Poppy Gustafsson spoke on Wednesday at the Royal United Services Institute (RUSI) – the UK’s leading and world’s oldest defense think thank – on the evolving cyber threat landscape.

Russia’s illegal and unprovoked invasion of Ukraine has led to a global rethinking of security. 

While some in the West had begun questioning the need for NATO post-cold war, and many members have failed to meet their defense spending commitments, the invasion of Ukraine has proven why the defense alliance remains a bedrock of Western security.

NATO members are now spending more on defense, increasing cooperation, and the alliance is now preparing to accept Sweden and Finland into its fold.

Russia has thrown out the rule book with its conduct and will eventually face war crime trials as a result. NATO members, in contrast, have acted in accordance with the UN charter and only provided resources to Ukraine that it can use to defend its territory from the invaders.

However, any provision of long-range weapons that could pose a threat to Moscow would be seen as going beyond helping an ally to defend itself into helping attack Russia itself—likely triggering a disastrous global conflict.

Those kinds of norms around conventional warfare are well-established. In the cybersphere, they’re yet to be set.

“There remains a persistent lack of clarity around how we define an act of war in the cybersphere,” said Gustafsson.

Gustafsson wants to see the creation of a dedicated international cyber task force, or a “tech NATO”, where global partners can collaborate, agree, and ratify norms for the cybersphere—including what kind of response would be warranted for breaches.

At the beginning of Russia’s invasion, the country attacked Viasat to disable Ukrainian communications. The attack spilt over into other European countries, including rendering 5,800 Enercon wind turbines in Germany unable to communicate for remote monitoring or control.

“The attack on the Viasat satellite that disabled Ukrainian military communications one hour before the invasion was a key component of the beginning of this war,” added Gustafsson. “We have seen UK, US, and EU officials jointly attribute this attack to Russia, an immensely political act. That is unprecedented.”

No-one reasonable would suggest that incident is worth triggering a full-scale war between NATO and Russia, but clarity is needed on what the response should be. If a cyberattack leads to serious loss of life, should it have any different response than if it was a missile?

“There is a shocking tolerance for cyberattacks, and that has to change,” argued Gustafsson. “Organisations that are custodians of valuable, private data can not be allowed to let that data fall into criminal hands through negligence and face no consequences.”

Darktrace says it has witnessed a global increase in attacks on critical national infrastructure bodies across its customer base—including a 90 percent increase in high priority security incidents on the networks of energy companies in Europe during the initial week of Russia’s invasion.

“Issues that we had thought about speculatively have now become our reality. We are facing war in Europe and there is an essential cyber component both to the way it is being fought and to its international ramifications,” says Professor Madeline Carr, Senior RUSI Associate Fellow and Professor of Global Politics and Cybersecurity at University College London.

“This is a complex area which is the subject of a wealth of academic debate and what is needed is clarity, consensus, and cooperation.”

Greater cooperation is certainly needed to combat evolving cyber threats. However, Gustafsson’s call for a “Tech NATO” is surprising—not least because NATO itself already has one in the form of the CCDCOE (Cooperative Cyber Defence Centre of Excellence).

Despite being run by NATO, the CCDCOE is open to “like-minded non-NATO nations”. Earlier this month, non-NATO member South Korea joined the organisation alongside NATO members Canada and Luxembourg. In March, Ukraine also joined the CCDCOE despite not being a full NATO member.

“Cooperation, sharing of information, skills, and best practices are essential for tackling the challenges we face in cyberspace,” said a spokesperson for the Embassy of the Grand Duchy of Luxembourg, following the country’s admission to the CCDCOE.

The CCDCOE leans more towards collaboration between public agencies but also brings together representatives from academia and the private sector to discuss cyber norms and improve members’ defenses.

“Each member of the CCDCOE plays an important role in building and advancing a strong and efficient unity against cyber threats,” explained Colonel Jaak Tarien, Head of the CCDCOE.

“In the long run, the conditions for peace in the cyber realm and a response to the security threats to the modern world cannot be created without united and committed support.”

We’ve reached out to Darktrace for clarification on Gustafsson’s call for a “Tech NATO” and how it would differ from the CCDCOE. We presume it would have a greater focus on private sector companies like Darktrace but will update this article when/if we receive an official response.

Related: US disrupts large Russian botnet ‘before it could be used’

Want to learn more about cybersecurity and the cloud from industry leaders? Check out Cyber Security & Cloud Expo taking place in Amsterdam, California, and London. The event is being co-hosted with the AI & Big Data Expo.

Explore other upcoming enterprise technology events and webinars powered by TechForge here.

The post Darktrace CEO calls for a ‘Tech NATO’ amid growing cyber threats appeared first on AI News.

The first mathematical epidemic model was formulated and solved by Daniel Bernoulli in 1760 to evaluate the effectiveness of variolation of healthy people with the smallpox virus. More recently, such models have guided COVID-19 responses to keep the health and economic damage from the pandemic as minimal as possible.

Now security researchers from BT Labs in Suffolk want to harness centuries of epidemiological modelling advancements to protect networks.

BT’s new epidemiology-based cybersecurity prototype is called Inflame and uses deep reinforcement learning to help enterprises automatically detect and respond to cyberattacks before they compromise a network.

Howard Watson, Chief Technology Officer at BT, said:

“We know the risk of cyberattack is higher than ever and has intensified significantly during the pandemic. Enterprises now need to look to new cybersecurity solutions that can understand the risk and consequence of an attack, and quickly respond before it’s too late.

Epidemiological testing has played a vital role in curbing the spread of infection during the pandemic, and Inflame uses the same principles to understand how current and future digital viruses spread through networks.

Inflame will play a key role in how BT’s Eagle-i platform automatically predicts and identifies cyber-attacks before they impact, protecting customers’ operations and reputation.” 

The ‘R’ rate – used for indicating the estimated rate of further infection per case – has gone from the lexicons of epidemiologists to public knowledge over the course of the pandemic. Alongside binge-watching Tiger King, a lockdown pastime for many of us was to check the latest R rate in the hope that it had dropped below 1—meaning the spread of COVID-19 was decreasing rather than increasing exponentially.

For its Inflame prototype, BT’s team built models that were used to test numerous scenarios based on differing R rates of cyber-infection.

Inflame can automatically model and respond to a detected threat within an enterprise network thanks to its deep reinforcement training.

Responses are underpinned by “attack lifecycle” modelling – similar to understanding the spread of a biological virus – to determine the current stage of a cyberattack by assessing real-time security alerts against recognised patterns. The ability to predict the next stage of a cyberattack helps with determining the best steps to halt its progress.

Last month, BT announced its Eagle-i platform which uses AI for real-time threat detection and intelligent response. Eagle-i “self-learns” from every intervention to constantly improve its threat knowledge and Inflame will be a key component in further improving the platform.

(Photo by Erik Mclean on Unsplash)

Looking to revamp your digital transformation strategy? Learn more about the Digital Transformation Week event taking place in Amsterdam on 23-24 November 2021 and discover key strategies for making your digital efforts a success.

The post BT uses epidemiological modelling for new cyberattack-fighting AI appeared first on AI News.