General security

The future of information security

Daniel Dimov
November 6, 2017 by
Daniel Dimov

In this article, we look at the current trends in the field of information security and present speculations as to what the future of the field would be. It should be noted that unpredicted emergence of disrupting innovations may radically change the existing information security landscape. Nevertheless, we may reasonably expect that the future of cybersecurity will be dominated by four trends, namely, use of Blockchain technologies (Section 2), expanding the role of artificial intelligence (Section 3), harnessing the wisdom of the crowd (Section 4), and strengthening global cybersecurity cooperation (Section 5). At the end of the article, we conclude (Section 6).

Use of blockchain technologies

The contemporary Blockchain technologies are results of decades of research and development. Some of these technologies (e.g., the Bitcoin infrastructure) withstood numerous attacks and clearly demonstrated that, despite their decentralized nature, they can be trusted. Even entire countries have chosen to rely on Blockchain technologies to defend their information infrastructure. For instance, Estonia protects its world-famous e-governance framework and its highly advanced digital society by using scalable Blockchain technology that has been developed as a response to cyber-attacks in 2007.

Besides governmental authorities, many large companies decided to implement Blockchain technologies in their information security solutions. For example, Lockheed Martin (a U.S. company specializing in the fields of aerospace, defense, security and advanced technologies) revealed its plans to adopt Blockchain as part of its cybersecurity strategy. In this regard, Ron Bessire, Vice President Engineering, and Technical Operations at Lockheed Martin stated: "These new cybersecurity approaches will enhance data integrity, speed problem discovery, and mitigation."

Blockchain technologies can be especially useful for securing sensitive records. To illustrate, Estonia's 1 million health records are secured through a Blockchain technology developed by the Estonian company Guardtime. The technology was used to create a Keyless Signature Infrastructure (KSI), an alternative of the traditional Public Key Infrastructure (PKI). In 2017, the U.S. Department of Energy selected Guardtime and other partners to develop Blockchain cybersecurity technology to protect distributed energy resources.

In addition to securing information, Blockchain technologies can be used to eliminate the need for using passwords. This, in turn, will decrease the number of social engineering attacks as many of them aim to lure the victim to send his or her password to fraudsters. Alex Momot, founder of REMME (a company providing password-free Blockchain authentication), stated: "No matter how much money a company spends on security, all these efforts are in vain if customers and employees use passwords that are easy to crack or steal. Blockchain takes responsibility for strong authentication, resolving the single point of attack at the same time. Also, the decentralized network helps us to provide consensus between parties for their identification."

Expanding the role of artificial intelligence

The term "artificial intelligence" (AI) refers to an intelligent behavior by machines. Artificial intelligence allows vendors of cybersecurity solutions to enhance the resilience of computer infrastructure. For example, Darktrace, a UK cybersecurity company, uses machine learning to examine the normal state of a network and provide real-time reporting of any anomalies in the operation of the network. Machine learning can be defined as the ability of a machine to learn without being explicitly programmed. Hexadite is another example of a company which successfully utilizes artificial intelligence. It uses artificial intelligence to examine alerts and address information security vulnerabilities. According to the website of Hexadite, it is "the first security orchestration and automation solution that bridges the gap between detection and remediation to deliver a truly continuous cyber-incident response."

The second decade of the 21st century witnessed the establishment of many cybersecurity companies relying on artificial intelligence. For example, Crowdstrike was founded in 2011, Cylance in 2012, Darktrace in 2013, Illumio in 2013, Hexadite in 2014, and Harvest AI in 2014. Considering the rapid increase in the number of companies providing cybersecurity solutions based on artificial intelligence, we can expect that the use of such solutions will become ubiquitous soon.

It should be noted that artificial intelligence brings not only benefits but also dangers. For example, criminals may create intelligent malware which can automatically scan computer networks for vulnerabilities, create customized tools for cyber-attacks which allow it to penetrate the scanned networks, and find the fastest way to spread to as many computers as possible. One of the people gravely concerned about the harmful potential of artificial intelligence is Bill Gates. In this context, he stated: "First the machines will do a lot of jobs for us and not be super intelligent. That should be positive if we manage it well. A few decades after that though the intelligence is strong enough to be a concern. I agree with Elon Musk and some others on this and don't understand why some people are not concerned."

Harnessing the wisdom of the crowd

In one of his State of the Union speeches, the former U.S. President Barrack Obama highlighted the importance of integrating intelligence to combat cyber threats. However, the collection and processing of vast amount of data may require tremendous human and financial efforts. Crowdsourcing, the practice of outsourcing tasks to the online community rather than to traditional service suppliers, may enable organizations to integrate cybersecurity intelligence cost-effectively. Although a global crowdsourcing platform allowing individuals and organizations to share information about sources of cyber-attacks has not been established yet, such proposals already exist (see, for example, the article "Cyber Attack Protection via Crowdsourcing" published by InfoSec Institute on 23 October 2014).

