Cyber attacks are becoming more persistent, more sophisticated and much more organised. Just when we need the brightest to pursue careers in advanced cyber technology, the numbers are falling off. Cranfield is responding with the development of a specialist MSc in Cyber-Secure Manufacturing.
PROFESSOR PAUL THERON
Despite the many evident opportunities for lucrative careers, the number of young people opting for IT-related qualifications in schools is still falling – down 17% in 2018 says the British Computer Society.
Compared with the shiny surfaces of using digital devices, a day job working with the sometimes ugly nuts and bolts of IT is not proving to be appealing to new generations. In response to the shortage there are increasing calls for a national cyber-skills strategy, for creating a stronger stream of young recruits, accompanied by a new professionalization of roles and the up-skilling and re-skilling of general IT staff. It will take time before the impacts are realized for organizations and their security.
From hobby to highly organised
The scale and level of organisation behind the threats will look very different by then. There has already been a sharp evolution of cyber-attacks from hobby to highly organized, targeted and strategic activity, and this will only accelerate. With huge rewards on offer, cyber-criminals are patient and think terms of ongoing negotiation rather than one-off assault.
While cybersecurity will always be important, true cyber resilience comes with equal attention to cyber defence. In terms of our research and development, we have become too reliant, too focused, on cryptography, firewalls, antivirus software, authentication methods, and so on.
We’ve also become too reliant on humans and human skills for a future where attack technologies will be far more sophisticated and strategic. They are shifting, from simple programs that can override IT systems’ functionalities, to scripted, pervasive software, capable of replication and designed to take control of systems’ security privilege management functions, and finally to connect remotely controlled software agents that can be activated by a Command & Control server, itself masked behind layers of camouflage false IP addresses and routes. Cyber defence involves some tricky tactics.
The need for artificial intelligence
A clumsy response from a cyber response team, looking to just switch off a system or stop a piece of malware, may spark even more damaging retaliation in terms of wiping data or causing IT paralysis. Humans can be good at handling such tactics but are mostly late and slow, especially when it comes to complex systems.
This is why we need to be investing in the potential of non-human defences. Developing autonomous cyber defence systems can provide the next level of sophistication needed to monitor and manage this escalation.
The growing use of Big Data and machine learning techniques will provide the ‘always on’ supervision power that any number of skilled cyber-professionals couldn’t compete with – swarms of pro-active, self-learning cyber defence agents to work across the web on the side of national infrastructure and lawful activities. These can be designed to recognize patterns of attacks and the agents can be used to manage the most appropriate forms of counter-measures for each individual attack.
This is one future for cyber defence, one that is far less dependent on the vagaries of human resources. It will also become essential in a context where the attacks are being run themselves through their own multi agent systems, which would be impossible to defend against with solely human expertise.
To test this new technology, a first step is to create a large-scale Internet of Things simulator, involving interactions with and between millions of objects in a fast-moving cyber environment. Autonomous cyber defence is for the medium-term – we’re talking in terms of being operational within seven to 10 years – but needs to be part of cyber-resilience planning now. Under this model, fewer people will be needed to run defence systems, but for those with a supervisory role, the most valuable skills will be in Big Data analysis and strategic planning.
Professor Paul Theron is the Atkins-Cranfield Professor of Cyber-Secure Engineering Systems and Processes at Cranfield University
Manufacturing Executive Education Programmes
Developed to deliver real-world business impact
Next start date: 29 May 2019
Three day workshop and x2 1-2-1 follow-up sessions
The productivity masterclass is designed for maximum impact, for manufacturers wishing to bend the productivity curve upwards with double-digit gains. Learn from Cranﬁ eld’s productivity experts to create battle ready productivity champions
www.cranﬁ eld.ac.uk/ productivitymasterclass
Manufacturing Directors Programme
Next start date: 3 June 2019
2x two day workshops and a presentation day
The programme helps participants leverage the resources currently available to them by developing the leadership skills to translate strategy into action. Using our expert developed tools to devise, develop, implement and lead agile manufacturing strategies to deliver maximum performance.
Next start date: 20 May 2019
2x two day workshops
Services 4.0 will guide you through what it takes to beneﬁ t from Engineering Services Innovation to future-proof your business in the era of the 4th Industrial Revolution. You will learn and apply the latest Industry 4.0 thinking to design, plan for, and implement data-driven services, leading the service transformation process in your organisation.
For more information contact John Patsavellas
Cranfield University Cyber-Secure Manufacturing MSc.
Developed in response to growing threats posed by Industry 4.0 and the development of Smart Factories. This course has been developed for manufacturing engineers/managers to help protect manufacturing systems and machines against cyber threats