April 18, 2024

This is the second part of a two part series. You can find the first part of this feature at this link.

It is evident over the last few years that central national governments are applying tighter controls on the security of software and hardware products – from labels for IoT devices in the US and abroad, to controls over AI research and bans on high risk AI models, to more timely reporting requirements on vulnerabilities, ransomware, and breaches by publicly-traded companies by the SEC and CISA; to increased controls over the hardware and software supply chain; to mandatory cyber controls for DoD contractors, and, overall, to greater surveillance of the cyber ecosystem. This same central government focus on central control extends to identities, to information flow, and to the production, distribution, and use of technology; and, is evidenced in various government-sponsored cyber research and national strategies. For example, from the US National Cybersecurity Strategy (March 2023):

“To realize this vision, we must make fundamental shifts in how the United States allocates roles, responsibilities, and resources in cyberspace.

…We must rebalance the responsibility to defend cyberspace by shifting the burden for cybersecurity away from individuals, small businesses, and local governments, and onto the organizations that are most capable and best-positioned to reduce risks for all of us.”

This statement signifies that big tech, big cyber security, and the central government will take the lead in cybersecurity – basically, we should expect that they will collect all, analyze all, instruct all. But aren’t these the same entities that have got us to where we are today? Microsoft’s lax security and risk managment cuture led to the Exchange hack according to the Cyber Safety Review Board. And Rand commented in September 2023,

“… there is one aspect that has yet to garner the attention it deserves: the security devices employed to protect the system contained the very vulnerabilities used by the actors to gain access. This is not the first time security software has been abused [e.g., SolarWinds, Fortinet, Ivanti, Cisco, Palo Alto, more], as it presents a juicy target: operating at elevated levels of privilege and storing some of the most sensitive data.”

Credit: Thinkstock

 

And the government hasn’t exactly been the best steward of the public data as local, state, and federal government branches have all experienced major cyber incidents in the last few years. Meanwhile, the detect and stop approach espoused by the leading cybersecurity and software companies seems not to be working. Threat and vulnerability-driven approaches are hard and require a lot of data and staffing. Some of the pillars of zero trust [e.g., EDR], which has been hailed by the government experts as the next best thing, are maligned as being too complex to adopt, to scale, and too many false positives / negatives.

As I was thinking about this growing and intrusive global trend of tighter central control and the increasing effects of the cyber issues that we still collectively face, my questions are:  Can AI play a decisive role in turning the global tide of cyber attacks? Is it possible to achieve verifiable, reliable, explainable, auditable, robust and unbiased AI without costly government intervention? And is it possible to have a more democratic approach to the control of AI resources [i.e., identity and data]? I was wondering in light of these questions what kind of influencers we currently are seeing in some of the most important cyber security research areas. In my view, the most important cyber research areas all have an element of AI included.

In this two-part article I explore some of the key research areas where AI and cybersecurity are intimately entwined, to include:

  1. AI and Enterprise Security [Part 1]
  2. AI and Cyber-Physical Systems Security [Part 1]
  3. AI and the Intersection of Humans, Agents, and Cyber [Part 1]
  4. AI and Secure by Design [Part 2]
  5. AI and the Democratization of Cyber Defense [Part 2]

Give me some feedback on what you think of these choices and what are the highest priority research areas in your view?


  • AI and secure by design.

The secure by design concept has actually been around for a long time. Before the security perimeter and secure by default, we were doing secure by design starting with the NSA Orange Book and Rainbow series and extending into the NIST Common Criteria. But what is old becomes new again, and now NSA and DHS CISA are again leading the charge with secure by design and zero trust. I always thought secure by design to be the best approach for securing assets in some cases. However, in previous iterations it has proven to be too hard and too slow to develop for modern systems. Maybe AI can make it better and it can make AI better.

The new secure by design approaches have a new twist – instead of building secure monolithic operating systems and applications according to the rainbow series, the greater focus and new guidance of secure by design is on the development process and controls over the operational environment [zero trust]. Here is where the software supply chain comes into play, the requirements process through the final testing, and to include on-premise and cloud-based environments.

Secure by design approaches push back on cloud and repo secrets sprawl through root of trust tactics such as DevOps vaults and cloud-based enterprise key management systems where one central authority can encrypt everything to ensure only authorized users have the right access. Secure by design involves sophisticated DevSecOps processes with dynamic and static testing to ensure software is secure when it is released, and even bug bounty programs to check if it isn’t secure when released. Secure by design also means visible by design as IoT labeling programs are being rolled out to provide greater transparency around the basic security posture [one part of label deals with secure development practices] of the IoT device as evaluated by an independent certifier. It will be interesting to see how this program really performs and if it makes any effective difference in the security of IoT products – I have my doubts. There is also the SBOM program which is still maturing but should provide greater transparency in software. [Learn more about SBOMs in this Active Cyber™ interview.]

AI can make systems more secure through AI-based bug hunting; automated AI-based secure coding; AI-based configuration audits, and AI-based system design techniques. In addition, making AI explainable would go a long way to increasing the trust of AI-based outomes when it comes to AI-based secure design and coding tools. This is an area of significant research already.

Vendors are researching ways to deliver a better zero trust capability. Zero trust capabilities come in many flavors and sizes and getting them to work together is a problem. Many zero-trust deployments require major architectural, hardware and software changes to be successful, and sometimes leave gaps in the security architecture when deployed in a piecemal fashion. Zero-trust models rely on a vast network of strictly defined permissions, but organizations are always evolving. People are hired, move into new roles, change locations, resign and get laid off all the time. Keeping permissions accurate and up to date requires ongoing input, which can be overwhelmingly difficult to keep up with. It can also be expensive and have a significant impact on performance as more user actions across the network need to be monitored and logged. Previous zero trust approaches that use network-based segmentation or micro-segmentation have had low success rates due to being too cumbersome to implement and operationalize. Research into behavioral analytics, anomaly detection, and attack surface analysis are areas where AI can help zero trust. Reasoning about mitigations and automating playbooks are other areas where AI is being worked to support zero trust.

Making systems secure by design is going to get more complicated. By 2030, there is expected to be over 30 billion connected devices worldwide. With the growth of the Internet of Things (IoT) and autonomous systems, complex mesh architectures with challenging security and resource constraints will become commonplace, making an optimal zero trust security posture increasingly difficult to establish and maintain. AI working in conjunction with augmented reality and digital twin technology will be essential to break down this complexity and make the underlying security operations more understandable and responsive.

Trusted computing techology (Trusted Platform Module) can also help overcome these complexity issues, however not all devices leverage such technology. To this end, the DICE Endorsement Architecture for Devices specification from the Trusted Computing Group (TCG) provides a definitive guide to establish trust within systems and components with and without a TPM. It provides guidelines for devices to integrate cryptographically strong device identity, attest software and security policy, and assist in safely deploying and verifying software updates at near zero cost. These capabilities are essential for a zero trust approach. Previous DICE specifications outlined how devices can make authoritative statements to establish device identity, perform measurements and produce the required claims in evidence. With the Endorsement Architecture for Devices specification, both aspects of the attestation process are covered, enabling manufacturers to provide manifests and present endorsement values to verifiers in order to successfully complete the reconciliation process. These types of endorsements are also invaluable for maintaining transparency in the supply chain, such as through SBOMs.

I would also like to see secure by design approaches incorporate the Confidential Computing initiative, or something like it, as part of an overall AI-Cyber strategy. Similar to solutions specified by the TCG, Confidential computing solutions are designed to protect data in use with isolation, encryption and control, and verification capabilities to help you unlock new opportunities for business collaboration and insights. Intel and NVIDIA both offer confidential computing technologies that are designed to help secure enterprise applications, enable zero trust, protect AI models, while also allowing users to maintain control of and use of their data. Confidential computing helps protect apps, data, and AI models from unauthorized access with robust isolation, integrity, and confidentiality capabilities.

Confidential Computing security capabilities support the use of sensitive data for training and analysis of AI models without exposing that data to other software, collaborators, or cloud providers. For example, Fortanix’  Confidential AI is a new platform to securely develop and deploy AI models on sensitive data using confidential computing. The solution  provides data teams with infrastructure, software, and workflow orchestration to create a secure, on-demand work environment that maintains the privacy compliance required by their organization. MLOps often depend on sensitive data such as Personally Identifiable Information (PII), which is restricted for such efforts due to compliance obligations. AI efforts can fail to move out of the lab if data teams are unable to use this sensitive data. Large portions of such data remain out of reach for most regulated industries like healthcare and BFSI due to privacy concerns. However, the emergence of Confidential Computing as a new security paradigm offers data scientists a practical solution to protect sensitive private data while being processed.


  • AI and the democratization of cyber defense. 