Crowdsourcing can be used not only for reporting information security incidents, but also for cybersecurity testing. Many online platforms provide their users with the opportunity to test software by using the collective wisdom of the crowd. For example, the platform www.crowdsourcedtesting.com allows its users to utilize the collective wisdom of more than 60980 members of the crowd. Bugfinders, another crowd testing website, provides organizations willing to test the information security of their applications with access to a "global crowdsourced community of over 55,000 professional functional testing experts across 145 countries". The number of crowd testing websites will likely continue to increase since such websites allow their customers to receive a large number of different security views at an affordable cost.

It is worth mentioning that a company called Synack provides penetration testing services by combining crowdsourced testing and automatic machine testing. More specifically, Synack's software continually scans network infrastructure for potential security vulnerabilities and, in case such vulnerabilities are found, informs a group of security experts located all around the world about the findings. Afterwards, the group examines the vulnerabilities and, if necessary, submits information about them to Synack Mission Ops team which prioritizes and manages the vulnerabilities. The remuneration of the crowdsourced security experts ranges, depending on the severity impact of the identified vulnerabilities, between a few hundred dollars and several thousand dollars. The combination of crowdsourcing and machine scanning utilizes the benefits of human and computer intelligence while mitigating the disadvantages of each of them. Therefore, it will not be surprising if this combination becomes a trend in the field of information security.

Strengthening global cybersecurity cooperation

More and more countries and organizations discuss the possibility for exchange of information security intelligence. Some of the discussions, such as the U.S. – Russia cybersecurity unit mentioned by the current U.S. president Donald Trump, are destined to go nowhere. However, other discussions may lead to the adoption of regulatory measures. For example, the increasing number of initiatives in EU countries for an international legal framework to share information on cybersecurity incidents may lead to the establishment of such a network. At present, co- and self-regulation approaches are used for the cross-border exchange of security intelligence.

The SWIFT Information Sharing and Analysis Centre is an example of a successful global cybersecurity project. It was launched in 2017 with the aim to facilitate the SWIFT's community access to cyber-security intelligence and enhance its cyber-attack defense mechanisms. The Centre operates a portal (also known as "SWIFT ISAC portal") which includes information which is relevant to SWIFT customers, such as malware details, file hashes, and details on the Modus Operandi used by the cyber-criminals. The benefits of the portal did not remain unnoticed. For example, Cheri McGuire, Chief Information Security Officer of Standard Chartered Bank, stated: "Having relevant and timely intelligence is a critical factor in effectively defending against cyber threats. Standard Chartered Bank welcomes the introduction of the SWIFT ISAC portal as a useful complement to information sharing efforts across the industry."

National regulations (e.g., data protection laws) prohibiting or restricting disclosure of cyber-security intelligence constitute one of the main obstacles regarding the establishment of an intergovernmental global cybersecurity center enabling governments to share such intelligence. This obstacle can be eliminated only at the legislative level. The Financial Services Information Sharing and Analysis Center (FS-ISAC), a non-profit organization, has made some progress in this regard. The organization works on identifying and addressing the European regulatory restrictions which hamper the international information exchange in the financial sector. Although it started as a U.S. initiative, it has become an international organization having activities in Europe, Africa, and the Middle East.

Conclusion

This article predicts that the future of information security will be built around four pillars, namely, Blockchain technologies, artificial intelligence, crowdsourcing, and global cybersecurity cooperation. Many organizations will utilize two or more of those pillars. To illustrate, an enterprise may combine artificial intelligence to detect security vulnerabilities and crowd testing to confirm the detected vulnerabilities. Furthermore, the same company can store the findings by using Blockchain records and share them with other companies based on global cybersecurity cooperation agreements.

Sources

Daniel Dimov
Daniel Dimov

Dr. Daniel Dimov is the founder of Dimov Internet Law Consulting (www.dimov.pro), a legal consultancy based in Belgium. Daniel is a fellow of the Internet Corporation for Assigned Names and Numbers (ICANN) and the Internet Society (ISOC). He did traineeships with the European Commission (Brussels), European Digital Rights (Brussels), and the Institute for EU and International law “T.M.C. Asser Institute” (The Hague). Daniel received a Ph.D. in law from the Center for Law in the Information Society at Leiden University, the Netherlands. He has a Master's Degree in European law (The Netherlands), a Master's Degree in Bulgarian Law (Bulgaria), and a certificate in Public International Law from The Hague Academy of International law.