Doubling Down on Cybersecurity Failure

If anyone doubts China’s intentions around world dominance in cyber space, look no further than their investment in Artificial Intelligence (AI). If their clear leadership in Quantum Computing isn’t enough evidence of their looming authority in what may be the final frontier, they have doubled down on developing the most advanced applications of AI on the planet.

Huge amounts of money are pouring into these technologies from China’s “private sector” investors, big internet companies and its government, driven by the conviction that AI and Quantum can remake their national security programs along with vast sectors of their economy.

Has it occurred to anyone yet that yelling at each other over the direction of our moral compass and playing chicken with a lunatic dictator-child characterizes a nation that probably doesn’t have their priorities in order?

China now has three significant advantages in this global arms race: An enormous pool of highly skilled and well trained engineers and data scientists to work on the architecture and technology of cyberwarfare, a willing and legally unrestricted test data lake from 750 million Internet users, and government leadership, political and financial support.

This huge data lake enables their engineers to train and test the algorithms necessary to manage events in cyberspace with increasingly less human intervention and is possible because China’s citizens are not “protected” by privacy laws. This is a decided advantage over our own engineering efforts which are forced to use much smaller data sets generated by simulations. Big data processing requires big data lakes. It should surprise no one that all of China’s political leaders are engineers and all of our own leaders are lawyers. Engineers like to create new and better ways of doing things. Lawyers do not.

China recently institutionalized the pursuit of AI and Quantum into their national constitution. Published in July, their country plan calls for the nation to be the leader in both of these technologies by 2030. Essentially a moon-shot declaration reminiscent of Kennedy’s call on Congress to put a man on the moon within the decade. The Chinese government believes that the AI industry alone will create a hundred billion in economic activity and combined with Quantum will result in a trillion dollar economic boost and the dominance of cyber-space. They already have developed and implemented a closed Internet based in Quantum computing technologies. Soon, we will be paying for access.

Setting aside our leadership failure, our ambitions in this space are also burdened with data privacy laws that prevent us from aggregating the vast amounts of data required to adequately test and train these new systems. While DeepMind, Google’s AI lab has labored in courts for two years trying to get access to required medical records, x-rays and images, China’s command-and-control economy, and its less restrictive privacy concerns, mean that the country can dispense video footage, medical records, banking information and other vast springs of data whenever and to whomever it chooses. This political barrier makes it hard to compete.

The Chinese AI market is moving fast because people are willing to take risks and adopt new technology more quickly than their counterparts in America, underscoring the differences in mentality between engineering and law. I am not advocating a revision of our privacy laws. I am only pointing out that our choices have consequences.

China’s far less stringent privacy regulations and concerns extend to financial data as well as health records. The country maintains a huge database on its citizenry with information ranging from personal financial records to health and personality profiles to surveillance video. Personally invasive data that would be impossible to collect legally here in America. At the end of the day, it is the algorithms and insights that create superiority and not the size of the live data sets, but the availability of that much live data sure makes the climb to the top much faster.

In a sometimes typically dismissive fashion, some U.S. venture capital investors have blown off the threat by suggesting that China has suffered a brain drain in the last few years and that the flight of academics and specialists out of the country has created a talent shortage when it comes to top tier AI experts. Citing an abundance of influential deep learning papers published in the U.S. and U.K. in the last couple of years, some seasoned investors seem to really enjoy drinking their own Kool-Aid in spite of the fact that all other signs indicate a contradictory direction.

On a pure numbers basis alone, China is producing more top engineers who are crafting AI algorithms for Chinese, not U.S. companies. Chinese universities and privately funded, government supported firms are actively wooing AI researchers from across the globe competing with U.S. companies who are routinely now offering top researchers $500K/annually, by doubling that compensation to a million dollars a year.

As an alternative to the physical challenges of life in heavily polluted cities like Beijing and Shanghai, Chinese companies like Tencent are opening AI research facilities in places like the Silicon Valley, Laramie Wyoming and Seattle, Washington. Baidu recently recruited a highly regarded top Microsoft executive to return to China to lead the search giant’s push into AI. His decision was based in part on AI’s potential for enhancing China’s “national strength”. They also didn’t fail to point out that half of the world’s academic research in AI is developed by ethnically Chinese authors and researchers.

What’s my point? We’re losing the cyber-war.

We’re losing on the educational front as even after years of proof that there is a real and present and global threat in Cybersecurity, of the 7,236 Universities and colleges only 43 offer a BS degree in Cybersecurity and most of these are online. That’s less than 1%.

We’re losing on the economic front as we now spend at the rate of $90 billion a year, an 8% increase over last year, while the number of attacks increased 18% year over year to 400 raids every minute. While we spend hundreds of millions defending, cyber-criminals are spending only $80 a day for a fully functioning attack kit.

We’re losing on the informational front as recent brute force attacks like Wannacry and NotPetya clearly demonstrated. The attackers learned more about our defenses in a few minutes than we know even weeks later about the vectors the bad guys used in the attacks, or who they were or where they originated. Major software companies find out about vulnerabilities from post attack forensics. There’s something deeply troubling about that picture.

And we are losing on the technology front as we have failed to marshal the resources necessary to apply AI, predictive analytics, machine learning and Quantum techniques to our Cybersecurity software or hardware in any useful way. Yet, we have over 400 separate Cybersecurity software products on the market. If they were any good, would we be seeing an increase in successful breaches each year?

Most importantly however, we are losing on the leadership front. We spend countless calories arguing over whether the far left or the far right is more responsible for violent protests, whether health insurance is a right or a privilege and passing trivial legislation that appoints individuals to the Smithsonian Institution board, names buildings, and designates a location for a National Desert Storm and Desert Shield Memorial.

In the meantime, China and North Korea and Iran and Israel invest heavily in the development of what they correctly understand will be the defining national defense and economic influences of the 21st century.

We can now watch in wonder as the Chinese launch program after program supported by billions of dollars in state sponsored capital and under-pinned by structured training and educational superiority, all aimed at advancing their preeminent position in the space.

Toward what end, you may ask? Take a wild guess.

The post Doubling Down on Cybersecurity Failure appeared first on Netswitch Technology Management.

*** This is a Security Bloggers Network syndicated blog from News and Views – Netswitch Technology Management authored by Steve King. Read the original post at: