Experts Call for Global Data Sharing to Defend Against Cyberattacks

If they haven’t done so already, cyber attackers may soon be arming themselves with artificial intelligence and machine learning (ML) strategies and algorithms. Before long, it may not be a fair fight if defenders remain naive to what AI and ML can do on both sides of the battle. So suggests a new report by IEEE and the Canadian tech consulting firm Syntegrity.

The report—stemming from a three-day intensive last October of cybersecurity experts from government, the military, and industry—aggregates the group’s findings into what it calls the six “dimensions” at the intersection of AI, ML, and cybersecurity.

First, the report advocates ways to keep cybersecurity regulations and laws up to speed with the latest developments in the field. The report says that laws and legal precedents should be altered to encourage, not burden or discourage, continued research toward anticipating and countermanding next-generation cyberattacks.

Specifically, it notes, both copyright and export control standards need to be modified to allow security researchers to investigate cutting-edge cybersecurity questions without worrying about running afoul of outdated laws and regulations.

Brian David Johnson, Futurist in Residence at Arizona State University and contributor to the report, says cyberdefense research is no longer an academic exercise or incidental curio. Increasingly, he says, the severity, sophistication, and frequency of cyberattacks is making cyberdefense crucial to both the commercial and public sphere.

“We are starting to see cybersecurity and defense against cyber and digital attacks mature,” he says. “What we’ve seen over the last five years is increasingly larger, deeper, broader attacks. Not only is it raising this to the attention of people, it’s also becoming bad for business—and bad for the business of government.”

Report co-sponsor and professor of electrical engineering at West Point, Col. Barry Shoop, says one of the more significant recommendations from the report involved a widespread problem that has emerged when a company or government agency in any field tries to mount an effective cyberdefense.

“In the for-profit sector, say a financial institution, they are less willing and in some cases not willing at all to share data for the common good of everybody,” he says. “They’re not willing to share what has transpired, what the attacks against them were, what their defense was. Because there’s legal aspects, and there’s perception. They have stockholders, they have investors. So if they share that they were attacked and were unsuccessful, that knowledge could drive their stock price [down], could drive away investors.”

As a result, Shoop says, a cyberattacker can hit multiple companies or government agencies today and be assured that very little knowledge is shared between those targets that could help everyone respond more effectively to the attacker. Hacked companies tend to keep to themselves after they’ve been hacked, in other words. And victimized companies keep silent to the detriment of all the other companies in their industry, and to the economy as a whole. [READ MORE]