RSAC 2017: Chaos, digital weaponry and AI
One of the biggest events of the IT security year has yielded plenty of high-level debate, much of it impressively geopolitical, as well as extremely granular...
As we mentioned earlier, RSA Conference 2017 has been running this week, and you may have seen a few of the bigger headlines. Here’s an in-depth look at what has been going down at IT security’s biggest and best annual event…
Perhaps a mark of RSA’s maturity as an event can be seen in the sheer range of the thought leadership - from detailed assessments of individual threats through to considered commentary on some of the biggest geopolitical events of recent times.
Dr Zulfikar Ramzan, CTO at RSA Security, led the charge, saying that security is not a technology problem, but a business problem, and drawing on the ‘chaos’ of the 2016 US Presidential election. “It was mainstream front-page news and rocked the foundations of democracy. It demonstrated that our problem isn’t limited to initial cyber-attacks. More, it’s the long tail of chaos it creates,” he said.
The theme was continued by Microsoft President Brad Smith, who called on the technology community to come together and create “a digital Switzerland” to protect civilian assets such as key utilities from the acts of criminals and nation state attacks. A digital Geneva Convention should be established and pledge no attacks on the private sector and no attacks on civil infrastructure including power grids, water supplies and political institutions, said Smith, who also hit out at nation states ‘stockpiling’ vulnerabilities for use as weapons, rather than patching them.
Chris Young, general manager of Intel Security, used his keynote to dig deeper in a similar vein, warning enterprises of the dangers of their own data. “Now data is manipulated and used against us to affect the decisions we make,” he told delegates, “We need to pay attention to small data used in models or it can be turned into a weapon”. He drew on a series of cases, including the recent US presidential election, and pointed out that manipulating small amounts of critical data can easily lead ‘big data’ tools into making bad choices.
There were plenty of more focussed moments too, with researchers demonstrating a new form of ransomware that can target programmable logic controllers (PLCs), in this case in a simulated water treatment plant. The cybersecurity researchers from the Georgia Institute of Technology were able to gain control and then threaten to shut off the water supply or poison it with increased amounts of chlorine - the research is intended to highlight weaknesses in these critical utilities.
Inevitably, there was more news on AI/machine learning, specifically from IBM’s Watson, which has now been tightly integrated with QRadar, opening cognitive computing capabilities up to around 8,000 existing IBM customers. "Watson can now help security analysts parse thousands of natural language research reports that have never before been accessible to modern security tools," stated a press release. IBM QRadar uses Watson's natural language processing abilities to analyse information from security websites, blogs, and research papers, and pair it with security incident data and intel from QRadar.
Alphabet’s Eric Schmidt admitted he’d underestimated AI initially, saying: "I was proven completely wrong <about AI>....I didn't think it would scale," he told RSA delegates. Schmidt had underestimated the power of simple algorithms to "emulate very complex things," he said, while adding that "we're still in the baby stages of doing conceptual learning." He ended on a positive note for the burgeoning technology, saying: "Things that bedevil us, like traffic accidents and medical diagnoses will get better. I will stake my reputation that that will be the real narrative over the next five years."
There was plenty of buzz over cognitive computing’s potential to deliver automated SecOps in the near future, something increasingly dear to IT security budget holders. Meanwhile, a number of demos of AI/machine learning technologies by the US Department of Homeland Security (DHS), Science and Technology Directorate (S&T) drew crowds, including Dynamic Defense, developed by Sandia National Labs, which uses a set of machine learning algorithms known as “chess master” to detect system patterns that deviate from normal operations, identify malicious activity employ mitigation measures. It “provides situational awareness to an operator and uncertainty to an adversary.” Another, developed by the Pacific Northwest National Laboratory and dubbed SilentAlarm, is designed to detect abnormal network traffic by using machine learning and Bayesian inference to construct hypotheses regarding likely malicious activity on the network.
High-Tech Bridge’s web security testing platform ImmuniWeb, based on machine-learning technology, detects at least twice as many vulnerabilities than any automated solution would, including the most sophisticated ones that usually require human intelligence. ImmuniWeb also provides the same quality, reliability and comprehensibility as manual penetration testing, but in half the time and so at much more competitive price.