Algorithms are changing the face of situational awareness and online security

Where human technical tasks may need several minutes to be performed, an algorithm may only need a few seconds


There are at least seven aspects related to situational awareness (SA) which can impact the quality of cyber defense measures. It is most critical to have a firm grasp of the current situation, or perception. This involves recognition and identification, such as the type of the attack, the people or organizations involved, and so on. This aspect, however, involves more than merely detecting that an intrusion has taken place, but also precisely the event that is occurring.

Implications and the impact of the attack must be ascertained so that the defense mechanisms in place can focus efforts where they are needed and respond appropriately. There are two components of primary concern here: damage assessment and the future implications of the attack. It follows that the analysts must have a keen awareness of how such situations evolve, through an analysis of how the situation came to fruition.

At this point, questions begin to arise as to why such a situation has arisen. This is where the detective work begins and is concentrated on tracing the steps leading up to the attack, which will ultimately identify vulnerabilities. Though a lesser priority, another crucial aspect is the quality of the data collected on the previous events. Here we are concerned with the soundness of the data that has been collected, its validity and how recently it has been gathered.

From here, we can begin to make assessments of the plausibility or likelihood of future attacks. The newly assessed information may provide us a picture of the attackers, their capabilities and then help to filter all possible scenarios to those that are likely to occur again. Arriving at a plausible profile comes down to knowing the adversaries, as well as the vulnerabilities in the defense systems that are in place.

Automation fosters better training, education and time to focus on unique threats

Directives that are concerned with security are manifested in defense policy, standards and procedures, and the training needed to support those initiatives. Training, though a critical necessity, is fraught with possible stumbling blocks, monopolizing valuable resources such as instructors and trainees.  It is critical that the focus be on the cutting edge training and techniques.

For some of the reasons mentioned in the preceding sections, analysts are typically tasked with processing data that potentially can be performed with the support of automated tool-sets. These tool-sets must not only cover standard operational control methods, such as process control and critical path analysis, but can also be applied to a defense posture that evolves and quickly understands the nature of cyber threats. These tools and the underlying algorithms should reflect the nature of the data being processed, and must also take into consideration various cultural and environmental components.

Training should involve a comprehensive approach, where procedures having to do with situational awareness are automated, and analysts and consultant efforts are focused on broader and more specific threats. Additionally, awareness training should have a group focus, emphasizing the capabilities of individuals. In this way, analysts and consultants are best equipped to handle their specific responsibilities.

The cumulative effect of cyber security training should be a layered approach that allows algorithms to take on a larger role in the identification and recognition of a breach, the actors involved and the defense measures that may be appropriate. Vulnerabilities and post-mortem risk assessment should also be a focus of both awareness training and one of the aspects of an automated tool-set.

Conclusion

Algorithms are seen by many as a key component to the technological advancement of humanity and society.  Effective cyber security is a primary means of maintaining stability, the first line of which is a sound defense against cyber attacks. Algorithms that are applied to cyber networks will perform operations on ever larger data sets, employing highly advanced knowledge discovery and forecasting/prediction techniques.

The future importance of algorithms revolves around our converting mathematical and logical statements into process instructions that increasingly understand the environmental and evolving situational aspects of our defense networks, and the threats to its effectiveness and stability.

About the author: