Cybersecurity Talent Shortage
In “Known unknowns of cybersecurity talent shortfall,” Fortinet’s Steve Kirk argues, “The broad and growing scope of the [cybersecurity] challenge requires a corresponding broadening of skill sets that are both known and unknown. . . . The real cybersecurity challenge is the unknown.” In Kirk’s view, cyberthreats evolve at a pace beyond the ability of humans to learn and respond. So effective cybersecurity as we move forward requires a predictive model that essentially eliminates the unknowns or learns quickly enough to respond effectively. Perhaps the human will never be quick enough and intelligent enough to sense, interpret, learn, change, and respond quickly enough to defend against the cyberthreat. But all is not lost. There’s always artificial intelligence, or AI.
MACHINE LEARNING & CYBERSECURITY
Machine Learning is the right term for AI cybersecurity, according to Scotland-based FarrPoint’s Alexandre Arbelet and Daniel Brown. Machine Learning, as the label suggests, represents “the capability of a computer to learn from data and improve over time.”
Arbelet and Brown argue, “Manually identifying all new and disguised threats is too time-consuming to be humanly possible. One solution that’s getting global recognition is the use of artificial intelligence.” Arbelet and Brown share Kirk’s concern with known unknowns. “The human brain,” they write, “is limited in its ability to simultaneously consider multiple variables during decision-making.” So, the answer is a capacity to learn as quickly—or, ideally, more quickly—than cyberthreats evolve, and perhaps even anticipate the evolutionary direction and block the approach before the threat even arrives. That’s truly a thinking, adaptable cybersecurity workforce capacity that’s more agile than the threat. “AI can use knowledge it gains to detect threats, including those that are yet to be discovered, by identifying shared characteristics within families of threats,” Arbelet and Brown write.
No, cyberimmunity is not something a cyberprosecutor offers a black-hat hacker to help root out bad guys. Cyberimmunity is about a system that protects the network from computer viruses in a way similar to how our bodies protect us from biological viruses. “Like the human immune system, one part would be dedicated to addressing common threats (innate immune system), whilst another part would investigate anomalies to detect threats that have not yet been seen by the system (adaptive immune system),” they write. Of course, as we’ve seen in biological virus evolutions, cyberviruses of the future would naturally include an aspect that, first, defeats the networks immunity before it attacks. We’re seeing this now as germs are outwitting our best antibiotics.
Apparently, the evolution of machine learning cybersecurity, or AI cybersecurity, is not (yet) a threat to the cybersecurity workforce. Cybersecurity AI, right now, is more of work-saving complement to us humans. “AI detection schemes are strongest,” Arbelet and Brown write, “alongside human decision makers. This will make them commonplace in environments like security operations centres in the near future, allowing a huge workload to be alleviated with help from AI.” They don’t anticipate any sort of AI takeover in which white hat machine learning cybersecurity is duking it out with black hat machine learning computer viruses while we watch from the sidelines.
So, how about a nice game of chess?