Experts Call for Global Data Sharing to Defend Against Cyberattacks

A new cybersecurity report highlights the need for a worldwide data clearinghouse to thwart next-generation, AI-powered hacks

4 min read
An electronic eye surrounded by binary code.
Illustration: iStockphoto

If they haven’t done so already, cyber attackers may soon be arming themselves with artificial intelligence and machine learning (ML) strategies and algorithms. Before long, it may not be a fair fight if defenders remain naive to what AI and ML can do on both sides of the battle. So suggests a new report by IEEE and the Canadian business consulting firm Syntegrity.

The report—stemming from a three-day intensive last October of cybersecurity experts from government, the military, and industry—aggregates the group’s findings into what it calls the six “dimensions” at the intersection of AI, ML, and cybersecurity.

First, the report advocates ways to keep cybersecurity regulations and laws up to speed with the latest developments in the field. The report says that laws and legal precedents should be altered to encourage, not burden or discourage, continued research toward anticipating and countermanding next-generation cyberattacks.

Specifically, it notes, both copyright and export control standards need to be modified to allow security researchers to investigate cutting-edge cybersecurity questions without worrying about running afoul of outdated laws and regulations.

Brian David Johnson, Futurist in Residence at Arizona State University and contributor to the report, says cyberdefense research is no longer an academic exercise or incidental curio. Increasingly, he says, the severity, sophistication, and frequency of cyberattacks is making cyberdefense crucial to both the commercial and public sphere.

“We are starting to see cybersecurity and defense against cyber and digital attacks mature,” he says. “What we’ve seen over the last five years is increasingly larger, deeper, broader attacks. Not only is it raising this to the attention of people, it’s also becoming bad for business—and bad for the business of government.”

Report co-sponsor and professor of electrical engineering at West Point, Col. Barry Shoop, says one of the more significant recommendations from the report involved a widespread problem that has emerged when a company or government agency in any field tries to mount an effective cyberdefense.

“In the for-profit sector, say a financial institution, they are less willing and in some cases not willing at all to share data for the common good of everybody,” he says. “They’re not willing to share what has transpired, what the attacks against them were, what their defense was. Because there’s legal aspects, and there’s perception. They have stockholders, they have investors. So if they share that they were attacked and were unsuccessful, that knowledge could drive their stock price [down], could drive away investors.”

As a result, Shoop says, a cyberattacker can hit multiple companies or government agencies today and be assured that very little knowledge is shared between those targets that could help everyone respond more effectively to the attacker. Hacked companies tend to keep to themselves after they’ve been hacked, in other words. And victimized companies keep silent to the detriment of all the other companies in their industry, and to the economy as a whole.

Hacked companies tend to keep to themselves after they’ve been hacked.

Of course, the report comes hot on the heels of Facebook’s publicized tangles with Russian hackers—which CEO Mark Zuckerberg said in testimony on Capitol Hill last week is best combatted with AI, even though that technology that may still take another 5 to 10 years to fully mature.

On the other hand, says Johnson, Facebook is hardly alone in providing a case study of the kinds of problems addressed in the report.

“Honestly, if you look at the past couple years, this report would have been released around the announcement of a large attack or breach, because it’s happening every month,” he says.

Yet, he adds, there’s an analogous problem that industry long ago figured out. And it could provide an important guide to tackling the cyberdefense problem too.

“The idea of having a clearinghouse is very popular in technology,” he says. “The place where you see it the most is in standards setting. Like coming up with the Bluetooth standard. Because if [industry] can come up with a Bluetooth standard, then everybody can work together.”

So, just like competitors and sometimes even fierce rivals set down their differences to hammer out industry standards and technology roadmaps, Johnson says, government agencies or industry clearinghouses could also provide global, up-to-the-minute cyberattack intel for the common cyberdefense.

“[We recommend] setting up a national or international repository of clean data,” Shoop says. “You don’t necessarily know where it comes from, but you’ve seen the attack vectors, you’ve seen the response or lack of response. And so you can tune your system to be able to defend against those kinds of attack vectors.”

Shoop, who in 2016 was president of IEEE, hopes policy makers and industry will recognize the potential of establishing such a cyberdefense clearinghouse, all the more so when AI and ML algorithms demand rivers of data on which to train.

“We’re seeing a rise of artificial intelligence and machine learning, in terms of attacks,” he says. “So the speed at which the attacks change is increasing substantially. So you need artificial intelligence and machine learning to defend against that, to match the speed of those attack vectors.”

Johnson says he’s optimistic that governments and industry can work together, in the ways the new report outlines, to fight cyberattacks.

“I’m an optimist, because I believe that people build the future,” he says. “This paper is all about actually getting people together to say, ‘Look, we’ve all been talking about this. We’ve talked about this at conferences, we’ve talked about this when we work together. Let’s get everybody together and start coming up with some solutions.’”

The Conversation (0)

How the FCC Settles Radio-Spectrum Turf Wars

Remember the 5G-airport controversy? Here’s how such disputes play out

11 min read
This photo shows a man in the basket of a cherry picker working on an antenna as an airliner passes overhead.

The airline and cellular-phone industries have been at loggerheads over the possibility that 5G transmissions from antennas such as this one, located at Los Angeles International Airport, could interfere with the radar altimeters used in aircraft.

Patrick T. Fallon/AFP/Getty Images

You’ve no doubt seen the scary headlines: Will 5G Cause Planes to Crash? They appeared late last year, after the U.S. Federal Aviation Administration warned that new 5G services from AT&T and Verizon might interfere with the radar altimeters that airplane pilots rely on to land safely. Not true, said AT&T and Verizon, with the backing of the U.S. Federal Communications Commission, which had authorized 5G. The altimeters are safe, they maintained. Air travelers didn’t know what to believe.

Another recent FCC decision had also created a controversy about public safety: okaying Wi-Fi devices in a 6-gigahertz frequency band long used by point-to-point microwave systems to carry safety-critical data. The microwave operators predicted that the Wi-Fi devices would disrupt their systems; the Wi-Fi interests insisted they would not. (As an attorney, I represented a microwave-industry group in the ensuing legal dispute.)

Keep Reading ↓Show less