Connected objects, cloud, facial recognition, etc., technological innovations have made enormous progress in computer systems, networks, especially for armies. But they are also new forms of threats. In this context, artificial intelligence is first and foremost a viable and sustainable solution, but could also become a source of problems.
Never before have information system security managers had so much work since the mid-1990s, when computer networks and thus cybersecurity were born. Despite a substantial and continuous increase in cyber security budgets, the number of attacks, particularly successful, continues to increase. A recent Capgemini study indicated that one in five executives would have experienced a security breach in 2018. Wavestone, meanwhile, reports on more than 40 very significant security incidents in several major French groups. All sectors are affected: large, medium and small businesses, start-ups, public administrations, hospitals, etc. Armies are no exception to this phenomenon. That is why the Minister of the Armed Forces, Florence Parly, recently called cyber defence a “top priority.” Strengthening offensive and defensive capabilities in this area is a good marker of this immense challenge that affects both our economy and our defence. The creation of the ComCyber (cyber defence command) in 2017 in Rennes and the recent inauguration of new buildings for cyber-combatants bear witness to this.
Cyber threats, cyber sabotage, cyberespionage and cyber warfare are permanent dangers, characterized by specific units, tactics, methods and tools and are now part of a more global strategy. Cyberspace has thus become the place of all tensions and clashes.
The risks of cyberspace
In general, the more an entity (economic, public service, power, military, etc.) digitizes and connects, the more vulnerable it is. Over the past thirty years, the global economy has been accompanied by significant computerization. Exchanges of information, financial transfers or personal data take advantage of this vast web that promises the simplification of orders and tasks and a faster execution. But, on the other hand, computerization has become increasingly vulnerable. Cases of cyberespionage, for example, have multiplied. They concern the corporate world, but also the political world or the defence sector. The US NSA scandal spying on its allies shows that cyberespionage actions can also be done by friendly countries.
In this vast intangible area of cyberspace, 100% guaranteed protection does not exist. In a way, the defender can only update his defenses after an attack, always being one step behind the attacker. The intensification of data storage in the cloud is also a factor aggravating the vulnerability of entities. He is not alone. The exponential development of connected objects, whether in individuals or in companies, implies an increased security of these objects, but also the transport of data to the final storage point, the cloud. In this context, absolute trust in a network must be strongly measured. This is the reign of the zero trust network.
But the experts are clear: the worst is yet to come. Many fear a “cyber-attack” disaster, followed by a major crisis that could cost lives. They add that the risk is great, as the security measures and budgets allocated to them only evolve with technological innovations.
Imade Elbaraka, cyber risk advisory partner at Deloitte explains: “While companies are multiplying innovative initiatives, only 3% of the cybersecurity budget is now allocated to disruptive. Beyond investment, it is a problem of understanding the issues. “Cyber is everywhere: in every product, in every trade, in every process it comes to secure,” the expert continues.
If cyber is everywhere, so is the risk. According to a 2019 Deloitte survey on the future of cybersecurity, cybersecurity is a priority for executive committees and boards of directors. This study also highlights the gap between transformational objectives, often ambitious, and the limited number of resources dedicated to working in this sensitive and vital area.
Artificial intelligence: dealing with attack volumes and their complexity
Man alone cannot cope with the massive volume of data and attacks, nor their increasingly complex nature. As we have seen, this area is under-resourced. That’s why Florence Parly has inaugurated the cyber defence base (ComCyber) in Rennes, which is to house 400 cyber-combatants. But recruitment of staff is not enough. The solution is to use artificial intelligence (AI) to strengthen defenses. The Minister of the Armed Forces said there was “a general need to increase our capacity to protect and respond to cyber threats. These ever-growing and diversifying threats are aimed at both the civilian world and the armed forces.”
In this extremely complex environment, we are no longer able to rely on solutions that dealt with known, predefined scenarios. The objective is to anticipate the types of attacks that might hit us. AI has its place in this scheme. It must also compensate for human failures, take over from women and men at a time when the situation is becoming too complex. Decision-making processes must also be self-sustaining.
Of course, hackers and cybercriminals, whether they are individuals acting alone or on behalf of small groups or even states, also use AI to refine and automate their attacks. This disruptive technology can be used to paralyze or sabotage military systems, state nerve centres (transportation, energy-related infrastructure, etc.). It can also take control of the networks in order to manipulate them and turn them against their owners. In its latest Black Hat demonstration, IBM’s security department showed, with its DeepLocker solution, that hackers can now encapsulate malware in machine learning to make a smart viral load capable of hitting at the right time and in a completely autonomous manner.
To deal with these new threats, to play an even game with opponents and to build a reliable defense, AI has become unavoidable.
AI is used in three cases. First, it can detect attacks, but also reduce their number by fine-tuning analyses and classifying attacks or threats by relevance. Second, it offers a way to predict attacks using sensors or agents to analyze a large amount of data. Ai is thus the protective shield. She is finally the sword that responds to attacks. It alone can respond to a cyberattack by an enemy AI.
Asa defence issue, AI already provides oversight of networks. Systems learn how a network works normally and, by collecting and analyzing millions of events, create security alerts that correspond to real threats. The Snowden case is revealing in this respect. Today, thanks to the user behavior user behavior analyticsprocess, it is very difficult to steal data without immediately triggering alerts.
Humans at the heart of innovation
While AI is taking an increasingly important place in security and defence systems, humans are of course at the heart of innovation, capable of inventing the tools to protect as well as to retaliate. Humans are not replaced. He’s back in his pilot’s position. He thinks of the military doctrine of combating cyber threats, both defensive and offensive. The creation of the ComCyber is part of this framework, as is the inauguration of the Cyberdefense Factory, the Breton branch of the Innovation Defense Lab, “a place of exchanges to create synergies between the state, industrialists and start-ups, and capable of capturing innovation in the field of cyber. It will also be a technology incubator.” It is within these entities that humans find themselves, a major defence against cyberattacks.