Machine Learning / Security

How ML Defense Projects Change Approaches to Data Security

18 May 2022 12:41pm, by

Machine learning’s civilian developers took to the front lines in the early hours of the Russo-Ukrainian war. Folks from the Ukrainian machine learning startup Reface woke up on Feb. 24 to the sound of explosions and immediately stepped into action. They launched projects using public data to leap to Ukraine’s national defense against the Kremlin’s incursion.

How Ukraine Used ML/AI in the War’s Early Hours

“We develop an ML/AI algorithm to detect Russian hostile aircraft and forces that currently attack Ukraine. Looking for access to high-resolution satellite imagery (15, 30, 90 cm per pixel) to get precise datasets and make it work,” wrote Reface’s communications lead, Julia Kravchuk, in a social media post.

Reface put out a public request for historical data from 2-3 weeks before posting. The project needed historical data covering Ukraine’s territory, as well as a pipeline of real-time satellite images.

Geospatial Intelligence: Developers as Defenders

This machine learning project was making use of geospatial intelligence, or intelligence gathering from geospatial information systems.

Geospatial Intelligence, or GEOINT, has taken a more prominent role in public information gathering as well as defense systems. In the Russo-Ukraine conflict of 2022, global attention has fallen on public ML developers’ engagement with defense agencies.

Public Sector ML and the Defense Industry Combine Forces

Reface is using its systems for geospatial intelligence. This is a type of data intelligence where data and images from satellites train the AI for high-level surveillance or to inform decisions. ML has been a part of revolutionizing geospatial intelligence for national defense, according to the U.S. Department of Defense.

Civilians and Foreign Governments Come to Ukraine’s Aid

In the days that followed, the U.S. Geospatial-Intelligence Agency reported coming to Ukraine’s aid, through satellite imagery for intelligence. The action taken in Ukraine satellite intelligence highlights this moment in defense protocol.

Today, civilians and foreign allied services alike can come to the aid of a nation through AI data systems. Because these people are working on a heightened playing field, and stakes are high, public data security protocol stakes are increasing.

Risks and Rewards from Ukraine’s Geospatial Defense

John Hopkins University hosted a talk with geospatial experts regarding the public engagement with this type of intelligence gathering.

“Geospatial intelligence can monitor the conflict and the social changes in Ukraine in near-real-time,” said former CIA officer Jack O’Connor, in an interview with John Hopkins’ campus news center the Hub.

“It cannot be jammed like radio or television signals, or turned off like Russia has started to do with social media. It can also track humanitarian issues such as refugee flows and refugee camp construction, as well as systemic destruction of cities or Ukrainian infrastructure,” said O’Connor.

While the signals cannot be jammed in the same radio can, Geospatial World warns that sensitive data presents a greater risk from hackers. If hackers steal sensitive data, it can be repurposed for destructive reasons.

System Security Braces for New Impact

Reface began taking steps toward an elevated form of public security. Tech innovators continue these pursuits for practical use of systems.

Yet, cybersecurity professionals who spoke with Techwire Asia express concern that systems are “woefully behind the times,” in critical infrastructure protection. As software moves to protect civilian life, developers and security professionals alike are beginning to think more creatively about protecting that critical software. This includes combining efforts between the public and defense spaces.

U.S. Armed Services Talks Cyberattack Risks with Public AI Builders

Ukraine’s application of machine learning and AI in conflict is a ground-real example of public developers called to cyber defense action.

AI’s increasing role in public defense was argued by Microsoft’s Chief Scientific Officer Eric Horvitz before the U.S. Senate Armed Service Committee on May 3.

“Offensive AI methods will likely be taken up as tools of the trade for powering and scaling cyberattacks,” wrote Horvitz, in the written testimony he presented to the U.S. Senate Armed Service Committee

“We must prepare ourselves for adversaries who will exploit AI methods to increase the coverage of attacks, the speed of attacks, and the likelihood of successful outcomes. We expect that uses of AI in cyberattacks will start with sophisticated actors but will rapidly expand to the broader ecosystem via increasing levels of cooperation and commercialization of their tools,” Horvitz wrote.

Fully Democratized Cyberspace Changes Strategies

As nations prepare for AI exploits, they likewise prepare for a fully democratized cyberspace. The line between public data sets and those used in national defense is a fine one. Forbes noted Ukraine’s use of artificial intelligence and machine learning is among few examples of AI employed in conflict problem-solving scenarios.

Forbes contributor Eric Tegler calls out the vulnerability of AI systems as a reason why Russia did not appear to be using AI extensively in Ukraine.

As Ukraine makes use of AI, and Russia refrains, we see examples of both the major benefit and the major risk factors of artificial intelligence on the ground.

Developers Seek Advanced Methods of Data Protection

As data plays a role in civilian protection, it can also be at risk of exploitation on a high level by bad actors. After the Ukraine war, we have examples of both the advanced public benefits of machine learning and the precedent of the most severe consequences if that information was stolen.

Agencies and Tech Leaders Prepare for Mass Overhaul

The National Geospatial-Intelligence Agency has moved to make “severe major technology shifts” for 2022 in cloud, cybersecurity, and machine learning, NGA’s Chief Information Officer Mark Andress said at a Jan. 6 press event.

Apple Updates Its Data Protection

Developers using Apple systems can refresh their knowledge of Apple’s data shield protocols to protect systems against bad actor threats.

In the Apple Platform Security report for May 16, Apple gives insights into new data encryption for its systems. The report explains how data is stored and shielded within Apple infrastructure. Apple uses technology it internally calls Data Protection.

