Feeds

Securo-boffins call for 'self-aware' defensive technologies

Say they should be used to protect 'leccy, gas, water

SANS - Survey on application security programs

Security boffins should concentrate on creating self-aware technologies that can learn from cyber attacks, summit experts say, proving that none of them have ever seen a movie about artificial intelligence.

Participants at the inaugural World Cyber Security Technology Research summit also reckoned figuring out how to protect smart grids and mobile networks should be top research priorities, according to their report.

The experts were particularly concerned about the damage from smart grid hacking:

Smart utility grids have, for a variety of reasons such as their size and accessibility, a raised susceptibility to cyber attacks. Such attacks can destroy national critical infrastructure and the need for smart grid cyber security is therefore imperative.

And if the thought of your electricity, gas and water in the hands of hackers wasn't enough to freak you out, they also mentioned they want security technologies that can think for themselves to protect us:

Research objectives in this area would include the development of cyber security technologies which have self-learning capabilities; self-awareness in cyber systems enabling early attack detection and self-configuration to defend against an attack; the establishment of feedback in cyber systems providing the capability of learning from cyber attacks.

So, just to be clear then, if these technologies did go rogue (and let's face it, they probably would) their top capability would be learning how to defend themselves from attack. Maybe the cure is worse than the disease…

Apart from dread scenarios of doom, the specialists are also worried about the security of mobile networks given the rapid uptake of smartphones worldwide.

"This issue will only increase due to convergence in mobile architectures and the number of mobile users - five billion compared with 1.5 billion on the internet," said Patrick Traynor, associate professor at Georgia Tech. "Malicious behaviour will simply follow utility - as mobile phones become the dominant computing platform, the expectation must be that they will be regularly targeted."

The report also said that technology alone wouldn't be enough to fight cyber crime:

Next generation cyber security research must take into account social, political, legal and economic aspects of this space. Social behavioural norms in cyber space need to be investigated, societal desires such as trust, safety, freedom and privacy must be examined, and attitudes to cyber security in source countries of cyber attacks should be studied.

The Centre for Secure Information Technology (CSIT) hosted security experts from the UK's Home Office, US Dept of Commerce and the awesomely-named US Cyber Consequences Unit as well as universities, defence and IT companies at the summit in Belfast earlier this year. The resulting report (pdf) was published yesterday. ®

Combat fraud and increase customer satisfaction

More from The Register

next story
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Natter-board tells middle-class Britain to purée its passwords
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
prev story

Whitepapers

Designing a defence for mobile apps
In this whitepaper learn the various considerations for defending mobile applications; from the mobile application architecture itself to the myriad testing technologies needed to properly assess mobile applications risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.