While visiting India to launch the Cyber Security and Behaviour program, Prof. Alana Maurushat, Professor of Cyber Security and Behaviour, Western Sydney University, Australia states the pivotal features of cyber security, pointing how AI is emerging as a Janus faced weapon.
Q. Why did you choose India to launch the Cyber Security and Behaviour program?
India is a key market for attracting talent at the high school, under graduate, graduate and later industry levels. India has excellent schooling systems, with a strong emphasis on problem-solving which is essential to cyber security. Indian students arrive with fluent English and historically have been quick to adapt and excel in new environments. Additionally, India is the epi-centre for Data Call Centres, hosts what some would consider Silicon Valley 2 in Bangalore, and also has a shortage of trained cyber security and data science experts.
Q. How will this program impact students?
This program is designed to get students equipped and ready to work in industry in the shortest possible time. The program is very hands-on, is co-taught with academics and industry. This includes experts both within and outside of Australia. Having worked for decades in the field, we know that cyber security is not a computer science problem. It requires knowledge and skills in computer science, but it also requires other skills such as behavioural analysis, risk management, incident handling, and knowledge of changing the culture of an institution.
Q. AI is emerging as a weapon in cyber security. What is your take on that?
AI is Janus-faced. It is emerging as a weapon and as a shield for cyber security. Machine-learning and big data allows us to look at enormous amounts of data flowing in real time through what is known as a honey-net. Malware and other suspicious data traffic is identified through machines, not humans. Where machine-learning mimics human behaviour it becomes artificial intelligence. We can develop programs that mimic humans to fool malicious software. At the same time, AI is used by criminals and by intelligence organisations to mimic human behaviour.
By doing so, our systems may not be able to easily detect the data traffic as malicious. Additionally, the AI mimicking human behaviour means that users are deceived into thinking that they are dealing with another human being, when in fact that are dealing with a sophisticated AI bot. A lone human hacker could dialogue maybe with 100 people per day to try to obtain information. An AI enabled bot could deal with thousands and thousands of users per day. In some ways it’s a numbers game. You are better able to play the odds of deceived and baiting people which then enables you to intrude into systems.
It requires knowledge and skills in computer science, but it also requires other skills such as behavioural analysis, risk management, incident handling, and knowledge of changing the culture of an institution.
Q. What challenges are faced while creating anti-theft program?
By anti-theft program, if one means how to best secure data within your organisation so that it is used appropriately, within the law, and not stolen, that’s a difficult question. Every organisation will have different obligations with how they handle data, the value of the underlying data or trade secret (intangible asset) so there is no one size fits all approach. Humans will always be the weakest link.
There are two ways of addressing this. The first, is significantly improved training with impact, thesecond is to develop AI enabled systems to remove the human from the equation as much as possible. Both solutions present different obstacles.
We hear on a daily basis that getting an organisation to move from cyber-risk aware to cyber-risk resilient is extremely difficult. Shifting an organisation’s culture is difficult. AI enabled systems are not currently as advanced as they need to be but there is great progress being made. The only problem is that all parties will have AI in the future, and there is also a skilled worker shortage in AI as well as cyber security. Having a system is one thing people. Having people knowledgeable with what and how to effectively use the system is another thing.
Q. Is the university interested in collaboration or partnerships with Indian industry body?
The university is very much interested in collaboration and partnerships with Indian industry bodies and universities. These discussions are well underway with entities in New Delhi, Chennai and Bangalore.
Q. Please elaborate on research opportunities in area of Cyber Security.
Every university in Australia has multiple scholarships on offer for graduate studies in cyber security. We need the best to apply their talent to these very difficult challenges. The research is fascinating and extends in many directions from logistics, to food security to pharmaceuticals, to medical robots, to smart cities to IoT, to nano-clustering of micro satellites to data centres and so forth. This is an exciting space to be in both now and in the decades to come.