Feeds

Securo-boffins call for 'self-aware' defensive technologies

Say they should be used to protect 'leccy, gas, water

Securing Web Applications Made Simple and Scalable

Security boffins should concentrate on creating self-aware technologies that can learn from cyber attacks, summit experts say, proving that none of them have ever seen a movie about artificial intelligence.

Participants at the inaugural World Cyber Security Technology Research summit also reckoned figuring out how to protect smart grids and mobile networks should be top research priorities, according to their report.

The experts were particularly concerned about the damage from smart grid hacking:

Smart utility grids have, for a variety of reasons such as their size and accessibility, a raised susceptibility to cyber attacks. Such attacks can destroy national critical infrastructure and the need for smart grid cyber security is therefore imperative.

And if the thought of your electricity, gas and water in the hands of hackers wasn't enough to freak you out, they also mentioned they want security technologies that can think for themselves to protect us:

Research objectives in this area would include the development of cyber security technologies which have self-learning capabilities; self-awareness in cyber systems enabling early attack detection and self-configuration to defend against an attack; the establishment of feedback in cyber systems providing the capability of learning from cyber attacks.

So, just to be clear then, if these technologies did go rogue (and let's face it, they probably would) their top capability would be learning how to defend themselves from attack. Maybe the cure is worse than the disease…

Apart from dread scenarios of doom, the specialists are also worried about the security of mobile networks given the rapid uptake of smartphones worldwide.

"This issue will only increase due to convergence in mobile architectures and the number of mobile users - five billion compared with 1.5 billion on the internet," said Patrick Traynor, associate professor at Georgia Tech. "Malicious behaviour will simply follow utility - as mobile phones become the dominant computing platform, the expectation must be that they will be regularly targeted."

The report also said that technology alone wouldn't be enough to fight cyber crime:

Next generation cyber security research must take into account social, political, legal and economic aspects of this space. Social behavioural norms in cyber space need to be investigated, societal desires such as trust, safety, freedom and privacy must be examined, and attitudes to cyber security in source countries of cyber attacks should be studied.

The Centre for Secure Information Technology (CSIT) hosted security experts from the UK's Home Office, US Dept of Commerce and the awesomely-named US Cyber Consequences Unit as well as universities, defence and IT companies at the summit in Belfast earlier this year. The resulting report (pdf) was published yesterday. ®

The smart choice: opportunity from uncertainty

More from The Register

next story
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.