[This article was updated 7 May 2019]
Nearly three years ago, the UK announced the presence of a new centre to combat cyber attacks. It was in response to the rising threat level we face from domestic and foreign computer-based assaults on individuals and private organisations, as well as those aimed at the country as a whole.
The National Cyber Security Centre (NCSC) was set up as part of GCHQ to “help make the UK a safer place to live and do business online”, with the job therefore to stay one step ahead of anyone who wants to cause harm in any number of cyber attack scenarios. Combating the growing threats of attack is one of the most important aspects of national defence for any country. The same, therefore, must be assumed at the corporate level of any organisation, be they in retail, logistics or banking. Yet, with only a finite set of human resources available to combat threats from nearly all sides, we face an “us against the world” scenario, which just cannot scale to meet the challenges ahead. So, are we doomed to failure already?
Well, not yet. Sure, if we had to rely on human brain power alone, no matter how clever, educated and downright sneaky our operatives become, we would eventually run out of resources to keep up with the onslaught. Thankfully, we’re not limited to ‘our own kind’ in this cyber arms race. We do have another, potentially limitless supply of combatants to help us out: machines.
OK, I’m being a bit loose with the term ‘machine’ here. I’m referring to computer software, and more specifically the rise of the ‘bot’. Bots are, for want of a better description, “an autonomous programme designed to interact with systems or users, often mimicking the behaviour of a person”.
Where there is financial loss at stake, the need to stay on top of cyber threats has become at least as important as meeting regulation. Therefore, banks, building societies and other financial service providers are at the front of the queue when it comes to criminal intent from hackers. So how can the humble bot help?
For a start, bots can be deployed to patrol the perimeter defences of a computer network, supporting the traditional hardware and software ‘concentric circle’ lines of defence by detecting unusual access using ‘signature traits’ to see if activities being undertaken are out of alignment with the expected norm. Of course, once a bot has detected such a presence, it needs to raise an alert pretty quickly, and if possible deploy countermeasures to limit the intrusion.
This is a good start, but as with any arms race, the attackers will soon learn the limitations of defence bots and simply up their game to create neutralising agents, gaining the upper hand once again. What we really need are bots that know how to evolve on their own, bots that ‘learn’ to up their own game, share experiences with other bots and keep up to date with the intruders. But, is it possible to train bots to teach themselves?
The use of machine learning techniques is certainly one way that this can be achieved; the ability to adapt when exposed to new data, and improve activity and outcomes accordingly. Here are some activities that could be undertaken by bots to help them learn and improve their capabilities:
- Simulate attacks. Set up bots to simulate ‘real world’ successful attacks on existing defences, and collate data on the signature traits that can help detect such attacks in the future.
- Learn from attacks. Replay attack simulations to train bots to benefit from prior data collection.
- Bot vs bot. Set up attack/defence challenges, where bots try to outsmart each other by creating randomised attack scenarios to outwit the machine learning process.
- Bot teach bot. Network bots together so they quickly pass on what they have learned across the system, limiting the chance of intruders breaking through weak points and untested areas.
While bots were once seen as one of the threats to cybersecurity, they really are fast becoming one of the biggest assets that cyber defence strategies have in their arsenal. But this shouldn’t be just the domain of NCSC or other government agencies. The financial services industry needs to wake up and get onboard with investing in and building up their own bot defences. The question is, how long do they have before the damaging breaches we’ve seen over the past few years becomes regular, and catastrophic, events?