Improving Cyber and IoT security using AI- Part -1
Larceny is one of the oldest crimes in the world. “The constant need to have access to things which does not belong to them has been the motive for centuries to engage in any form of theft”, as per a German psychology specialist. To protect themselves from fellow human beings, men started inventing lock and key mechanism. The same is true for cyber security as well. Without a lock and a password mechanism, digital data stored in the form of documents, e-mails, bank records, photos and videos are vulnerable to cyber thieves aka ‘Hackers’.
Cyberattacks in IoT is expected to be more prolific because of the nature of the IoT devices. IoT devices are voice and image enabled and controlled and are similar to small computer processors with MS Windows or iOS software installed in them, however unlike these popular operating systems, IoT implementation is featured by connection of variety of devices and capabilities, made available through a single platform. Hence as soon as the hackers get into a system, they can use these systems as a host to any kind of self-propagating worm or virus, whose ultimate target can be conventional laptops and desktops with top security software installed or they can be used as a weapon to attack physical targets like human beings, their home or enterprise security systems.
Also many of these IoT devices are designed and manufactured to work in certain confined environments. An attack on an IoT system can lead to greater damage as in following: They can crash cars by manipulating the traffic systems and by corrupting the data of the autonomous cars, completely immobilize manufacturing systems by entering into the SCADA systems and corrupting the operational data belonging to the products, shut off energy plants by gaining access into their control systems and effectively change the important operational aspects of the energy plants and many such cases. In some extreme cases an attack on the connected devices may also result in the Distributed Denial of Service (DDoS) resulting in overall disruption of many emergency services like health care, law enforcement and worst cases might even relate to National security issues, due to artificial hike in the traffic and make the users believe that there is a traffic congestion and thus disable the real users from accessing these important websites of these fields. Also once smart cities become operable, hackers will have their access to our water system too. They can hack into the system and change the chemicals used in these systems to clean the recycled tap water and potentially use as a biological weapon creating epidemics and killing innocents.
3D printing technology is another recent entrant in aiding and abiding with the Cybercrimes. Using 3D technology, it is possible to print a human hand which can be worn as a glove to fool a finger print scanner and gain access to any important secured area. In the recent survey conducted to find which might be the greatest cyber security threat in the future, CRISPR (Clustered Regularly Interspaced Short Palindromic Repeats), a now commonly used gene editing tool that was unveiled in 2012 was in the top five. This gene splicing technology is capable of finding and eliminating mutated DNA. Once this technology is successfully implemented then the gaps that happens in the DNA, due to the elimination of the infected cells, can be filled using the non-mutated versions of the Healthy DNA. This technology when mastered fully has the ability to remove some genetic illness based on DNA, passed from one generation to another and can cure blindness too. In order to research this technology efficiently, there are sample kits available ( just like the open source SDK for various new technologies ) in drug stores to do the mutation and any enthusiasts of gene modification , can buy it and try the alteration and come up with amazing results, but the one problem we may face is when the kit and hence technology is misused to bring dangerous mutation of some virus like Ebola or Avain flu, then the epidemic will be far fetched to cure.
Stopping such powerful Cyber crimes cannot and should not be one person’s responsibility.
“Providing satisfactory security controls in computer systems is in itself a system design problem. A combination of hardware, software, communications, physical, personnel and administrative-procedural safeguards is required for comprehensive security. In particular, software safeguards alone are not sufficient.” — The Ware Report, Defense Science Board Task Force on Computer Security, 1970.
Security is not one-person’s responsibility or a one division’s responsibility, it is the responsibility of everyone and this notion has been accepted by many security professionals for more than three decades, but extremely poorly implemented.
The need for security in IoT segment has also increased because of the following:
· The volume of data dealt on internet
· The sensitivity nature of the information
· The less secure leased network lines
· Shared access to many websites.
· Value of the data.
· High speed internet with 4G- LTE and 5G technology.
Thus the IoT devices introduce new types of threat in to the IT security sector, due to their small size and their inability to hold extensive ‘stand-alone built-in security’ software. Also the applications on the smart phones or wearables which are used to control these IoT and edge devices are as secure as the devices themselves, because an attack on the device OS, will give the leverage to the full connected network, thus causing disruption than it can be imagined. So the challenge is how to provide IoT security to these innumerable connected devices and host them as a single IoT ecosystem. And many IoT pundits are recommending AI as one of the best chances to provide this security.
Machine Learning and Deep Learning algorithms are used extensively in anomaly detection, threat and vulnerability detection and predicting and patching the vulnerable areas in the network or the device, phishing and ransomware attacks. The encryption and authentication algorithms when coupled with the AI algorithms is used to extensively to provide the required support in many security companies.
Anomalies in a security network are generally those areas which exhibit characteristics of a hacking risk. These areas can be a part of the network or it can be an individual IoT device or an edge device or a private or public cloud. Anomalies are best detected by analyzing the data and predicting these hyper vulnerable areas. The first step in understanding the anomaly detecting algorithm is to identify the basic difference between Vulnerability, Threat and an Attack and how they can be effectively solved using Ai algorithms
Vulnerability: A network is vulnerable when it is susceptible to threats. This happens especially when the network security is weak and exposed. Vulnerable networks are like cars with their keys on the ignition for cyber thieves. The insecure networks lack the basic infrastructure to protect itself. Such networks are sometimes called as open networks and they are not equipped with the cyber protection software required to the modern day networks. Most legacy networks (PAN, LAN and VPN) can be categorized as vulnerable and they need an upgrade. AI algorithms can be used to sense and detect the vulnerable networks based on certain data like the date of last upgrade, the volume of traffic handled, the speed and the type of applications which run through these networks.
Threat: A threat is an attack which is perceived and yet to happen. The computer and network security professionals can identify a threat in computer network by identifying the weak entry points into the network. The weak entry point can be many and varied depending on the network in consideration. To site a few examples, in a 3G network[UC1] , the weak entry points can be the User equipment, the cell, the GMSC or any of the servers which stores the HLR, VLR etc., In a computer[UC2] network, the open point of entries can be individual terminals, the routers/hubs that connect the network and the main servers and processors which stores the common data. In an IoT device, the open point can be the sensors or the apps which is used to control and manage the devices and they can become an access point, sometimes even the SCADA systems if they are used to control these devices. A threat when exposed allows the Security team to make security upgrades based on predictive analytics obtained through Machine learning ( ML) algorithms about the exposed network or device.
Attack: An attack is a hack. Not all vulnerable networks are attacked, only those networks which are valuable are hacked. The most important reason for attack is the lack of knowledge about a threat or a vulnerability. The attack can happen due to poorly trained computer personnel, lack of sight on behalf of the system administrative personnel or it could be a gross neglect on the part of the organization responsible for the maintenance and upgrade of the networks. The attack exposes the network of its weakness and allows the organization to make a reactive decision about improving their cyber security.
There are many varieties of attacks like phishing, ransomware, insider threat, malware, viruses, firewall attacks and many more. Phishing has been happening as long as internet came online, though ransomware attacks are perceived as a recent entrant into the security arena. A phishing attack happens when the user receives an email from a hacker disguised as an email from a known entity, like a friend, a contact, or an organization. As per a Gartner report, one in 4500 email happens to be a phishing email. Phishing is the basic attack that encourages the user to do some routine harmless actions like clicking on a link, which compromises the security of the whole organization. During the recent times, phishing emails are getting bolder and efficient to trick even computer literates in becoming victims. Thus organizations protect their employees using SEGs (Secure Email Gateways) and SWGs (Secure Web gateways). Some even train their employees in APBM (Anti –phishing behavior management) using simulation. Though phishing is an extremely popular attack, many organizations are not ready to deal with it, even today. A phishing attack can be prevented using a comprehensive approach to the detection and prevention of the attack on the IT infrastructure, financial data and other sensible information by efficiently watching the emails for some suspicious word phrases, links etc. using ML algorithms
“The rise of cyber-threats to critical infrastructure indicates that Industrial Control Systems (ICS) should be properly secured from malware both inside and outside the perimeter. It is also important to note that according to our observations, the attacks almost always start with the weakest link in any protection — people.”
- Evgeny Goncharov, head of the Critical Infrastructure Defense Department, Kaspersky Lab
Having quoted the head of the Kaspersky Lab, which made headlines on account of its role in their US elections 2016 due to hacking scams, I will add to that insight, saying the weakest link always is the entry point, however the target is always to reach the strongest link. So once the vulnerability or threat or attack is perceived it is important to take the counter measures and in order to do the patchwork. Thus patches have to be made available as soon as a threat is perceived or an attack happens. Machine learning techniques like supervised and unsupervised learning can be excellently employed to do the patchwork. In order to make the patches, these Machine learning algorithms need clean data, which was hacked or under threat, the access points and the means through which the entry took place or about to take place.
In a nutshell, IoT security is more complicated than the IT and Cyber security, because of the number of devices involved, the size of the devices and the superior hardware and software these devices are made to handle. Hence it is imperative to take more precautions to deal with IoT security and so it’s important to understand the needs and ways to provide this security. My next parts on this topic, handles more focused details on IoT security business model, threat intelligence and many more.
[UC1]WAN connected thro internet
[UC2]LAN, inside an enterprise premises or a building.
This article has already been published in www.linkedin.com
