The Effects of Artificial Intelligence and Machine Learning on Cybersecurity
What are the key differences and synergies of Artificial Intelligence (AI), Machine Language (ML) and Cybersecurity (Cyber)? I recently participated in the Annual ISC2 Security Congress, where there was a huge buzz around these topics. With the exponential growth of data, projected by some national research organizations to grow by 10 to 1,000 times over the
next 12 to 18 months, coupled with an increased emphasis on proactive data-driven
analytics, these topics are hot and the market reflects it.
A leading market research organization projects a 300 percent growth in AI investment this coming year and the global AI market for cybersecurity is expected to grow to over $18 billion by 2023. Likewise, ML in cyber is projected to increase spending in big data processing, analytics and intelligence solutions to $96 billion by 2021. In addition, the overall global cyber market is projected to grow by nearly 70 percent, from $137 billion in 2017 to $232 billion over the next five years.
Additional cyber metrics, shared at the ISC2 conference, indicated that the current cyber workforce deficiencies, as documented in a recent survey, shows growth by roughly 50 percent to 1.8 million job vacancies globally by 2022. So, with these market and cyber workforce metrics as the impetus, I wanted to share some insights and perspectives gained to help our businesses understand these technologies and perhaps how to plan for appropriate application.
At the highest-level, AI and ML are clearly related, but are different things that are frequently confused and sometimes, possibly, intentionally muddled to capitalize on the marketing buzz. From a technology perspective, ML is in many ways foundational, or an enabler for AI. The term “ML” applies to a specific class of algorithms that are typically very efficient at crunching big data and decision support for solving tasks that are not pre-programmed into the algorithm’s logic. Whereas, AI is more broadly interpreted to apply to a group of technologies or capabilities that can assist computers to “make sense” of the data. AI can also be thought of as the process for making computers “intelligent,” while ML is the computational powerhouse that makes AI possible, and is more focused on teaching systems to learn on their own.
Systems that are designed to automatically improve, based upon the amount of data processed and the “experience” gained from that processing, are generally recognized as ML solutions. In traditional computational systems, the software running on the computer hardware would not “learn” and the system would not typically get smarter over time. When working with ML solutions, the software is “trained” and the system improves as the amount of data processed increases, thereby enabling the software to learn, make inferences, and make projections or “guesses” as to classification, next state or future scenario.
While ML seems to have addressed some low-hanging fruit in applications from thermostats to web browsers in our daily lives, there are some potentially profound implications for leveraging ML in cybersecurity. One of the best simple examples I’ve seen, regarding the application of ML in cyber deals with something most are familiar with – email spam filters. Traditional spam filters operate on a list of elements to block, such as IP addresses, URLs, email addresses, users, etc., or a “blacklist” of such items. Advanced, ML-driven spam filters learn from processing and apply analytical algorithms that compare known spam emails with validated addresses to identify characteristics that are more common with one category “spam” vs. the other “genuine” email addresses. The ML process of applying inference algorithms to categorize email as spam vs. genuine is known as the ML technique of “classification.” Another popular ML technique is that of “forecasting,” which makes data projections or predictions, based upon analysis of historical data and “past performance.”
In either ML scenario described above or any relevant AI solutions, cyber is the beneficiary. Of these two capabilities, ML is increasingly recognized as the fastest growing segment of cyber, which is already taking huge advantage of it. ML is the secret sauce behind most of the current capabilities touting “behavioral analytics.” It is widely believed that ML technologies, including continuous retraining and unsupervised learning, will help keep organizations ahead of most hackers and cybercriminals. And, while “true” AI existence may be disputed, both AI and ML are contributing to freeing up time for cybersecurity teams, from the challenges of big data analytics, to focus more on applying creativity, that humans are best at, and doing predictive analytics.
Regardless of your perspective on AI and ML, one thing is for sure … the work approach and culture will change. As humans, we tend to try and reduce the amount of data to make sense from it, for cyber or other applications, whereas, AI and ML tools tend to thrive and need more data to “learn” and “make decisions” based on their discoveries in the data. AI and ML solutions also can induce culture change by sifting through not just samples, but all of the data available. This can enable insights into specific user behaviors to flag both anomalous cyber activities and policy violations, which can be used to help people learn new policies and procedures, thereby inducing culture change as well. Once again, the only thing that is clear and consistent in the future is, of course, change. Be prepared, be flexible and embrace the change! I95
Audie E. Hittle, CISSP, is the Chief Cybersecurity Innovation Officer (CCIO) for Integrity Applications Incorporated (IAI). His leadership spans more than 15 years of corporate experience plus a 22-year USAF information technology-focused C4ISR career, nationally recognized government-industry collaboration across federal civilian, defense and intelligence agencies, and technical staff experience at MIT Lincoln Laboratory. As CCIO, Hittle partners with company leadership to identify, expand and enhance IAI’s cybersecurity offerings for commercial and government customers.