Unified Security Strategy using an AI-based TIPS (Total Information Protection System)

Back in 1904, the rise of AI and IoT was predicted by Nikola Tesla, “when wireless is fully applied, the Earth will be converted into a huge connected brain...” perhaps of both living and non-living things.

IoT devices are inundating the world and are becoming cognitively better day by day with more robust AI engines. But, as these 30 Billion devices become more pervasive in our lives, cybersecurity will be the main challenge that IT Operations will have to grapple with.

Last year, I had the privilege of giving a webinar on “How to Protect 30 Billion IoT Devices by 2020” then last week, I was allowed to give a sequel to that webinar entitled, “The Rising Impact of AI and IoT in the World of Cybersecurity”; the EC-Council hosted both webinars. In this article, I’m going to outline some of the key take-away’s from both webinars.

Without a doubt, IoT is one of the fastest-growing technologies in this digital economy. The global market value of IoT is estimated to be greater than seven trillion dollars this year. Since 2017, there has been an exponential growth of IoT devices of about 8.5 billion yearly growth. This year (2020), there are more than 30 billion connected IoT devices in cyberspace.

With growth, risk comes along -- as “Nothing vast enters the life of mortals without a curse,” according to Sophocles. So, we need to ask these 3 compelling questions:

1. What are the risks and threats associated with the proliferation of IoT and AI?

2. What do we need to do to protect the IoT and AI space, and why?

3. How are we going to protect our world with 30 billion IoT devices connected into cyberspace?

The Risks and Threats of IoT are Real & Imminent

At Homes

From 2010-12, TRENDnet sold SecurView cameras for various uses, ranging from home security to baby monitoring. However, they had faulty software that let anyone who obtained the camera’s IP address view and listened to your intimacies, if you are one of those who installed this device at that time.

Source: TechNews World

In Our Offices

In Oct. 2016, a malware called Mirai searched vulnerable IoT devices and then used known default usernames and passwords to log in to your systems and propagate the infection. CNN, Twitter, and Netflix were some of the big names infected by this malware.

Source: PC Magazine

In Our Vehicles

In July 2015, a team of researchers was able to take total control of a Jeep SUV using the vehicle’s CAN bus. By exploiting a firmware update vulnerability, they hijacked the vehicle over the Sprint cellular network. They discovered they could make it speed up, slow down, and even veer off the road.

Source: IBM Security

In Wearable Devices

In Sept. 2017, University of Edinburgh researchers and researchers from Germany and Italy proved that personal information could be stolen from popular Fitbit devices.

Source: CNBC

In Medical Devices

In Jan. 2017, the FDA confirmed that St. Jude Medical’s (now Abbot) pacemakers and defibrillators have vulnerabilities that could allow a hacker to access the device.

Source: CNN

In the Manufacturing Plants

In 2016, the European steel conglomerate ThyssenKrupp confirmed that it had been victimized by a cyberattack that the company believes was carried out in connection with industrial espionage.

Source: Reuters

In Smart Cities

In Aug. 2018, smart-city products from three companies (Libelium, Echelon, and Battelle) were discovered to have easily exploitable vulnerabilities that could allow hackers to commandeer sensors and access data for malign purposes.

Source: Wired

The 7 Trillion Dollar Question is: how can we protect these 30 billion IoT devices?

Let’s start with the basics; follow these rules:

The 10 Commandments of IoT Security

1. Institute practical but effective cybersecurity policies

2. Implement clear operating rules and guidelines

3. Establish a layered but interconnected security approach

4. Always remember that prevention is better than remediation – set up strong passwords, encrypt when possible, disable UPnP and unused ports (physical & logical)

5. Thou shall not connect to a promiscuous network nor your neighbors' WiFi.

6. Conduct real-time vulnerability assessments & audits

7. Enforce compliance control by combining processes and tools

8. Implement IoT device management system

9. Implement IoT device end-point security

10. Follow regulations and industry standards specific to your requirements.

Then last week, on my Cybertalk, I discussed the 11th rule: “The antidote against AI-based attacks -- is an adaptive AI-based SIEM; capable of governing and orchestrating both your physical and cybersecurity domains…”

As more and more IoT devices are pushed to the connected world, Artificial Intelligence and Machine Learning would play an important role at all fronts of Cybersecurity. With more sophisticated vulnerability exploits coming out each day using advanced AI and ML algorithms, modern threat management systems must employ the same technological antidotes to defend their frontiers. Failure to do so would render an organization is feasting ground of more sophisticated organized cybercriminals, and sad to say that more often than not, the global criminal justice system is not really ready to prosecute any perpetrators sitting in a basement across the other side of the world.

