Government Communications Headquarters (GCHQ) is the organization in charge of signals and telecommunications intelligence in the UK. It was created at the end of the First World War to unify the units that already had this role in the British Army and Navy. During the interwar period it was a small, relatively unimportant organization, towards the end of 1939, it started to play a major role.
This was when GC&CS, as it was then known, settled in in Bletchley Park, bringing together the best allied codebreakers, cryptographers, and engineers, with the aim of deciphering the messages sent by the Axis powers and decisively changing the course of the Second World War. This is how the first programmable, electronic and digital computer was born: Colossus. At Bletchley Park, the work of one pioneer in this field, Alan Turing, was crucial in deciphering the German Enigma machines. Because of this, GCHQ has always had a special relationship with computing and artificial intelligence.
The present and future of cybersecurity_
Seventy-five years later, GCHQ understands that artificial intelligence has become an increasingly relevant factor for national security. This is reflected in a recent study from Royal United Services Institute (RUSI), commissioned by GCHQ. Among the purposes that AI serves for national security, the report dedicates a section to cybersecurity. It concludes the following:
- Modern cybersecurity threats require a speed of response that cannot be reached with human decision making.
- Current cybersecurity solutions are increasingly being implemented to proactively mitigate
- This means that traditional blacklist-based antivirus solutions are obsolete. Instead, AI technologies are what is required.
- Network monitoring systems can be used to learn what activity is normal on the organization’s network, and thus know how to detect suspicious activity in real time. This can be especially useful when it comes to identifying insiders.
- There is new research underway, such as that led by DARPA (Defense Advanced Research Projects Agency, an agency of the United States Department of Defense) into the use of AI for biometrics: Users could be identified based on unique aspects of their digital activity, such as how they move the mouse or how they write and the language that they use.
A pillar of zero trust_
With the exception of behavioral biometrics (an area that is still is development), the applications of AI in terms of cybersecurity described by the GCHQ report are already a reality in advanced cybersecurity solutions, such as those available to Cytomic.ai (artificial intelligence) clients.
These solutions are based on a proactive approach, which is used to mitigate threats. They constantly monitor all endpoint activity, searching for behavioral patterns. Because of this, they go much further than the blacklists of traditional antivirus programs; in light of the increasingly sophisticated new cyberattacks, which uses techniques such as Living-off-the-Land or fileless malware, such traditional approaches are ineffective.
What’s more, artificial intelligence is one of the two cloud technology pillars of the managed Zero-Trust Application Service: AI Ranker. This technology is a scalable cloud system, based on machine learning and deep learning algorithms on trillions of events, which classifies more than 300,000 new binaries every day.
In any case, AI Ranker is supervised by a multidisciplinary team of scale data scientists, security experts, and malware analysts, who ensure that the system adapts to the new techniques used by cyberattackers. Because artificial intelligence is a great tool that is part of the past, present, and future of computing and cybersecurity, but the human factor is still fundamental. Although, as Turing himself said, “Machines take me by surprise with great frequency.