I really believe that we collectively need to democratize cyber defenses – everyone needs cyber training as everyone is on the front line in cyber defense. AI tools are the modern Gutenberg presses [or the Korean Choe Yun-ui press – pick your origin story] by easily providing knowledge access to the masses through agents and chatbots. Given today’s AI capabilities I wonder why we don’t already have AI-based personal security assistants with our home computers that don’t necessarily need us to be connected to a cloud provider. These assistants should help us analyze our logs, regex our registry, set up firewalls, perform intrusion detection, check file integrity, attest the authenticity of what is running at any time, check for malicious URLs, provide the provenance of content we access, automate our privacy preferences, and countless other security tasks that we get when we use an enterprise service provider. Why not use it to help set up a TPM or trusted execution environment? Or be able to use it to harden our home computers? And it should run in a trusted execution envornment as well. Something like OpenInterpreter with a security slant running with Intel confidential computing.

I also believe that individuals need to have more control over their data and identity. Private and government organizations collect so much data from so many individuals that when a data breach occurs, its effects are of a signifcant magnitude. I believe we need to shift away from organization-centric stewardship to personal stewardship / ownership of data and identity. This decentralization could mitigate issues in the existing Web 2.0, such as overcentralization and domination by big tech companies, network vulnerability, misinformation and information disorder, and provide more secure, private, scalable, and free information creation. We also need a more decentralized AI capability to go along with this democratic web. According to this article by Builtin:

“Much of today’s AI exists in centralized black boxes owned by a few influential organizations. This concentration of control counters the otherwise democratizing potential of AI and hands over outsized influence on society, finance and creativity to a handful of unchecked entities. As AI systems advance, decentralizing its development and its applications becomes even more critical. Trustless, permissionless AI can power innovation across industries.”

To this end, research is being conducted to determine ways to decentralize AI as well, providing security and safety while leaving privacy guardrails but not strait jackets. In general, I advocate the pre-eminence of the Web3 model and the application of Self Sovereign Identity (SSI) principles to AI. Web3 is the read-write-own Internet, based on blockchain protocols that support online privacy, self-sovereign identity, and property rights to digital assets. Various research is being conducted into the 10 key principles that summarize the essential aspects of Web3 and SSI: [ ] – my insert

1) Existence: A user must be able to exist in the digital world without the need of a third party.

2) Control: People must have ultimate authority over their digital identities and personal data [and AI].

3) Access: Users must have easy and direct access to their own data.

4) Transparency: The way an identity system [and AI] and algorithms are managed and updated must be publicly available and reasonably understandable. The solution design should be based on open protocol standards and open software.

5) Persistence: Identities must be long-lasting. Solution developers should implement sufficient foundational infrastructure and design commercial and operational [AI] models that are sustainable.

6) Portability: People must be able to bring their identities and credentials anywhere, transport their data from one platform to another, and not be restricted to a single [AI] platform.

7) Interoperability: Identities should be as widely usable as possible by various stakeholders. Organizations, databases, and registries [and AI / robotic platforms] must be able to quickly and efficiently communicate with each other globally through a digital identity system.

8) Consent: Users must give explicit permission for an entity to use or access their data. The process of expressing consent should be interactive and well-understood by people [and chatbots].

9) Minimization: A digital identity solution should enable people to share the least possible amount of data that another party needs to minimize sharing of excessive and unnecessary personally identifiable information.

10) Protection: People’s right to privacy must be protected and safeguards should exist against tampering and monitoring information [by AI platforms]. Data traffic should be encrypted end-to-end.

Some foundational research is being conducted by the Web3 Foundation. The research topics focus on a number of areas that are relevant to decentralized systems:

      • (Proveable) Security, Cryptography, and Privacy
      • Decentralized Algorithms: Consensus and Optimization
      • Crypto-economics and Game Theory
      • Networking
      • Behavioral Economics and Useability

The research aims to develop secure and decentralized architectures, consensus algorithms, and privacy-preserving techniques while addressing challenges such as smart contract security and consensus manipulation. Opportunities include transparent supply chain management and decentralized identity management. Researchers at Web 3 analyze existing protocols, come up with new ones and specify them. Some current initiatives:

The Decentralized Identity Foundation is an engineering-driven organization that represents a diverse, international collection of organizations and contributors working together to establish an open ecosystem of decentralized identity that is accessible to everyone. DIF has a variety of working groups establishing standards and protocols including the following:

      • Identifiers and discovery: DIF members are working on protocols and implementations that enable the creation, resolution, and discovery of DIDs and names across decentralized systems like blockchains
      • Authentication: Members design and implement DID-based authentication spec, standards, and libraries
      • DID Communication: Members produce one or more specifications that embody a method for secure, privacy-based, and authenticated message-based communication (where possible) where trust is rooted in DIDs.
      • Secure data storage: Members create one or more specifications to establish a foundational layer for secure data storage.

