The Defense Department is likely within 18 months of introducing autonomous cybersecurity tools that will be capable of augmenting human analysts by predicting threats, including insider activity, and dynamically isolating parts of the network that may come under attack, the department’s outgoing chief information officer said Thursday.
Terry Halvorsen, speaking to reporters during his last media roundtable before retiring at the end of the month, said as the department continues deployment of its 12 Joint Regional Security Stacks—a $1.6 billion effort to eliminate hundreds of disparate firewalls with centrally managed commercial security appliances and network monitoring tools—the next major step will be the deployment and testing of AI-based security applications.
“Given the volume [of attacks] and where I see the threat moving it will be impossible for humans by themselves to keep pace. We can and we’re very close to being able to put more autonomy into the security tools, and we will get to the point within the next 18 months where AI is becoming a key factor in augmenting the human analyst in making those decisions about what to do,” Halvorsen said.
Halvorsen recently hosted a special meeting of the Five Eyes alliance (Australia, Canada, New Zealand, the United Kingdom, and the United States), plus Germany, Japan, and NATO, at which AI-based cybersecurity was discussed in detail.
“This is very real inside the department. This is, I think, the next big explosion,” he said.
The exponential growth in the volume and speed of attacks targeting government agencies and large private enterprises has made AI-based cybersecurity tools a high priority for security professionals. A 2016 study by the Ponemon Institute discovered that the time required to identify a breach averaged 201 days and the time required to contain a breach averaged 70 days. According to IBM research, security teams sift through more than 200,000 security events per day on average, leading to more than 20,000 hours per year wasted chasing false positives.
One of the major industry developments that the department is paying close attention to is IBM’s introduction this week of Watson for Cybersecurity, which takes the cognitive computing capabilities of its Watson supercomputer and applies it to security operations centers. Watson has already contributed significantly to health care, and Halvorsen sees the potential for using machine learning to ingest large volumes of security data to uncover vulnerabilities, emerging threats, and ongoing attacks.
“What AI will also be able to do is once you have an attack, AI can take the configuration of the network and change that configuration faster than humans. It will take the damaged area of the network…isolate the problem, re-route around it and then destroy the malware,” Halvorsen said.
In addition to speeding up the Pentagon’s response to cyberattacks, the Defense Department is betting on AI to help it get better at predicting threats and analyzing human behaviors on the network.
“AI could have a real play…with behavior and how you can anticipate behavior. It’s crazy, the way individuals actually move the mouse becomes very distinctive,” Halvorsen said. “Are we going to be able to predict every attack? No. Are we going to be better about predicting trends and threats so that we’re ahead of the game? Yes.”