Algorithms are changing the face of situational awareness and online security

There's no doubt that the age of online information has created new national security threats, which have made it a priority for enterprise and governments to ensure the security of their network and IT infrastructure. The use of anthropological techniques presents an alternative perspective for researchers whose intent is to develop intuitive and multi-tiered security as it relates to cyberspace.

A focal point of this research is what’s called ‘tacit knowledge’, or knowledge of something that is implicit rather than formal knowledge that characterizes the duties and tasks performed by security institutions. One way to illustrate this kind of knowledge is the content of folk songs. We are all familiar with the sayings and implications of the lyrics of folk songs in our own culture, yet those of other cultures are foreign to outsiders. You have to live it to understand it.

Primary to security analysts' concern is the fact that open-source and commercially developed tools lack the intrinsic understanding of security analysis, leaving the tools used by many analysts inadequate. This subsequently results in labor-intensive resolutions to problems, such as exactly what data has been compromised, and how did an attacker penetrate the system.

Where human technical tasks may need several minutes to be performed, an algorithm may only need a few seconds, freeing up intelligent minds to concentrate on problems of greater complexity. Frequently, network attacks are automated by software scripts called net bots. Network defenses would be at a disadvantage when analysts on the other side don’t possess streamlined processes to repel such attacks or minimize the damage that it incurs. With more sophisticated tool support, researchers hope to automate standard tasks that are traditionally performed by human beings.

Eradicating human error may improving the nation’s defense apparatus

Because a good number of cyber-attacks are automated, automation is central to cyber security. However, professional analysts usually require a lot of time to locate the system that has been breached by a virus or malware. When we add in the element of human error, valuable time finding a resolution and its deployment is lost, thus leaving even more data at risk. Humans are prone to mistakes. While algorithms, are not entirely mistake free, they can include quality control instructions that a human analyst may fail to carry out because of fatigue or other reasons.

As a result, what we have is a numbers game when attempting to identify a breach, but an automated attack has inherent advantages not including time in its favor. If some defense mechanisms are automated, including matrix processing, error-correction and other statistical techniques, the potential for a faster problem resolution, along with a sharp reduction in human error, can be accomplished.

Greater central standards and algorithms trigger mechanisms to combat threat scenarios

Algorithms translate processes that are performed by humans into instructions that can be understood by computer systems on a sophisticated level.  At its core, an algorithm can ‘understand’ a problem, and based on the available data and instructions produce a desirable result. Well-designed algorithms are able to get at the heart of a process and produce output on a computational level for a very large number of scenarios. Defense mechanisms must gather and process large amounts of data from a wide net, which presents difficulties for humans. But with the aid of automation based on a framework, quicker deployment of an appropriate response can be achieved. Macro components such as communication and power are constantly under attack, and while system redundancy is one means of protection, threats are advancing in their complexity and damage potential.

Algorithms could predict attacks and improve situational awareness

There are at least seven aspects related to situational awareness (SA) which can impact the quality of cyber defense measures. It is most critical to have a firm grasp of the current situation, or perception. This involves recognition and identification, such as the type of the attack, the people or organizations involved, and so on. This aspect, however, involves more than merely detecting that an intrusion has taken place, but also precisely the event that is occurring.

Implications and the impact of the attack must be ascertained so that the defense mechanisms in place can focus efforts where they are needed and respond appropriately. There are two components of primary concern here: damage assessment and the future implications of the attack. It follows that the analysts must have a keen awareness of how such situations evolve, through an analysis of how the situation came to fruition.

At this point, questions begin to arise as to why such a situation has arisen. This is where the detective work begins and is concentrated on tracing the steps leading up to the attack, which will ultimately identify vulnerabilities. Though a lesser priority, another crucial aspect is the quality of the data collected on the previous events. Here we are concerned with the soundness of the data that has been collected, its validity and how recently it has been gathered.

From here, we can begin to make assessments of the plausibility or likelihood of future attacks. The newly assessed information may provide us a picture of the attackers, their capabilities and then help to filter all possible scenarios to those that are likely to occur again. Arriving at a plausible profile comes down to knowing the adversaries, as well as the vulnerabilities in the defense systems that are in place.

Automation fosters better training, education and time to focus on unique threats

Directives that are concerned with security are manifested in defense policy, standards and procedures, and the training needed to support those initiatives. Training, though a critical necessity, is fraught with possible stumbling blocks, monopolizing valuable resources such as instructors and trainees.  It is critical that the focus be on the cutting edge training and techniques.

For some of the reasons mentioned in the preceding sections, analysts are typically tasked with processing data that potentially can be performed with the support of automated tool-sets. These tool-sets must not only cover standard operational control methods, such as process control and critical path analysis, but can also be applied to a defense posture that evolves and quickly understands the nature of cyber threats. These tools and the underlying algorithms should reflect the nature of the data being processed, and must also take into consideration various cultural and environmental components.

Training should involve a comprehensive approach, where procedures having to do with situational awareness are automated, and analysts and consultant efforts are focused on broader and more specific threats. Additionally, awareness training should have a group focus, emphasizing the capabilities of individuals. In this way, analysts and consultants are best equipped to handle their specific responsibilities.

The cumulative effect of cyber security training should be a layered approach that allows algorithms to take on a larger role in the identification and recognition of a breach, the actors involved and the defense measures that may be appropriate. Vulnerabilities and post-mortem risk assessment should also be a focus of both awareness training and one of the aspects of an automated tool-set.

Conclusion

Algorithms are seen by many as a key component to the technological advancement of humanity and society.  Effective cyber security is a primary means of maintaining stability, the first line of which is a sound defense against cyber attacks. Algorithms that are applied to cyber networks will perform operations on ever larger data sets, employing highly advanced knowledge discovery and forecasting/prediction techniques.

The future importance of algorithms revolves around our converting mathematical and logical statements into process instructions that increasingly understand the environmental and evolving situational aspects of our defense networks, and the threats to its effectiveness and stability.

About the author:

Phrantceena Halres is founder, chairman and CEO of Total Protection Services Global, a certified security services company focused exclusively on high threat/close proximity safety and security services for the protection of critical infrastructure assets in the corporate, government, nuclear, energy and personal protection sectors. Contact her at  www.total-protections.com.

Loading