Synthetic Teammates and the Future of Cybersecurity

Size: px

Start display at page:

Download "Synthetic Teammates and the Future of Cybersecurity"

Emil Anderson
5 years ago
Views:

1 Synthetic Teammates and the Future of Cybersecurity Dr. Fernando Maymí Lead Scientist, Cyberspace Operations Soar Technology, Inc. 1 8 August 2017

2 - THE FUTURE THREAT LANDSCAPE - SYNTHETIC TEAMMATES - WORKFORCE DEVELOPMENT 2

3 - THE FUTURE THREAT LANDSCAPE - SYNTHETIC TEAMMATES - WORKFORCE DEVELOPMENT 3

The Tactical Battlefield of 2050 Augmented humans Automated decision making and autonomous processes Misinformation as a weapon Micro-targeting Large-scale

4 The Tactical Battlefield of 2050 Augmented humans Automated decision making and autonomous processes Misinformation as a weapon Micro-targeting Large-scale self-organization and collective decision making Cognitive modeling of the opponent Ability to understand and cope in a contested, imperfect, information environment 4

5 Threatcasting 5

6 6

7 7

8 8

9 9

10 10

11 11

12 Concerns Understanding the context is essential War on reality: the weaponization of data Blended attacks Micro-targeting Efficiency is easy to hack Complex autonomous systems 12

13 - THE FUTURE THREAT LANDSCAPE - SYNTHETIC TEAMMATES - WORKFORCE DEVELOPMENT 13

14 Partial Artificial Intelligence Taxonomy Machine Learning Cognitive Modeling 14

15 (Oversimplifying) Artificial Intelligence Analogous to Machine Learning Analogous to Cognitive Modeling 15 Source, Fair use,

16 Autonomous Agents Sense Learn Think Act 16

17 17 System 1 MACHINE LEARNING 17

18 Machine Learning External agent validates results during training phase Sense Data Filter Noise Extract Features Classify Sample Production (trained) system outputs results to other systems 18

This is a gibbon 19 Source, Fair use, http://www.kdnuggets.

19 Adversarial Machine Learning Original image classified as a panda with 60% confidence Tiny adversarial perturbation Imperceptibly modified image classified as a gibbon with 99% confidence This is a gibbon 19 Source, Fair use,

20 Adversarial Machine Learning Original image classified as malware with 60% confidence Tiny adversarial perturbation Imperceptibly modified file classified as whitelisted software with 99% confidence 20 Source, Fair use,

21 21 Towards a Solution

22 22 System 2 COGNITIVE MODELING 22

23 Towards a Common Model of TTPs Procedures: the algorithmic, atomic unit of cyberspace operations Techniques: unique ways to perform procedures Tactics: directed subgraphs of procedures with one or more goals as their terminal nodes 23

24 Towards a Common Model of TTPs Procedures: the algorithmic, atomic unit of cyberspace operations Techniques: unique ways to perform procedures Tactics: directed subgraphs of procedures with one or more goals as their terminal nodes 24

25 Towards Common Models of Threat Actors Partial model of APT28 (Fancy Bear) during Operation Pawn Storm 25

26 Simulated Cognitive Cyber Red-team Attack Model SC2RAM Command & Control Situation Reports Human Controller Cyber Actions 26 Network Under Test

27 27 SC2RAM Graphical User Interface

28 Network Attack Visualization 28 Developed by IHMC for SC2RAM

29 29 Using Synthetic Attackers for Cybersecurity

30 Autonomous Hunt Teammate Threat Intel Feeds Other Feeds Internal Models ISAC Social Media Assets TTPs DHS Commercial Dark Web Attacks Internal Sensors IDS Hypothesis Generator Logs Firewalls Hypothesis Evaluation Learning Module 30

31 - THE FUTURE THREAT LANDSCAPE - SYNTHETIC TEAMMATES - WORKFORCE DEVELOPMENT 31

32 Workforce Pipeline Access Employ Develop Retain 32

33 What Are We Looking For? Source, fair use: Access Employ Develop Retain 33

34 Why? Source, fair use: Access Employ Develop Retain 34

35 Key Hiring Trends in Cybersecurity Companies are seeking certified candidates - 35% of positions required a certification Companies are seeking educated candidates - 80% of positions require a Bachelor s degree Hands-on skills are more valuable than managerial ones - Lead Software Developer average salary: $ 233,333 - Chief Security Officer average salary: $ 225,000 Openings are harder to fill - Cybersecurity openings remain open 8% longer than IT ones - Security clearances or financial sector experience is even harder to fill Next-generation gap - Younger generation is not as interested in cybersecurity, particularly women Access Employ Develop Retain 35

36 Developing the Cybersecurity Workforce Source, fair use: Access Employ Develop Retain 36

37 Developing the Cybersecurity Workforce Access Employ Develop Retain Source, fair use: 37

38 Retention Access Employ Develop Retain 38

39 Most Importantly Source: Access Employ Develop Retain 39

40 40

Cyber Threat Intelligence Standards - A high-level overview

Cyber Threat Intelligence Standards - A high-level overview Christian Doerr TU Delft, Cyber Threat Intelligence Lab Delft University of Technology Challenge the future ~ whoami At TU Delft since 2008 in