“Data Protection is implemented by constructing and managing a hierarchy of keys and builds on the hardware encryption technologies built into Apple devices. Data Protection is controlled on a per-file basis by assigning each file to a class; accessibility is determined according to whether the class keys have been unlocked. APFS (Apple File System) allows the file system to further subdivide the keys into a per-extent basis (where portions of a file can have different keys),” wrote Apple, see the full report.

Demands for Data Driving Shift to Edge

Because advanced technology makes high data demands, many developers are moving their systems to edge computing to meet that demand.

Deloitte explains the increased demand for data for AI and ML systems. Because of this need for massive data loads, and scalability, to make these systems function, many developers are switching to edge computing. Edge computing works with 5G networks to enable connection to everything, empowering the use of real-time “ubiquitous data”.

With greater data processing capacity, comes a need to scale systems to meet the added demand for data security. Edge-tech leaders study the trends to give full insights into systems switching to edge and the specifics of new security demands.

AT&T Insights See Developers Moving to Edge

Theresa Lanowitz, head of cybersecurity evangelism for AT&T Business recently spoke with OWASP Austin, to explain the changing nature of software. The company’s survey found that at least 75% of survey respondents were working on an edge computing pathway.

 AT&T’s Cybersecurity Report for 2022, the telecom company’s thought leadership report, warns that adversaries are changing from hobbyist hackers to “the edge” to “highly financially motivated” hackers, and “hacktivists.” This changing adversary profile comes with the territory of computing “extremely democratized” based on the demands of modern development.

“Globally, the perceived risk of a cyberattack on an edge deployment is ‘highly likely.’ Perceived impact to the business is ‘very impactful,’” writes AT&T’s research team.

On the Edge with Reactionary Security

Lanowitz explains that edge development engages in complex, external, third-party-assisted builds. The growing diversity of systems used the majority of software build methods adds weight to the implications of a data breach.

“Reactionary security decisions can result in business disruption that stunts that growth, or in extreme cases may shutter your business entirely,” writes AT&T’s research team.

AT&T’s findings reveal that putting firewalls in place in modern systems remains relevant for the next generation, despite advances in edge-system security such as Secure Access Service Edge or SASE.

Ransomware Immunity Solution to Reactionary Security

Developers now look to more advanced ways to protect their data sets from bad actor exploitation. VentureBeat recently interviewed Arti Raman, CEO, and founder of Titaniam, an encryption-in-use service provider, following the Colonial Pipeline breach. Raman suggests organizations apply data-in-use sophisticated encryption.

This is a type of encryption that builds ransomware immunity into the collected data itself. The idea is to make data “undecipherable” or unusable to bad actors, even if they manage to break perimeter security infrastructure and access measures.

Essential Modeling Makes It ‘More Difficult to Deceive’ Systems

As public projects continually become more relevant to global issue problem solving, developers will require more innovative ways to protect their data from bad actor ML.

Data scientists and cybersecurity experts now suggest building robust data classification and recognition models to make systems “harder to deceive.”

New Microsoft Release Highlights Ambitious DLP

Rapid innovation drives the need for streamlined task management. Developers can increase their data loss prevention and data governance to protect their ML projects from bad actor hijacking.

Microsoft recently released Microsoft Purview, a tool that can “detect and prevent exfiltration during cyberattacks.” Microsoft Purview is a rebranded overhaul of Azure Preview, the company explains. Microsoft Purview boasts integrated data governance and compliance.  It can multitask through this integration, to catch typical data thieves inside the system.

“Data exfiltration is often a primary goal during cybersecurity attacks. In 2021, over 80% of ransomware attacks threatened to exfiltrate data,” wrote Microsoft, in a press release published on May 4.

“Exfiltration during or before security attacks, mostly ransomware, happens mainly from endpoint devices. Researchers have observed adversaries leveraging legitimate file transfer utilities (FTUs) to upload sensitive data from devices to web services or cloud storage applications. Besides, adversaries generally try to evade simple security controls by renaming these FTUs,” Microsoft wrote.

Microsoft proposes that its Purview system can prevent data theft through the early detection of adversaries.

“If configured correctly, Microsoft Purview DLP can detect adversaries utilizing any FTU or cloud application to exfiltrate sensitive data from endpoint devices. Microsoft Purview DLP can also identify the execution of these tools when adversaries rename them to remain undetected,” Microsoft wrote.

Security Innovation and Task Management

While Microsoft’s data governance and compliance integration is a step in the right direction, cybersecurity services argue that more proactivity should be in place.

In recent analyses, cybersecurity experts have argued that rather than work as a smoke detector, security should step ahead of smoke. Cybersecurity, they reason, should be able to both prevent and solve cyberattacks.

Modern Systems Stress Adaptability

Industry trends show that developers are starting to think more critically about innovation across the board.

Development teams increase production speed with new integration techniques such as MACH alliance principles. MACH is an acronym for “microservices first, API-led, composable, and headless systems.

MACH allows developers to customize and “compose” their toolkits. This is called composable system structuring. Composable systems signal changing trends in critical thinking and innovation.

Enforcing The Strengths of Multifaceted Systems

Modern software development recognizes that hybrid systems can adapt in ways that older models, such as monolithic systems, could not.

Through changes in system architecture, such as MACH allied structuring, developers prepare for the speed needed to meet a 5G network demand. Also, through enhanced methods of data loss prevention and data governance, developers make headway in the fully-democratized virtual world.

Feature image by Alexandra_Koch from Pixabay