In a series of posts entitled Autonomous Everything, we are exploring automation in all its technological forms, including legacy working assumptions about the term itself. Autonomous Everything includes a broad autonomous future in areas such as Security Automation, Automation and the Workforce, Automation – or Augmentation – of the workforce, and Automation of AI/Machine Learning Training Models and Industry Standardization.
Recently, we checked in with Junaid Islam, a well-known cybersecurity expert, to discuss security automation tools and the increased cyber risks enterprises face. We now expand on Part 1 and Part 2 to look at emerging AI-based Zero Trust cybersecurity for Smart Energy, Transportation, and Manufacturing systems.
Junaid is a Senior Partner at OODA. He has over 30 years of experience in secure communications and has led the development of many network protocols including Multi-Level Precedence and Preemption (MLPP), MPLS priority queuing, Mobile IPv6 for Network Centric Warfare, and Software Defined Perimeter for Zero Trust. He founded Bivio Networks and Vidder, the first Zero Trust access control solution which he sold to Verizon. Currently, he advises NASA on networking projects and recently developed the first interference-aware routing algorithm. Junaid is also on the Board of XQ Message, a Zero Trust Data Protection start-up.
“These new smart systems use a fully decentralized machine learning architecture that is continuously changing and needs reliable communications.”
Daniel Pereira: Tell us more about your current work with NASA.
Junaid Islam: I am a scientific advisor for new routing protocols on Artemis. The team is working on extending routing table updates to include the RF environment and policies. We are bringing together a lot of new technologies from wideband spectrum analysis, machine learning-based path selection, and natural language processing of alarms. The goal is to enable robots on the Moon and Mars to communicate for scientific and one-day human habitation.
Pereira: How does this work?
Islam: We are using a new technology called cross-layer signal processing to identify where the interference or noise is coming from. The breakthrough is not just measuring the noise but identifying its source. We then share that information among all the Moon, Mars, and space routers to optimize the flow of packets.
Pereira: This sounds exciting but is it applicable to earth?
Islam: Everything we’re doing at NASA is applicable to smart transportation and manufacturing systems where you have autonomous vehicles connecting to 5G, WiFi6, and Satellite networks. These new smart systems use a fully decentralized machine learning architecture that is continuously changing and needs reliable communications.
“– the potential attack vectors are now exponentially large.”
Pereira: You mentioned natural language processing. How does that help a network?
Islam: We use AI natural language processing to handle events that cannot be handled via a router. For example, say a solar flare is generating RF energy or a meteor hits a satellite; there may not be enough time for a human operator to react or even be able to connect thus AI inference is critical. We have a working simulation of how a robot could talk with a router to identify and solve problems. Currently, the ontology or vocabulary is pretty limited to phrases like “antenna not working, what should I do?” but it does provide a glimpse of the future.
Pereira: So, your team repurposed natural language systems that were originally designed to enable humans to talk to machines to let machines talk to machines? Seems exciting and scary.
Islam: We are entering into a new “Smart World” by enabling decentralized compute systems to share their internal state with each other and optimize the entire system. Our understanding of what is possible is limited. In the future you might want to think twice before leaving the fridge door open or overloading the washing machine; they might have something to say to your water heater when you’re in the shower.
Pereira: I did an AI project years ago where I was able to analyze all the M&A activity in the technology sector in the 2014 to 2016 timeframe, which was a time when Silicon Valley companies – and IBM – were devouring AI companies by the handful. There were some AI and ML-driven IT market subsectors that emerged from the research, and I wanted to get your take on where you think automated machine learning will first get traction or is already getting traction: IT Operations Management? Industrial Control Systems? And/or Data Analytics (specifically predictive analytics, IT operations analytics [ITOA], and/or advanced threat analytics)?
Islam: Advanced threat analytics is an area that will be the first to see the benefits of machine learning-based automation because the threat surface is so wide. Think of people working from home, multiple devices, suppliers working from home applications in the cloud, and applications in many clouds – the potential attack vectors are now exponentially large. It is difficult to use a traditional human-configured security monitoring tool to get all this right. This really opens the door to machine learning-based automation because ML programs can ingest everything.
