking This Seriously

The US Department of Defence views AI and autonomous robotic systems as a crucial part of national defence strategy and is designing AI-based cybersecurity software to detect and respond to threats faster than any human could. The Pentagon’s Fort Gordon, home of the Army’s Cyber Command Center, has a training institution for cyberspace operations. Its Cyber Command Center and Cyber Center of Excellence will employ more than 1,200 people by 2020 to monitor threats, develop cyberspace capabilities, defend against cyberattacks and support combat units.

The scale of investment, from venture capital to the Pentagon, reflects a simple and uncomfortable truth: the attacks are not slowing down, and human defenders alone are not enough. AI is not a silver bullet. But without it, critical infrastructure has no credible defence at all.

Bibliography

Barlow, Caleb. “Artificial Intelligence Makes Cybersecurity the Ideal Field for ‘New Collar’ Jobs.” The Hill, March 22, 2017.

Bing, Chris. “While Startups Cashed In, Total Cybersecurity Venture Funding Fell in 2016.” Cyberscoop, February 9, 2017.

Cain Johnson, Bianca. “Ground Broken on New Cyber Command Headquarters at Fort Gordon.” The Augusta Chronicle, November 29, 2016.

Carey, Scott. “UK AI Startups to Watch: The Hottest Machine Learning Startups in the UK.” Tech World, January 19, 2017.

Correa, Danielle. “Carbon Black Warns That Artificial Intelligence Is Not a Silver Bullet.” SC Magazine, March 28, 2017.

Duhaime, Christine. “Potential Liability over Terrorist Attacks on Critical Infrastructure.” Duhaime’s Financial Crime Law, December 13, 2013.

E Hacking News. “Dubai International Airport Website Hacked by Portugal Cyber Army.” April 19, 2013.

Gent, Edd. “Battle of the Bots: How AI Is Taking Over the World of Cybersecurity.” November 9, 2016.

Gershgorn, Dave. “The US Government Seriously Wants to Weaponize Artificial Intelligence.” Quartz, August 26, 2016.

Hariharan, Sindhu. “Digital Detectives: UAE-Based Startup Comae Technologies.” Entrepreneur, November 22, 2016.

Ismail, Nick. “The Role of AI in Cyber Security.” Information Age, April 19, 2017.

Lev-Ram, Michal. “Palantir Connects the Dots with Big Data.” Fortune, March 9, 2016.

Magee, Tamlin. “Machine Learning in Cybersecurity: What Is It and What Do You Need to Know?” Computer World UK, February 10, 2017.

Meredith, Leslie. “Malware Implicated in Fatal Spanair Plane Crash.” NBC News, August 20, 2010.

Saeed, Hira. “AI and Cybersecurity Will Be More Important Than Ever in 2017.” VentureBeat, December 27, 2016.

UT News. “UT Austin Researchers Successfully Spoof an $80 Million Yacht at Sea.” University of Texas at Austin, July 29, 2013.