“One of the things that’s really unique about the cybersecurity problem is that, in contrast with many things we deal with in AI or in computer science, this is not a stable phenomenon,” says Dr. Howard Shrobe, a Principal Research Scientist in MIT CSAIL, whose research involves software and hardware architectures for computer security and the use of AI techniques in software development. “You’re dealing not with nature as the adversary, which is what we often do in engineering, but with a reasoning, thinking, planning opponent.”
Dr. Shrobe became interested in cybersecurity when he saw that his two main areas of interest, systems and artificial intelligence, started to meet in the area of cybersecurity. In the mid-1990s, while working as a program manager at the Defense Advanced Research Projects Agency (DARPA), he took the lead in forming a new initiative called “information survivability,” which was focused on resilience in terms of the ability to withstand attacks rather than necessarily to prevent them. When he started to see that this was an effective means for combatting the emerging security threats we see today, he got seriously interested in the problem of staying ahead of cybersecurity attacks using systems and AI separately and together as a holistic defense.
To solve security problems from a purely systems standpoint, Dr. Shrobe works to tag and register extra metadata. He says that one of the fundamental problems in security is that “computers as we build them today don’t really know what they’re computing on. It’s just bits — as a friend of mine used to say, ‘raw, seething bits.’ If a computer doesn’t know what those bits are representing, then there’s not very much it can do to try to enforce correct execution.” He explains that, by having this extra metadata that can identify whether something is an integer, a string, or data that belongs to a certain compartment and only certain people should access it, we can “eliminate at the hardware level almost all of the major vectors of attack.”
Dr. Shrobe has also developed planning technology and techniques to tactically outthink malicious actors. “A lot of my approach to cybersecurity is to bring in AI-style reasoning as part of the solution,” he says. “Attackers are very creative and they confidently innovate and respond to the things that we do to defend systems. This is a co-evolving situation.” In other areas, he is using AI planning and reasoning techniques to try and provide second layers of defense and tools for analyzing systems. In this way, he can construct many attack scenarios to figure out how bad actors can get into a system and what the consequences of attacks might be. AI is also useful when trying to build a model of what an attacker is thinking.
He explains, “Computers are hard to deal with because they can’t do that. The goal here is to try to develop that kind of reasoning so that a system can reflect on what the people it’s interacting with are actually trying to do, what they’re thinking, what their plans might be, and how the system can interact with them in a constructive way.”
In much of his work, he takes a fundamental and heuristic approach to defense to remove weaknesses by category at a fundamental level, and randomizing system architecture components at a heuristic level to make cyberattacks harder for the attacker.“
Cryptography is a good example of this,” says Dr. Shrobe. “It’s essentially, if you think about it, a heuristic defense. The keys can be stolen; they can be broken. But the cost of doing that is so high that it’s essentially a fundamental defense. And almost any solution we have involves the use of sophisticated cryptographic techniques as well as other architectural changes.”
Dr. Shrobe expects these cybersecurity problems to continue to evolve, as we have already observed over the last decade. “The landscape has changed completely,” he says. We have seen, for example, disabled major organizations and power grids, and whole cities turned off by cyber means, as well as the widespread use of ransomware against governments and other large organizations. The type of cybercriminal and their underlying motivations also vary, from individuals interested in money to nation states to non-state actors who are motivated by ideology.
Dr. Shrobe acknowledges that while the degree of technology we have developed for defense has increased, attackers are gaining attack capability faster than we are gaining defensive capability. “What this has demonstrated is that attackers are able to gain significant advantage over any large organization, should they choose to,” he says. “It may take a lot of work, but they’re capable. And so, it’s important that large organizations and governments start or continue their efforts to make their systems more defensible and impenetrable.”
He adds, “I would hope that these new techniques we’re working on in the research world now that provide fundamental defenses will gain commercial adoption. We’re beginning to see a little bit of that. I think awareness in general is increasing, and that’s a good thing, also.”