This is the final part in on our coverage of “Artificial Intelligence and Machine Learning Applied to Cybersecurity,” a new paper written by 19 artificial intelligence (AI), machine learning (ML) and cybersecurity experts convened by IEEE. [Part two]. [Part one].
It’s probably obvious, but it bears repeating: once a device or segment of code has been shipped with vulnerabilities, security can’t be fully retrofitted.
So, when the experts at our collaborative session on cybersecurity started discussing hardware, one of their first points was this: “Preserving public trust in security AI/ML requires that, first and foremost, these systems be constructed as securely as possible from the beginning.”
That means adhering to what’s called “security by design,” where cybersecurity strategy and data can help inform the choices we make before products are shipped.
Making matters more challenging, it can’t just be a software fix. “Because IoT and mobile devices usually lack the computational power needed to run advanced security software, security must be embedded within the hardware of the devices themselves. The devices must become the front line of defense, or they will be used to enable attacks.”
One potentially exciting aspect of this potential design work is that “AI/ML can also be used to design better hardware. It is difficult to create hardware that functions predictably and securely because those attributes traditionally depend on the experience, foresight, and knowledge of human designers.”
The extent to which artificial intelligence and machine learning can test various hardware designs is also significant. After all, this type of activity is an ideal use of its skills: “AI/ML is able to explore more possible failure modes and can look for complex failure mechanisms buried in a design that would otherwise be missed.”
Looking at the situation at large, network security stands to be greatly improved, since “hardware faults and design errors are among the most reliable targets for exploits.”
So the benefits of this pursuit are fairly clear. What’s needed is a certification of some type for these devices to influence purchasing decisions, and an affordable means for companies to extensively test them. Without these, the panel concluded, progress could be slow and detrimental to public trust.
If you’re interested in this topic and want to get involved, IEEE will be hosting a series of events at Rebooting Computing Week, taking place in November in Washington, D.C. Events in other regions around the world will follow.
Written by IEEE on May 30, 2018