Since viruses nowadays use enhanced polymorphic and metamorphic capabilities, or the ability to mutate every 10 seconds, they can easily inject themselves deep within your network without being detected. Traditional protection tools will not be able to cope-up with these AI-based viruses. Like a time-bomb, hackers, cyber terrorists, and ill-intentioned nations will take advantage of these AI technologies -- just waiting for the right time and the right target.

I’m also predicting that in the future, war will be fought in cyberspace. Rather than bombing cities and killing people, individuals, groups, organizations, and great nations will use AI and robots to wage war for whatever vile intentions and interests they may have.

Now how can we defend ourselves and our organizations against these modern-day threats?

First, we need to address a fundamental error — the physical and cybersecurity division mindset. Most traditional organizations still have the realm of physical and cybersecurity divided. As Scott Borg, the Director and Chief Economist of the U.S. Cyber Consequences Unit, had said, “As long as organizations treat their physical and cyber domains as separate, there is very little hope of securing either one.” In the future, I bet that organizations will finally realize the value of a synergized physical and cybersecurity model. Failure to do so will have a humongous critical negative outcome.

To this end, I propose an AI-based Total Security Protection Model, considering both the Physical and Cyber domains.

1. Information & Physical Threat AI Analytics - traditional vulnerability assessments will no longer cut it simply because of the time you need to run the whole process. Nowadays, an extensive-online-all-the-time audit process must be used. It must include extensive coverage for non-traditional systems, specifically those that interact with your OT (Operational Technology) systems at the manufacturing floor and the other physical security system in your organization, such as your CCTV’s.

2. Information & Physical Security Monitoring AI - monitoring both your physical and cyber world will increase your chance of protecting both. No amount of cybersecurity software can protect you against espionage and sabotage if somebody has physical access to your Crown Jewels. There is simply no way you can guarantee that they cannot be stolen — and that is a basic rule.

3. Automated Incident Response - if a security breach occurs, your Security Operation Centers must be able to act and react fast against these AI-based attacks — like those viruses that could change or mutate in seconds. Traditional Security Incident Management tools will not cut it. It will be like putting off a fire with a water pistol.

4. Automated Control & Mitigation - your systems must be equipped with a self-protection mechanism; the ability to lock itself down, or perhaps quarantine itself, or perform sand-box explosion of payloads for you to identify unusual threat patterns. All of these must happen in a matter of seconds — as this is a race for speed, processing, and intelligence.

5. Prescriptive Security Analytics - your risk assessment and threat analytics must be in real-time; therefore, prescribing controls must also be done in real-time.

6. AI-based Remediations - if prescribed controls are in real-time, then it is naturally fitting that remediations must be automated considering threats to both your physical and cyber domains. However, you can only do this with a combination of robots and AI, as coping-up with this task is not humanly possible.

7. Adaptive SIEM (Security Information & Event Management) powered by AI - everything must be governed by an AI-Powered SIEM or a (Security Information & Event Management) system acting as a central orchestrator running at an unprecedented speed. Again, this is a race for speed, processing, and intelligence; as polymorphic and metamorphic viruses are already mutating every 10 seconds, they will get faster in the future — so we need to catch-up!

In the past, you would typically have a report of your vulnerabilities. You would slap some hands, patch your vulnerabilities, then go on with your life. As exploits using AI and ML would mimic very normal activity patterns, which may not be easily discernible by an untrained human or traditional threat protection system, advanced tools must be used to perform discovery audits to discern these new AI viral patterns autonomously. Adaptive SIEM powered by AI will be your best chance.