We just celebrated President’s Day. Folklore has it that during the American Revolution, George Washington was approached by an enquiring member of the press who asked: “George! George! What keeps you up at night?”
It wasn’t the Continental Congress, who even then seemed challenged when it came to accomplishing anything. It wasn’t his troops, starving and freezing to death at Valley Forge. His reply: “Their Spies!” Since that time – more than 240 years – we’ve amassed insights as to the early indicators of trusted insiders inclining toward the dark side. Notwithstanding those gains, the best we’ve generally been able to do is catch the spies after they’ve already hurt us. Why is that?
It was while chasing one of those spies, Harold “Jim” Nicholson, that an answer came to me: It was a “Big Data” problem! Those data points, those early indicators, were distributed across too many diverse silos for us to wrap our cognitively-limited minds around. That fact didn’t stop the U.S. government, in the wake of Snowden, from requiring all corporations wishing to do business with them to have functioning, by the end of 2016, what they described as a “viable” insider threat program. No one seemed quite sure what they meant by “viable,” but I assumed it had to involve the demonstrated use of analytical tools or it wouldn’t be accepted.
I was serving as the CSO of Dell. We leveraged the strength of some new “Big Data” analytical tools, Statistica and Kitenga, that allowed us to examine all forms of data, both structured, e.g. Excel files, and un-structured, e.g. internet traffic. By the close of the deadline, we’d tested and implemented our “Insider” program. In fact, to bolster the confidence we had in our program, we “tweaked” the profile of the Director, running the pilot such that if the algorithm worked it would kick his name out as that individual about whom we should be most concerned. It did just that!
With that success came my first glimpse of what the future might hold for us; my first inkling that, as stymied as our profession had been in the world of reactive detection, a foray into the realm of proactive prevention was in the offing. Our security organization transformed overnight from what had been considered “a distasteful cost of doing business into an indispensable and inextricable aspect of advancing it.”
That emerging possibility was soon thereafter chronicled in a Congressional Report of the OPM breach, which concluded that an AI-supported, math model played a pivotal role in discovering, stopping and remediating malware that caused the data breach.
Thomas Kuhn, in his book “The Structure of Scientific Revolutions,” described the need for a periodic refresh of society – he recognized that over time we need a profound change in our way of thinking. As I look at the paradigm shift that’s now available in the form of this transformative technology, it occurs to me that what we’re up against in effecting that transition is a formidable and entrenched way of thinking. It’s comparable to what Copernicus himself faced almost six centuries ago, as he battled his Ptolemaic predecessors, disproving their belief that the earth was the center of the universe.
Artificial Intelligence and Machine Learning constitute the dawning of a new era. I personally believe we’re witnessing a scientific revolution, the excitement of which hasn’t been felt in decades. It’s a changed age. In the months ahead, I look forward to exploring with you this new way of securing our world, as I advance a series of articles that will examine AI and Machine Learning: what it is, how it works and what it portends for the future of security.