Trust Architecture
Multi-layered cyber-defense
(building on previous policy and technology research originally published for SAS Institute and IBM)
Exploding Cyberthreat
All emerging technologies, while presenting transformative innovation and opportunity, are accompanied by new security threats and an increased attack surface. From a proliferation of cloud connectivity, to AI and XR, from sensor, nano and biotechnology, to new interfaces, spectral transmission and quantum computing, an expanding, decentralized attack surface comes with expansive cybercrime syndication and increased requirements for collaborative defense across public and private domains.
The full scope of cybercrime is a multi-trillion-dollar concern, affecting enterprises, society and states, and yet, historically, defense has lacked effective coordination. Cybersecurity for example, has been largely regarded as a discipline distinct from money laundering or violent crime, diamond smuggling as distinct from terrorism, market abuse as distinct from espionage. As virtually everything becomes connected to cloud environments, physical, biological and digital assets alike, bad actors will continuously update their techniques and offer low barriers to entry to extend syndicated participants. They will deploy their own enterprise-level intelligent systems, optimized attack life-cycles and international networks. Private and public domains should therefore increase efforts to go beyond basic coalitions and build hi-tech ecosystems that will dismantle illicit infrastructure.
While masterminds of cybercrime certainly exist, many threats are simply unsecured networks and devices, and exposed sensitive data. Notwithstanding, hyper-networked enterprise and techno-social processes increasingly operate in extended perimeters, with invisibility and high-frequency. While decentralized economics, innovation and data sharing brings positive disruption and opportunity to the private sectors, it also places any participant in scope for cybercrime attack and defense.
Regulators are increasing their guidance in cybercrime capabilities, now with the same level of oversight and focus applied to economic risk and to operational and physical-security risks. However, economic flows are really a function of information flows, such as acquiring, exchanging, processing, storing and deciding upon information, and information technology enablement is advancing faster than effective regulatory innovation. Large volumes, complexities and fragmentation of multi-jurisdictional and interlinked regulation can hinder the abilities to effectively to share high-quality information where its needed and create as many governance issues as they aim to solve.
The investment and cost drivers associated with cybercrime compliance and control are distributed deep and wide throughout enterprise and societal processes. Process inefficiencies are prevalent in interpreting and enforcing rules, scenario planning, reporting and investigative functions. IT inefficiencies in duplicative effort, operational rework and legacy infrastructure, all contribute to an expansive compliance “bulk.” Effective compliance operations are dependent on complex information supply chains involving large-scale data processing, evolving standards, and surveillance, increasingly powered by advanced, immersive analytics and artificial intelligence. Trends suggest the multi-billion dollar market for AI cybercrime technologies will see a tenfold increase throughout 2022-2030.
Designing for cyber defense targets the expanse of effort required to protect institutions, markets, enterprise and individuals. The 4Ps of People, Product, Process and Permissions represent key dimensions, shifting from perimeter and network firewalls and controls, to whole system monitoring of decentralized environments, across partner systems and myriad home and mobile devices.
Mitigating risk is fundamental to realizing innovation. Public and private sectors alike, increasingly rely on each other to gain cybercrime intelligence and capability, protecting individuals, enterprises and international security. Well-constructed, interactive human, data and technology architectures actually enable, rather hinder agility, enabling more accessible and expansive economic and techno-social systems.
As public and private domains work toward zero-trust architectures, top of mind in cybercrime alliance, are concepts of Decentralized Collaboration, Cyber AI and Secure-by-Design.
Global architecture for cyber cooperation, comprising Global Partnership, Permanent Nodes and Threat Focus Cells (source: World Economic Forum)
Decentralized Collaboration
Specialized cloud platforms cannot only reduce costs and shift operations toward a variable cost structure, they can also increase capacity, improve controls, and help to better predict drivers over time, moving toward higher value intelligence operations, supporting growth and keeping pace with regulatory change. The global complexities of information sharing can be more effectively managed through coordinated approaches to critical data assets, data quality, lineage and security.
A cloud platform-based approach to cybercrime enables the pooling and enhancement of functions, data and technologies, lowering the costs of ownership and continuous management across infrastructure, software, and hosting. High-performance processing and mining engines can perform analytics at a fraction of the cost of relational database processing. Real-time workflows and dynamic monitoring capabilities can be supported through improved interfaces and visualization. Coordinated platform implementations support improved information security and collaboration, and lay the foundation for driving further economies of scale through innovations in blockchain and decentralized collaborations.
