Article in CIO Applications Europe

Cyber security products are more advanced and powerful than ever before, and the rate at which innovation and invention beget new products or services for mass consumption is simply incredible to behold. However, in parallel, the world of cyber threats and the reputation damaging consequences dominate headlines worldwide. Only this week we are told that North Korea is employing thousands of hackers to commit cyber crime on a massive scale. The distinction between state-based cyber attacks and malicious criminal activity is now completely blurred; businesses worldwide are looking to the cyber “good guys” to meet this challenge.

In the world of cyber security, the power of cloud computing looms large as a force for good, but it is not quite that simple. Malicious actors need cloud computing to build and test their software—often running full load, stress, and propagation testing before they “launch” a new virus or targeted attacks. Cloud computing has made breaking simple encryption trivial, and more complex ciphers slightly less so. Malicious software is built collaboratively in the cloud, tested, stored, sold, and distributed from there and in short without it—the modern cybercriminal would be scuppered.

This escalation in the cyber arms race was started, however, by the good guys. Usually, the security software developers and “white hat” researchers are playing catch up—it has been that way for nigh on 30 years—but with the advent of the cloud and the realisation that its power, coupled with artificial intelligence and machine learning, could be truly transformational to our ability to detect and prevent malware; the good guys got half a step ahead, at least for a while.

“Black hats” and malware authors soon caught up and it’s common once more for both sides of the legal divide to use the same tools and have the same resources at their disposal, but at least the cloud has levelled the playing field somewhat. Take the example of a big, well organised DDoS attack. In 2016, we saw a volumetric DDoS attack exceed 300Mbps for the first time. Now, sites like GitHub and OVH have been taken down with attacks of over 1Tbps. Just stop and think about that for a moment—that is an almost incomprehensible amount of data being martialled by software and a few shadowy people with the sole aim of rendering a service unavailable. DDoS used to be much harder to react to and defend against than it is now. The very nature of the attacks means that there is no single source and the scale of an attack can vary wildly—especially if it gains publicity and tens of thousands of HOIC and LOIC using bedroom warriors join in, which often happens during an attack with the volume spiking up as the “fun” is spread around.

We are, therefore, talking about virtually limitless attackers with virtually limitless resources: a nightmare to defend against. However, the cloud gives all of us access to virtually limitless resources and suddenly we are back on a level playing field. The larger a DDoS attack and the more machines you recruit to your cause, the more virtual hosts we will throw into the line of fire and under the wheels of the cannon. Neither side can really win and so these attacks tend to peter out after several hours of frenzied activity and soon, it is as if it never happened—a virtual battle taking place in silicon hour after hour, day after day.

You can’t launch a piece of technology or an application these days without it using either artificial intelligence (AI), machine learning (ML), or preferably both. It is actually illegal to do so, or it feels like it may as well be. That does not mean they are not real things though, and one of the principal beneficiaries of cloud powered AI and ML is cyber-security.

A friend of mine routinely dismisses ML, partly I know to annoy me, as simply, “if this, then that,” statements run fast, but the key word is fast. If you can run virtually limitless numbers of “what if?” and “if this, then that” statements at a speed supported by those virtually limitless cloud computing nodes then it doesn’t matter if it is as simple as that, you are going to get results. A quote about monkeys and typewriters springs to mind and with the cloud, we have the monkeys— practically infinite amounts of them.

The cloud, and easy access to it for everyone, means that every single device connected to the internet can take advantage of this unfathomable mathematical power, which is AI and ML. It does not matter how low-powered or “dumb” a device is, if it can connect to the internet and ask a question, it has access to the biggest computing resource on the planet running the most advanced “thinking” models ever produced. This is how, for example, your humble work laptop can have access to the experience of many billions of virus identifications, and how it can decide whether to allow a program to run even if it has never seen it before—even if no computer on the planet has ever seen it before. Your laptop does not need to know how to do any of that stuff, just how to ask a question and wait for a yes or a no.

In the background, every decision taken on behalf of every machine connected to the cloud is stored and analysed, indexed and referenced, and added to a simply vast pool of knowledge, together with the outcome of the decision that was made: was it right or wrong? Now that we have this capability, we have a new approach. Instead of constantly fighting to identify bad things, which are limitless, why not identify good things, or at least normal things, which are less so and then make the logical conclusion that anything that is not normal (or good) in a cyber space must be, by definition, bad. We simply couldn’t run these kinds of models on these volumes of data without the power of cloud computing.

It is not just technical decisions either. Much of cyber security is about people and process, and once again, the cloud is helping us to define, test, and enforce policy across organisations, countries, and the planet. Perhaps most importantly, it is helping us to learn from our mistakes and to pool our knowledge.

The bad guys are, of course, inevitably, using ML and AI models to attack defences built in the same way, but as I mentioned, there has been a subtle change—the good guys got there first and the bad guys are playing catch up, all because of the power of cloud computing and for the first time ever, so perhaps there is a light at the end of the tunnel after all.