Cyberterrorists do it. Cybercriminals do it. China, Russia and other nation-states do it. Extremist groups do it. Government agencies, corporations and Facebook users do it.
All are knowing – and in some cases unknowing – contributors to the most massive data gathering exercise in history. Many times referred to by the overused term big data.
The worldwide explosion of user-generated digital information has created a torrent of information about individuals’ and organizations’ past, present, and planned actions and intentions.
The collection and use of such information by private enterprises such as Facebook, Twitter, LinkedIn and other social media corporations has created multi-billion dollar businesses with global reach.
Criminal interests also find this digitized information to be multi-billion dollar businesses. A June 2014 report from cyber security firm McAfee places the annual global cost of cybercrime to be between $400 and $575 billion, exceeding the national income of most countries.
Nor are U.S. military plans and weaponry or corporate intellectual property out of reach. The 2013 IP Commission Report places the annual cost of intellectual property theft from the U.S. annually to exceed $300 billion annually.
Such data illustrate the vulnerability of U.S. commercial, government and military networks. In spite of continued record cybersecurity investments, the U.S. cyber defense gap continues to accelerate.
With risks to national and economic security increasing, other avenues of cyber defense are receiving attention. Improving resilience and the promising application of predictive analysis to the prevention of cyberattacks before they occur are two such areas.
Predicting complex future events such as cyber attacks may seem a fanciful notion of science fiction. Yet several applications of predictive analysis in a variety of areas are in or nearing operation, with others showing potential. We will examine three.
Looking Into the Future
Predictive analysis is made possible by the convergence of big data, powerful analytic models and near-instant global communications. The planning, coordination, testing and communication associated with cyberattack preparation create a promising trove of big data for predictive analysis. Following are three examples of predictive analysis which are illustrative of the possibilities.
Predictive policing, in use since 2010, uses sophisticated computer models to analyze crime, social and environmental data to identify potential crime risks before they occur. Similar methods drawing on big data analysis of cyber criminal and cyber terrorism communications and actions may have similar potential in identifying potential cyberattack risks.
In a second area of research, Christopher Ling, senior vice president at consultancy Booz Allen, describes a method of analysis focused on activities within an organization’s networks. He describes the application of predictive analysis consisting of “…the science of gathering the dots [the data] married with the art of connecting the dots” to provide insight on evolving potential threats.
Ling addresses the subject based on sensing, analyzing and reacting to cyber intrusions in progress, as they all have a preparatory segment. “Attacks don’t occur in an instant,” he says; “exploiting targeted networks involves processes which occur over a period of time.”
Current applications of this methodology? Ling indicated that such predictive analysis is beginning to be used by intelligence agencies but has yet to move to the private sector.
A third project, ACE, is being developed by the Intelligence Advanced Projects Agency, a research arm of the Office of the Director of National Intelligence.
ACE gathers data from a multitude of external sources and uses probability scoring, machine learning analysis to help improve U.S. intelligence forecasts. ACE has no reported results from application in forecasting cyberattacks, but development continues.
Finally, not to be left out from the opportunities offered by predictive analysis, Amazon.com has just received a patent for what it terms anticipatory shipping. Based on analysis of factors such as customer preferences, purchasing history and recent inquiries, this capability is designed to foretell what customers will want so that the goods can be shipped nearby and prepared for same day delivery.
On balance, cyberattack prediction is an emerging capability with promising potential to strengthen America’s national cyber defenses, but needs time to develop. Warning of future cyberattacks flashing on today’s monitoring screens is not science fiction but a capability fully within the realm of possibility.
But there are issues to be prepared for when this capability arrives.
Being Careful What We Ask For
What is the responsibility that accompanies this predictive power and what does one do with such information? Shore up internal defenses in an attempt to limit attack damage? Launch preemptive strikes with the objective of disrupting or preventing the attacks? The options are varied, some carrying risks, others controversial.
No matter how strong the technology, such analysis is by its nature accompanied by human factors. Judgments, presumptions, deductions and opinions are all contributors and present incalculable margins for error. If mistakes are made, there may be consequences to be paid.
Cyber technology continues to change the way the world works and nations’ capabilities to alter the balances of global military, economic and political power. Advance knowledge of cyberattack intentions conveys a position of power to the holder of such information of immense strategic value. How the information is used is worthy of as much advance development as the technology itself.
The notion of living in a world where nation-states, terrorist organizations and others initiate global cyber attacks based on anticipation of incoming strikes, potentially triggering counterstrikes in return, portends a world of Star Wars dimensions where prediction may produce the most unpredictable consequences of all.