The Trust Over IP Foundation is an independent project hosted at the Linux Foundation, working with pan-industry support from leading organizations around the world. Their mission is to provide a robust, common standard and complete architecture for Internet-scale digital trust. Specifically, the Foundation mission includes:

      • Promote global standards for confidential, direct connections between parties
      • Leverage the opportunities for interoperable digital wallets and credentials
      • Protect citizen and business identities by anchoring them with verifiable digital signatures
      • Integrate the technical elements for digital trust with the human elements—the business rules and policies that govern collaboration in a successful digital trust ecosystem
      • Foster communication and knowledge sharing amongst Digital Trust experts.

Besides the technical architecture, the Foundation also supports development of a governance framework to handle the policy questions that must be answered to drive business, legal, and social acceptance.

But where is the AI element in all of this research? The Web3 foundational research initiatives listed above lead to the concept of decentralized AI. Decentralized AI (DeAI) refers to the AI thinking, methodologies, technologies, systems, and services for developing, managing, and deploying decentralized intelligence in decentralized settings; storing, updating, sharing, and exchanging decentralized intelligence between decentralized agents, nodes, or devices; and integrating decentralized intelligence from local agents and across decentralized ecosystems (with their services, and environments) for higher level intelligence and intelligent problem solving.

Accordingly, the research aims and objectives of DeAI include but are not limited to:

      • Studying fundamental and unique characteristics and properties in making decentralized systems intelligent, for example, enabling smart blockchain, Web3, DAOs, and DeSci systems, and services
      • Quantifying decentralized interactions, complexities, and intelligence in DeAI systems, which form some of the most fundamental system characteristics and properties in DeAI systems; quantifying them makes it possible to characterize, compute and manage decentralized systems in a quantitative manner
      • Developing key enabling techniques for designing and producing intelligent decentralized systems and services, and making blockchain, Web3, DAOs, DeSci, and their ecosystems intelligent with smarter autonomy, self-organization, and resilience
      • Enabling the integration and integrity of plugging in third-party AI systems, tools, and services to decentralized platforms, services and DApps

In essence, the research is intended to use AI to make Web3 easier to use; and, to enable Web3 infrastructure as a platform that provides genAI capabilities to the edge.

Research in decentralized AI is going on in many places. One example is SingularityNET. SingularityNET is the world’s leading decentralized AI marketplace, running on blockchain. The main mission of the marketplace is creating a decentralized, democratic, inclusive and beneficial Artificial General Intelligence (AGI). – an AGI that is not dependent on any central entity, that is open for anyone and not restricted to the narrow goals of a single corporation or even a single country.

OpenCog Hyperon is a core research project in SingularityNET’s mission to develop beneficial Artificial General Intelligence. Hyperon aims to implement a complete, scalable, and open-source Artificial General Intelligence system based on the principles of OpenCog. Hyperon consists of two core software components: 1) Atomspace: a hugely scalable distributed neural-symbolic knowledge metagraph 2) The MeTTa programming language (gradually probabilistically dependently typed).  Hyperon is composed of higher-level AI systems built on top of the core components such as Probabilistic Reasoning (Probabilistic Logic Networks, dependently typed probabilistic programming), Evolutionary Learning (MOSES), Economic Attention Allocation Network (ECAN), Machine Learning strategies and, potentially, other proprietary AI systems. MeTTa forms the universal translator that enables this wide range of AI systems to dynamically collaborate based on the common knowledge base of Atomspace (and enhance the knowledge base while doing so). MeTTa’s capability to support neural-symbolic reasoning and handling uncertainties (using probabilistic reasoning), makes it the strong and versatile tool that is crucial in the pursuit to develop AGI.

SingularityNET is not alone in the research of decentralized AI. According to this article in Forbes, decentralized AI projects like GensynOORT, and Bittensor are emerging to accelerate AI development by leveraging decentralization’s benefits. Leveraging blockchain technology and cryptographic economic incentives, decentralized AI encourages global participants to contribute computing power and data, fostering innovation and widespread adoption of AI technologies. One of the promising fundamental protocols for decentralized AI: the Proof of Honesty (PoH). Specifically, it helps to incentivize geo-distributed service providers (a.k.a., nodes) to contribute towards a globally optimal goal and verify decentralized resources (such as bandwidth, computing power, and storage space) to ensure they function as promised, aiming to establish a truly trustworthy AI.

