Does artificial intelligence have the potential to eliminate the risk of utility cyber-attacks?


In a time where self-driving cars exist and technologies such as digital twins and machine-learning platforms are being developed to make our power systems more intelligent, more automated and discerning, it’s no wonder that artificial intelligence is being described as the “next big thing” not only in the energy sector, but across a growing number of verticals.

According to a survey compiled by research and advisory firm Forrester, 58% of business and technology professionals spend their days researching artificial intelligence technology.

“Artificial intelligence (AI) is not new. It has been a persistent theme in science fiction and emerged as a computer science discipline in the ‘50s. What is new now is that billions of dollars are flowing into AI startups and software development efforts by both the internet heavies and enterprise software vendors alike,” says Forrester.

In an article for Infosecurity, Eldar Tuvey, co-founder and CEO of enterprise mobile security and data management firm Wandera, writes: “In the context of cybersecurity, machine learning speeds up the process of initial risk identification and classification, which enables security teams to better manage their incident response function, and more importantly, take preventive actions even before security threats manifest.”

Tech giant IBM’s artificial intelligence platform, Watson for Cyber Security, helps users to respond to threats across endpoints, networks, users and the cloud.

The company says that Watson, a question-answering computer system, has been trained in the language of cybersecurity and has studied more than one million security documents.

The platform is claimed as an industry first in augmented intelligence technology, designed to power cognitive security operation centres (SOCs).

IBM Security vice president of development and technology Denis Kennelly said: “Combining the unique abilities of man and machine-intelligence will be critical to the next stage in the fight against advanced cybercrime.

” In 2016 alone, cybercrime cost the global economy over $450 billion, according to international specialist insurer Hiscox,citing shortcomings in prevention, detection and training in its 2017 Cyber Readiness Report.
Meanwhile, Juniper Research predicts the overall cost of data breaches will increase to £1.58 trillion ($2.027 trillion) up to 2019.

AI and utilities

Many will recall the cyber-attack suffered by three regional Ukrainian electricity distribution companies – Kyivoblenergo, Prykarpattyaoblenergo and Chernivtsioblenergo, when 225,000 customers lost power for anywhere between one to six hours.

Following the attack, BlackEnergy3 malware was found within the utilities’ systems. Utility companies know all too well the consequences of such attacks, compromising the safety of their assets and customer data privacy.

Writing for The Independent, computer scientist and chair of computer and information systems at the University of Sheffield, John Clark, notes: “Traditional malware detection software works by searching for specific and recognisable elements of code (digital PhotoFits, if you like). However, if malware redesigns itself constantly as it spreads this simply doesn’t work. In such cases detection must rely on what the malware actually does rather than what it looks like and AI will be brought to bear to rapidly characterise it.”

AI will also help us to track down who is responsible for attacks, identifying what further information is needed to draw conclusions and then asking for it, with automated investigative algorithms following their AI-enhanced noses, making best use of limited resources.”

Humans and machines work hand-in-hand

AI technology has been lauded for its ability to analyse enormous amounts of data using algorithms to identify potential threats that surpass human capability; however experts at MIT point out that human analysts and technology need to work together to minimise the risk of cyber-attacks as far as possible.

Kalyan Veeramachaneni, principal research scientist at MIT, alluded to the fact that security is too important for analysts to take a one-dimensional approach. He told Wired: “The attacks are constantly evolving. We need analysts to keep flagging new types of events.”

He explains that contextual information is needed, provided by the human analyst, to recognise external variables that might explain why a single component or group of components are situated away or detached from the main body or system.

Addressing attendees at the recent Total Security Conference hosted by Computerworld Hong Kong, Christopher Church, digital forensic officer at the Interpol Global Cyber Complex for Innovation, said that AI will “change the cybersecurity landscape.”

He referenced MIT’s AI system, ‘AI2’, that can prevent 85% of cyber-attacks using input from human experts, for which Veeramachaneni is research lead.

“The [AI2] system will actually look for the attacks and will mark them, and then the user has to tell the system whether these are actual attacks or false positives. So it presents all the attacks discovered over the day, and then a human expert would say which ones are actual attacks. And once the attack data are put back into the system, it then reorganises its logic, and then it becomes better at learning what it does.

“AI will still need a helping hand, but human behaviour is predictable 95% of the time. So things are getting better for cybersecurity,” said Church.

According to ABI Research, artificial intelligence and machine learning technology will play an increasing role in cybersecurity and spur growth in the data and analytics spend over the next several years.

The firm forecasts machine-learning in cybersecurity to increase big data, intelligence and analytics spend to $96 billion by 2021.

It adds that cyber-threats are an ever-present danger to global economies and are projected to surpass the trillion dollar mark in damages within the next year. As a result, the cybersecurity industry is investing heavily in machine-learning in the hope of providing a more dynamic deterrent.

“We are in the midst of an artificial intelligence security revolution,” says Dimitrios Pavlakis, industry analyst at ABI Research.

“This will drive machine-learning solutions to soon emerge as the new norm beyond Security Information and Event Management, or SIEM, and ultimately displace a large portion of traditional AV, heuristics, and signature-based systems within the next five years,” says an ABI release.

It adds: “Established antivirus (AV) players in the market, such as Symantec, will continue to transform some of their solutions from highly trained supervised models to unsupervised and semi-supervised ones in preparation for the constantly shifting threat variables.” MI