Cyber attacks are becoming more and more common, finding their way into the headlines every couple of months. The incident in May 2017 was a fairly typical but high impact ransomware attack. Software called WannaCry infected several organisations’ internal computer networks, using the EternalBlue tool, or ‘exploit’, to install rogue software on unpatched and vulnerable computers. The vulnerability was also used to spread the WannaCry code from one computer to another. On each infected computer a ransom was demanded for putting the rightful users back in control.Another widely publicised cyberattack hit Dyn, a Domain Name System (DNS) provider, in 2016. A ‘botnet’ was formed by infecting large numbers of easily-hacked networked IoT (Internet of Things) devices such as IP cameras, printers and other everyday gadgets which were used to launch a Distributed Denial-of-Service (DDoS) attack on the Dyn servers. This led to many major Internet platforms that are dependent on Dyn becoming unavailable to huge numbers of their users.
According to the Situation-Aware Information Infrastructure (SAI2) investigators, such incidents could be better controlled if resilience management were in future deployed in networks, acting more intelligently to detect the onset of attacks, assisted by situation awareness information.
United we stand; divided we fall
The SAI2 researchers were concerned that cyber security was too reliant on the static defence of individual end devices. The focus should be on protecting the whole networked system, and constantly checking for intrusions.
Think about the setup in a typical household – a desktop, a laptop, a tablet and a smartphone. All these devices can be fitted with protective technology like antivirus software. But in case of a threat, each will mind its own digital business. If a hacker fails to get past the security running on a desktop, it doesn’t mean he or she will be just as unlucky when attacking a laptop. One way around this is to use a home gateway equipped with a firewall that is supposed to protect the whole network. But the firewall’s rules – what it does and does not recognise as a threat – are usually static and thus can’t adapt intelligently to break-ins on the network or attacks it has not encountered before. When we multiply this by thousands of computers connected into one of the largest networks of the world, the problem gets significantly worse.
Situation Awareness added to our resilience framework can help the fight against damaging cyberattacks
That’s why the SAI2 team focused on building a security system that integrates different sources of information like operators’ warnings about cyber threats, social media news feeds, or indeed any relevant contextual information, as well as conventional network traffic packet traces.
A computer network is frequently referred to as the information highway, carrying bits of data travelling in both directions between connected devices at extremely high speeds, and as with a real highway there’s much that can be inferred by measuring the traffic. What the SAI2 team proposed was algorithms and tools for detecting anomalies in the measured traffic, and then reacting to such anomalies in short timescales. It sounds simple, but the real challenge lies in deciding how to respond to anomalies. The SAI2 researchers have been better able to spot when something suspicious is going on by analysing network data traffic patterns alongside global information feeds from social media (e.g., Twitter) and news (e.g., Reuters) sources. However, to accomplish this and at the same time feed any alerts back to the network infrastructure in short timescales, they decided to revisit the fundamental packet switching mechanisms of the network. Doing so for large networks that transmit data at rates of hundreds of Gigabits per second and multiplex traffic for millions of users over large, geo-distributed data centres poses significant technical challenges. So, the SAI2 team developed a novel, programmable switching architecture that can natively incorporate monitoring and adaptive control intelligence as part of the main packet forwarding operation of the network infrastructure. This way, Hutchison, Pezaros and their colleagues designed a cyber security system that is aware of what’s going on in the entirety of the network it protects, and can react according to the temporal operational conditions and incidents as and when they unfold. But knowing what’s going on inside the network was only the first step in building a situation-aware infrastructure. The next logical step was to equip the network with the ability to understand, to an appropriate extent, the outside world as well.
Resilience management can use Situation Awareness to help make better remediation and recovery decisions
While the term ‘cloud computing’ sounds intangible, the reality is our photos, emails, videos or medical records have to be physically stored on servers located somewhere. Clouds and any critical infrastructure will be subjected to challenges including natural disasters and a variety of operational failures as well as cyber attacks. The SAI2 investigators apply a resilience management framework to protect such networked systems, assisted by situational awareness information from external sources including social media.
Of all social media platforms, Twitter is certainly one of the most accommodating to researchers – its data is easily obtainable: how many people tweeted a particular message; how many used a given hashtag; when and where those people did so, etc. This is all invaluable information when it comes to dealing with and assessing crises. Suspicious activity will appear in Twitter data patterns like ripples in the water. So, the SAI2 team went on to build algorithms that model such news feeds into their cyber security systems. In this way, computer networks of the future will know what’s happening around them as well as inside the network and can react accordingly. Does this mean they will become self-aware? No, they won’t. But the idea is that future networks will exhibit other properties like self-management and self-adaptation which ultimately will make them more resilient and reliable: properties which will benefit us all.
What first got you interested in cyber security and resilience?
How can the Situation-Aware information infrastructure benefit us, the end users?
How does your Situation-Aware network architecture work?
How can a cyberattack affect a regular person?
What, in your opinion, will perpetrators do to defeat future cybersecurity systems like those you’re working on?