Cybersecurity has become one of the greatest challenges facing the public and private sector. Nearly two-thirds of companies worldwide have experienced at least one form of cyberattack. The number of overall attacks is now up to 2,200 per day, or one every 39 seconds.
Federal agencies are not immune to these attacks. In fact, they’re often high-value targets. Last year, the Government Accountability Office included federal cybersecurity as part of its “High Risk Series,” saying the federal government needs to urgently address major cybersecurity challenges. The GAO report showed that civilian agencies alone reported 28,000 security incidents to the Department of Homeland Security in fiscal 2019.
Recognizing the growing threat, Congress has passed several major legislative initiatives designed to both strengthen defenses and reduce the chances of attacks. Many of those initiatives highlight information sharing as a critical piece of the federal cybersecurity puzzle.
For example, the recently established Cyber Incident Review Office collects information from cyberattacks to identify successful tactics and procedures and shares this information between agencies and the private sector. That kind of cross-sector cooperation is critical for understanding the threat landscape and predicting when and where attackers will hit.
The new initiatives and regulations seek to neutralize the effectiveness of modern cyberattacks, and much of that comes through information sharing. A big part of both the congressional and executive branch push for better cybersecurity includes regulations that govern how and when information should be shared with the private sector as well as state and local governments. President Biden signed legislation in June that sets up two-way information sharing.
The law directs the Department of Homeland Security’s National Cybersecurity and Communications Integration Center (NCCIC) to help state and local agencies share threat indicators and information about cybersecurity risks and incidents with federal agencies and other SLG organizations. NCCIC must notify state and local agencies about specific incidents and malware that may affect them or their residents.
The directive seems simple enough, but this sharing of data only provides insights into known attacks, and this can potentially motivate attackers to become more sophisticated and work around these security measures. This means that new attacks may still go undetected, as they are unknown and wouldn’t be discovered based on data collected on existing incidents.
To identify threats that are unknown, or haven’t been seen before, AI methodologies such as unsupervised learning and natural language processing (NLP) are leveraged. Keeping the data center secure requires insights into an ever increasing amount of data: Server logs, app logs, cloud logs and sensor telemetry are just a few of the data sources that must be addressed. The magnitude of data makes it challenging for security operations teams to monitor, analyze and protect organizations from cyberattacks.
Analyzing all of the data across a network using traditional solutions is cost prohibitive and extremely difficult, which is why cyber breaches are often not discovered until way after the fact. The combination of GPU acceleration and AI software frameworks helps organizations analyze up to 100% of their data, providing much needed visibility into often overlooked and underutilized sources of information.
How an AI-based, GPU-powered platform can help
All of this reinforces the fundamental idea that cybersecurity is a data problem. The best way to solve that problem is by leveraging a GPU-powered platform that utilizes AI to capture and analyze data that agencies don’t even know they have.
Take the concept of uncaptured and unused data. For the typical enterprise, that amount can be up to 80% of their total data volume that has zero visibility in the security operations center. This dark data is accumulated during the course of operations but isn’t used to extract insights. AI-driven technology like NLP is a key enabler in analyzing all the data coming through an organization.
NLP is built to be fast, flexible and responsive. Language has subtleties that are important for understanding intent in a given context, and these principles can be grafted from the speech domain to cybersecurity.
Modern NLP implementations utilize transformers as the underlying architecture. This type of implementation allows us to understand subtle context in language, parse intent more accurately, and take a more flexible, less brittle approach to the entire solution versus rules-based approaches.
The acceleration provided by GPUs makes it practical to analyze 100% of an agency’s data in a timely manner. By opening up the aperture and letting NLP and unsupervised learning algorithms work, agencies can gain insights using customized models.
Unsupervised learning helps to address the lack of available labeled datasets in cybersecurity. The sharing of information across federal agencies and SLG organizations will help in comparing attacks and sharing key data. However, data sensitivities, such as private sector IP and government classified data will prevent complete transparency. With unsupervised learning, you can analyze data without having to label it, and identify patterns across multiple dimensions in order to better understand typical behavior patterns versus anomalies.
Beyond that, AI can be used to address multiple cybersecurity use cases which can identify anomalies more quickly than before, like sensitive information detection, phishing attacks and malware.
The best platforms incorporate real-time telemetry, policy enforcement and GPU-powered processing at the edge to analyze more security data without sacrificing performance. This is done by harnessing every compute node in the network as a cyber-defense sensor, increasing the power agencies can use to combat cyber threats.
Defending federal, state and local cyber borders will take an incredible amount of teamwork and that sharing will also increase the sophistication of future attacks. It will not be easy for agencies to defend from future attacks without unsupervised learning to address new unknown techniques. But with an AI-based, GPU-driven solution, organizations and governments will be able to collaborate while being armed with a proactive approach to defend from future attacks and protect America’s most sensitive data.
Bartley Richardson is director of Cybersecurity Engineering at NVIDIA.