However, decentralized cloud environments demand increasing sophistication in data protection, ciphers and analytics. These can include more granular access rights, implemented via policy-as-code; enhanced analytics for early warnings across the dimensions of the 4Ps; 3D secure for orchestrating dynamic authentication; tokenization methods to facilitate privacy by design; elastic log monitoring for expansive data sets; and continuous encryption innovation powered by high-performance computing, multivariate cryptography and post-quantum ciphers.
In transition design, a holistic view of security consolidation across multiple cybercrime disciplines and supporting mesh architectures helps to establish aligned governance through permanent nodes, while dedicated task cells can continuously update and enhance practices, protocols and technologies.
Ultimately, everything in cyber-defense depends on awareness of assets, attack vectors and the overall attack surface. New zero-trust architecture capabilities are being deployed, as the defence focus shifts to as-a-service cloud capabilities and expansive data. The technological response and overall architecture must be as distributed and decentralized as the digital economies and techno-social processes themselves.
Cyber AI
As has been seen in the intense, automated-decision worlds of high-frequency trading, machine learning algorithms can examine the vast amount of contextual data moving across networks in real-time, far more effectively than humans ever could. Cyber AI, however, is far from a tool, but an orchestration of all its capabilities; ML, NLP, reinforcement, autonomics and robotics all composed to achieve scale, focus and cyber resilience.
In recent times, the most direct benefits from the group of technologies comprising Cyber AI, have been in granular signal threat detection, asset transparency, alerting, analysis and investigation processes. In cybercrime operations, manual activities associated with communications, multi-channel research, data capture, identity management, case management, records updating, system health checks, ranking, routing and reporting, have increasingly been automated to free up capacity, while improving speed and accuracy. Automation and Cyber AI combined, enable the determination and packaging of insights for intelligence teams supporting the end-to-end lifecycle of scenario planning, detection, containment and response.
While machine teaching has been a persistent bottleneck, this is steadily diminishing, particularly with low/no-code inputs from more open networks. More efficient transitions from supervised to unsupervised machine learning overcome the challenges associated with availability of historical data for teaching algorithms. Cyber AI techniques can then be deployed to more accurately tune and model risk, reducing the overload of false alerts generated from outdated processes, and drawing attention to risks previously unidentifiable by other means.
To counter more sophisticated cybercrime, Cyber AI defensive capabilities can span security operations and interactive monitoring, as well as automated countermeasures and administration. Cyber AI can use machine learning to continuously adapt, defend and mitigate changing attack patterns, from signal jamming to DDoS ransomware, to fraud and economic crime, to autonomous controls in an expanding API architecture.
Ultimately, the combination of granular risk analytics and Cyber AI, create a powerful force multiplier, providing a real-time understanding of the expanding attack surface, ensuring that new vulnerabilities do not manifest, and driving real-time predictive and preventative capabilities.
Secure-by-Design
Embedding cyber-defense within the software lifecycle, requires well designed development practices, cloud governance and deep understanding of service architecture.
In development practices, enabling an agile flow of security specialists to specific service and cloud native development teams ensures on-demand expertise. More specialized developers can incorporate dynamic modeling, testing and scanning in-flow, while codified security and policy is implemented into the design workflow.
In establishing multi-cloud governance, webscalers handle many security concerns directly. Combined with codified infrastructure, well governed auto-scaling, mesh architecture, rapid provisioning and whole system monitoring, exposure can be limited to an absolute minimum.
Nested inventories of components are best made transparent, through end-to-end visibility of service-chains and interacting layers, combining all aspects of IT architecture, IT service, API and microservices data in an overarching view of service architecture.
Clearly, the picture for Secure-by-Design is a real shift from centralized tick-box compliance, to interacting technology and culture for decentralized resilience.
Author: Ivan Sean, c. 2018-2021 | USA
© 10 Sensor Foresight
Period: 2016-2021 | Language: English
Core Concepts: Trust Architecture
AI-Usage: Non-generative digital platforms, output validation
Conflict of Interest: None
References: 'Resilience Reset', Architects of Positive Futures Key Note Talk, Asia-Pacific, 2019 | 'Designing for Resilience', expansion of research originally published by IBM Institute, 2018 |