“…machine learning programs…can analyze data lakes to identify new revenue opportunities.”
Pereira: Earlier you warned against machine learning-based automation for Enterprise security; you now seem to be promoting it.
Islam: Machine learning is not a replacement for understanding Enterprise or “Smart City” architecture. Cyber basics like having a role-based identity system and policy-based data access are key. Similarly, if you consider all the components in a smart energy or transportation system, an AI management system won’t know what to do unless the data is well structured, and the cognitive models are well defined. Without a well-defined data model, ML systems will not be able to converge. You must invest the time to understand the process flows for your Enterprise to correctly determine which systems will benefit from machine learning.
Pereira: We previously discussed Zero Trust as a security framework. Is that necessary if we have a smart system?
Islam: The higher the complexity of an Enterprise or smart infrastructure system, the more valuable a Zero Trust Architecture becomes to help you prioritize activities and protect data. Too often organizations utilize a compliance-based approach as a security strategy. Compliance is important but is a different industry than protecting a company’s assets. Protecting a company is about risk management which is where a Zero Trust philosophy is powerful.
We have very powerful business tools in the form of machine learning programs that can analyze data lakes to identify new revenue opportunities. We’re seeing this in every industry. This makes data more valuable than physical assets for most Enterprises outside of manufacturing.
“Security is an investment, and the return is relative to the cost of restarting operations from a complete data loss.”
Pereira: So do you see AI and Zero Trust coming together?
Islam: The high complexity of global Enterprises and Smart Energy, Transportation, and Manufacturing will see both fields merging to create a new class of cybersecurity products. So when the system detects a potential issue, it will actually talk to you. However, we’re a few years away from natural language capable Zero Trust systems but you don’t need to wait to implement Zero Trust services today.
If you’re running a global supply chain, implement Zero Trust Network Access before granting access to partners. If establishing a data Lake for mission-critical data, make Zero Trust Data Protection a part of the deployment.
Pereira: As OODA CTO Bob Gourley always encourages us to ask after our initial analysis, what should CISOs do? What next?
Islam: Enterprise CISCOs should immediately meet with their CEO and tell them it’s far cheaper to proactively protect a company than rebuild infrastructure and customer trust after an attack. There is a misconception that security is a cost center. Security is an investment, and the return is relative to the cost of restarting operations from a complete data loss. And let Zero Trust be your investment strategy.
Further OODA Loop Resources
OODA Network Member Junaid Islam on:
- Global Cyber Risk, Weaponized IT Supply Chains, and The Enterprise
- Security Automation and Automated Continuous Threat Testing
- Zero Trust Architecture: An OODAcast conversation
It should go without saying that tracking threats are critical to inform your actions. This includes reading our OODA Daily Pulse, which will give you insights into the nature of the threat and risks to business operations.
Explore OODA Research and Analysis
Use OODA Loop to improve your decision-making in any competitive endeavor. Explore OODA Loop
The greatest determinant of your success will be the quality of your decisions. We examine frameworks for understanding and reducing risk while enabling opportunities. Topics include Black Swans, Gray Rhinos, Foresight, Strategy, Strategies, Business Intelligence, and Intelligent Enterprises. Leadership in the modern age is also a key topic in this domain. Explore Decision Intelligence
We track the rapidly changing world of technology with a focus on what leaders need to know to improve decision-making. The future of tech is being created now and we provide insights that enable optimized action based on the future of tech. We provide deep insights into Artificial Intelligence, Machine Learning, Cloud Computing, Quantum Computing, Security Technology, and Space Technology. Explore Disruptive/Exponential Tech
Security and Resiliency
Security and resiliency topics include geopolitical and cyber risk, cyber conflict, cyber diplomacy, cybersecurity, nation-state conflict, non-nation state conflict, global health, international crime, supply chain, and terrorism. Explore Security and Resiliency
The OODA community includes a broad group of decision-makers, analysts, entrepreneurs, government leaders, and tech creators. Interact with and learn from your peers via online monthly meetings, OODA Salons, the OODAcast, in-person conferences, and an online forum. For the most sensitive discussions interact with executive leaders via a closed Wickr channel. The community also has access to a member-only video library. Explore The OODA Community.