Monday, September 6, 2010

Expert Systems and Cyber Warfare


David R. Lease, Ph.D.

Recently, I participated in a workshop in Brussels to evaluate current cyber warfare tactics and countermeasures; I thought you’d enjoy a short (non-classified) summary of one of the more innovative cyber warfare approaches that was demonstrated.

We often think of cyber warfare as malicious hacking, network attacks, or information theft. We often forget that it is actually a major component of modem warfare. As a case in point, the United States and its allies have spent considerable resources to develop innovative cyber warfare tools and attack methodologies, but these tools and methodologies are rarely integrated or combined with parallel capabilities that could provide warfighters and decision makers with the ability to react to real-world threats in milliseconds rather than hours or days. Consequently, our adversaries are able to use non-traditional means of cyber attacks with a low risk of retaliation or defensive measures being applied.

One of the more promising cyber warfare approaches we evaluated is an expert system that identifies threats in real-time and quickly tracks them to their point of origin through what has been termed “effective obfuscation.” This approach produces real-time attack information and supports both proactive and reactive responses. By providing a capability for warfighters to react quickly, within the scope of their mission and CONOPs, cyber warriors and decision makers can control and dominate the cyber battle space. This expert system also provides commanders and decision makers with the tools necessary to plan and execute the appropriate responses to cyber attacks as well as initiating preventive actions and first-strike responses when warranted.

Expert systems provide autonomous decision-making (based on human reasoning techniques) and real-time problem solving and suggestions to operational users in response to rapidly evolving situations. They are also the basis for training aids such as scenario gaming and actual operational platforms. This capability allows cyber warriors to train on the same system they will use in real-world operations; much like the way pilots train in their weapon system prior to an actual combat operation.

Expert systems are not new. They have been successfully deployed in the commercial space to manage logistics, warehouses, computer-assisted medical procedures, and to provide rapid, unassisted responses to stock market fluctuations. Developed in declarative programming languages, an expert system can be described as a low-level artificial intelligence that allows developers to describe the problem, permitting the computer to determine how the computation is carried out, allowing for back propagation and re-computing when new rules/variables are introduced. Declarative programs re-assess and re-compute problems for the best possible solution.

By adding an expert system to our cyber arsenal to identify threats in real-time and quickly track them to their point of origin, the United States and its allies can improve our proactive and reactive response to cyber warfare.

Last week’s Quiz Question

Question: The first guiding value of Norwich University is that “We are men and women of honor and integrity. We shall not tolerate those who ________________.

Answer: “Lie, cheat, or steal”

Winner: Bill Lampe

This week’s Quiz Question

What is the statue of on the top of the Vermont state capitol dome?

Current competition standings:

Andrey N. Chernyaev: 5 wins
Matt Bambrick: 3 wins
Dianne Tarpy: 2 wins
Bill Lampe: 2 wins
Sam Moore
Autumn Crossett
Gil Varney, Jr.
Glen Calvo
Thomas Reardon
Sherryl Fraser
Srinivas Chandrasekar
Marc Ariano
Linda Rosa
Joanna D'Aquanni
Srinivas Bedre
Christian Sandy
Joseph Puchalski
Scott Madden
Ken Desforges

1 comment:

  1. Is the new cyber response system smart enough “to know what it doesn’t know” and ask for human intervention in those cases? What "experts" are the rules based upon, I hear there are maybe only 1000 people (and maybe a lot less) in the whole country that are really qualified to respond to a significant cyber attack.

    ReplyDelete