A shift to a decentralized AI infrastructure could dramatically alter the power dynamics within the AI market. As more vendors embrace decentralized AI, the dominance of proprietary models may wane, leading to a significant decrease in market control. Consequently, this paradigm shift is expected to usher in an era of increased transparency and inclusivity in AI development, marking a substantial step toward democratizing access to AI technologies.

This shift requires certain aspects of Web3 to mature as described in this article by Coindesk. According to the author,

“… for decentralized AI to become feasible, open-source generative AI needs to become more mainstream. Currently, only a handful of open source genAI companies, such as HuggingFace, Meta, Mistral, or Stability, are viable alternatives to OpenAI, Anthropic or Google. Enterprise applications with strong security and privacy constraints, as well as AI startups in regulated industries, seem to be strong growth vectors for open-source generative AI. In those scenarios, Web3 AI infrastructure can become a viable alternative.”

The article goes on to point out that decentralized AI would mainly impact the inference engine aspect of the AI workflows whereas the pre-training and fine-tuning workflows would stay with centralized AI regimes due to the scale of storage and compute (GPU) needed to handle these workflows. Web3 compute and data infrastructures also need to scale to meet the demands of foundation models – new blockchain runtimes must be optimized for larger and more complex compute workloads. One example of a startup working to develop a Web3 infrastructure needed for AI is Polyhedra Network. Polyhedra Network is developing a Web3 infrastructure platform using zero-knowledge-proof protocols. Its platform offers a bridge for cross-chain communication that allows developers to build secure and interoperable applications across layer-1 and layer-2 blockchains.  Decentralized AI can also take advantage of recent trends where smaller and more specialized models are becoming one of the most important steps towards the adoption of generative AI. In the same way that Web3 infrastructures need to scale to adopt foundation models, the small language model trend can make models more practical to run on Web3 infrastructure.

I expect that DeAI will continue to be a hot spot of research and development in 2024 and 2025. AI-based smart defenses at the edge will be essential when it comes to autonomous systems, smart cities, IoT networks, and the use of spatial data for AT/VR applications. We are beginning to see new innovations at the hardware level to support edge intelligence, such as the NVIDIA Grace-Hopper GH200 superchip. Also, to construct secure and decentralized AI systems capable of surviving possible cyber-attacks, organizations should utilize blockchain technology to ensure the security and safety of digital infrastructures. To address these emerging needs, research into, and the development of, blockchain-enabled, decentralized AI is critical. Exohood is blending AI with the prospective power of quantum computing and the security of blockchain to prepare a Web3 infrastructure for future technological advancements.


  • Conclusion

So what does a resilient, secure, safe and AI-driven future look like? My vote is on decentralized AI accompanied by Web3, but realistically I believe it will be a blend of central and decentral AI driving the future cyberspace. Cybersecurity vendors will likely divide into two camps too. I also believe that more sector-specific regulation by central government on cyber and AI is not likely to bring the outcomes desired – regulations always bring a compliance mentality which tend to diminish the expected outomes as well as dampening innovation. Ultimately, the success of AI and cybersecurity in the future will not be dependent on big government and big tech but on awareness and skill of every individual as magnified by AI for the endpoints to which they use and connect. I don’t believe AI can eliminate the human from being the weak link in the cybersecurity equation. It can help though. Adding and simiplifying secure by design capabilities such as confidential computing will also go a long way in keeping AI and users secure and safe. Is this a realistic expectation? I think so, as VC funding is back up for Web3 after a 2 year lull. I hope it continues. We can just wait and see how it turns out.


Thanks to my subscribers and visitors to my site for checking out ActiveCyber.net! Let us know if you are innovating in the cyber space or have a cybersecurity product you would like discussed on Active Cyber™. Please give us your feedback on this article or other content and we’d love to know some topics you’d like to hear about in the areas of active cyber defenses, authenticity, PQ cryptography, risk assessment and modeling, autonomous security, digital forensics, securing OT / IIoT and IoT systems, AI/ML, Augmented Reality, or other emerging technology topics. Also, email chrisdaly@activecyber.net if you’re interested in interviewing or advertising with us at Active Cyber™.