AI Cybersecurity: Good News and, of Course, Bad News
October 23, 2023
This essay is the work of a dumb humanoid. No smart software required.
Life, like a sine wave, is filled with ups and downs. Nothing strikes me like the ups and downs of AI: Great promise but profits, not yet. Smart cyber security methods? Same thing. Ups and downs. Good news then bad news. Let’s look at two examples.
First, the good news. “New Cyber Algorithm Shuts Down Malicious Robotic Attack” reports:
Researchers have designed an algorithm that can intercept a man-in-the-middle (MitM) cyberattack on an unmanned military robot and shut it down in seconds. The algorithm, tested in real time, achieved a 99% success rate.
Is this a home run. 99 percent success rate. Take that percentage, some AI, and head to a casino or a facial recognition system. I assume I will have to wait until the marketers explain this limited test.
“Hello, we are the team responsible for infusing AI into cyber security safeguards. We are confident that our technology will have an immediate, direct impact on protecting your organization from threats and bad actors,” says Mary, a lawyer and MBA. I believe everything lawyers and MBAs say, even more than Tom, the head of marketing, or Ben, the lead developer who loves rock climbing and working remotely. Thanks, Bing Dall-e. You understand the look and feel of modern cyber security teams.
Okay, the bad news. A cyber security outfit named Okta was unable to secure itself. You can the allegedly real details from “Okta’s Stock Slumps after Security Company Says It Was Hacked.” The write up asserts:
Okta, a major provider of security technology for businesses, government agencies and other organizations, said Friday that one of its customer service tools had been hacked. The hacker used stolen credentials to access the company’s support case management system and view files uploaded by some customers, Okta Chief Security Officer David Bradbury disclosed in a securities filing. Okta said that system is separate from its main client platform, which was not penetrated.
Yep, the “main client platform” is or was secure.
Several observations:
- After Israel’s sophisticated cyber systems failed to detect planning and preparing for a reasonably large scale attack, what should I conclude about sophisticated cyber security systems? My initial conclusion is that writing marketing collateral is cheaper and easier then building secure systems.
- Are other cyber security firms’ systems vulnerable? I think the answer may be, “Yes, but lawyer and MBA presidents are not sure how and where?”
- Are cost cutting and business objectives more important than developing high reliability cyber security systems? I would suggest, “Yes. What companies say about their products and services is often different from that which is licensed to customers?
Net net: Cyber security may be a phrase similar to US telecommunications’ meaning of “unlimited.”
Stephen E Arnold, October 27, 2023