13 March 2017

The threat of weaponized machines

By: Mark Pomerleau,
While government and military leaders have incessantly been asking industry for more automation in cyber network defense tools, some are also warning of the increased threat automation is posing on the offensive side.

Vice Adm. Michael Gilday, commander of the Navy’s 10 th Fleet and Fleet Cyber Command, pointed out capabilities of the Russians along with the Mirai botnet and associated arms race that’s going on, that the degree of automation and offensive automation is spiraling. As such, the ability to defend against an adversary that’s using automated means and artificial intelligence is becoming more and more difficult, he said Feb. 21 at the AFCEA-UNSI West 2017 conference in San Diego, California.

“With the increasing automation, [adversaries are] using elements of [artificial intelligence]…to enhance the offensive,” he told reporters following his keynote address. “If you’re going to use automation in the defensive, you’re sure as heck going to use it in the offensive.”

“In my view, over the last few years, automation and use of it in cyber defense has been improving but nowhere near fast enough,” Neal Ziring, technical director for the NSA’s capabilities directorate said during a November panel address. “In fact, I would say, at least in what I’ve been able to observe, that use of automation amongst our adversaries and the threat actors is improving faster. That’s not a winning formula for us.”

Despite the warnings of these threats. generally many – both in government and in the private threat detection and security sector – are apprehensive to discuss specifics. “I can’t talk about that one. It tends to stray to the classified realm,” Giorgio Bertoli, senior science and technology manager, Intelligence and Information Warfare Directorate at the Communications-Electronics Research, Development and Engineering Center, told C4ISRNET in November regarding details on the use of offensive automation.

Ryan Gunst, program manager at Space and Naval Warfare Systems Command, highlighted the asymmetric challenge network defenders have in cyberspace during a November panel, pointing out that adversaries are using automation to get inside government networks, stringing together several capabilities to go after and exploit one vulnerability.

Defense becomes especially difficult particularly when adversaries begin to use AI on the offensive side, Gilday said, adding they can sense and learn from defensive systems and at network speed, adjust and get around them.

“I think it’s open to the mind’s eye in terms of the art of the possible. I think your limit is technology and your own creativity,” he continued. “I’m not saying all that exists now, I’m saying that is the trend – the degree of automation now, that is where the trend is taking us.”

Offensive cyber some day is going to be machine against machine, Gilday said, pointing to the Grand Cyber Challenge hosted by the Defense Advanced Research Projects Agency, noting “it was machine against machine.”

There are some things that can be automated and some that can’t, which is an important distinction, Bruce Schneier, a security technologist, told C4ISRNET. For example, he noted antivirus can’t be automated.

From an offensive cyber perspective, human cognition is needed to break into a network, which also can’t be automated. Certain automated elements such as worms and viruses – or automated hacking – are currently being defeated well for the most part, however, distributed denial of service attacks are not.

To get at specific vulnerabilities, tailoring particular exploits is necessary. As such, Schneier said things like Stuxnet will need to be highly designed and carefully staged, adding that the more sophisticated an attack, the more human control and design will be needed.

Once an attacker figures out how to attack a target, they can automate it make it faster, he added, but figuring that out will take humans.

Offensive automation can be used to merely probe a network for openings, low hanging fruit or simple mapping of a network once inside. While there is nothing new about automation or speeding up actions, which is essentially the reason for computers, it is hard to replicate the mindset of a hacker, Nicole Becher, Director of Cyber Operations at Fractal Industries, told C4ISRNET.

Often times, one does not know what they’ll find until they start digging around, she said. In that regard, automation could be used to map a network or probe for holes for which a human would need to develop an exploit for.

The use of these offensive automation tools also depends on what the actor wants to do, Becher, who is also a cybersecurity fellow at the New America Foundation, added. Things like botnets or spam are one type of offensive automation, but they are really only relegated to the criminal world, she said, noting that they might use these to pump out ransomware to as many potential targets as possible as a means of getting a high return on investment.

However, against a highly guarded target like DoD, there is not a tool a user can pull out of a box and hack DoD, she said.

Without being privy to government information, Becher noted that its possible actors are getting better at these tactics.

Cyber Command's operational cyber defense arm, Joint Force Headquarters-DoD Information Networks, declined to offer specific details on its defensive tactics against these types of threats citing security reasons.

"JFHQ-DoDIN is in constant contact with adversaries in cyberspace," a JFHQ-DoDIN spokesman told C4ISRNET in an emailed message. "JFHQ-DoDIN's strength lies in its mission to provide command and control, planning, direction, coordination, integration and synchronization of DoDIN operations and defensive cyberspace operations and internal defensive measures with more than 40 other DoD and government agencies. JFHQ-DoDIN's ability to provide deliberate and authoritative responses to cyber events ensures security, awareness and implementation of defensive measures across the DoDIN."

Ultimately, it’s possible operational and tactical operations could be farmed to automated tools, but Becher said, they would have to be in support of strategic priorities of humans.

No comments: