Strict policy-based structures no longer meet the security needs of organisations in a modern digital economy and would be better served through the creation of zero trust environments augmented by AI and machine learning techniques to continually monitor behaviour across the network.
Zero Trust is a cyber strategy that helps stop data breaches by abolishing the concept of trust from an organisation’s cybersecurity execution. Instead, artificial intelligence and machine learning technology is used to continuously authenticate users across the network, as well as analysing the characteristics of network traffic to identify anomalous behaviours.
The Zero Trust method effectively expands the security perimeter beyond the network. Rather than simply authenticating users as they successfully log-in, AI and machine learning smarts are used to monitor and continually authenticates activity on the system.
Nothing inside or outside the network is trusted until it is verified.
An industry roundtable co-hosted by BlackBerry Cylance and InnovationAus produced a whitepaper canvassing some of the issues of importance in building a building a Zero Trust approach to cyber security in a digital economy.
Attendees at the discussion represented a mix of operational and policy roles from a wide variety of federal government departments and agencies.
With Australia’s tech infrastructure being tested like never before through fire, flood and most recently the corona virus pandemic, Zero Trust methodologies have become highly relevant to both private and public sector information technology.
BlackBerry Chief Product Architect, Eric Cornelius provided an overview of the public sector’s challenges when addressing national security, information oversight, privacy and cyber resilience.
Skill shortages and inadequate budgets were the agreed stumbling blocks that can get in the way of cyber resilience, according to round table attendees.
Inertia was also a problem, with the preferred fix being legislation and other regulatory instruments that could enforce minimum standards of action on cyber issues.
As one attendee said: “Legislation is the only path. We must legislate ourselves out of this problem, because unless people are compelled to take action, often they won’t do so.”
The problem of unscrupulous vendors over-hyping AI as a magic bullet for all cyber woes was also raised during the discussion.
Mr Cornelius articulated AI’s image issue:
“The problem some technologists have with AI … is the way the industry talks about it as a ‘thing.’ It’s not a thing. You can’t touch it. It’s a school of mathematical thought. It’s no different from any other algorithm; it’s just an algorithm that can adapt, and that’s only in the unsupervised case,” he said.
Attendees felt citizen buy-in on AI could be won through the public having good experiences with more public facing systems that use AI technology.
The roundtable also discussed the ways critical communication tools can be employed to alert and advise the public during a cyber security emergency.
While balancing the public’s right to know about government cyber security breaches with restrictions around the need to know was regarded as challenging, one attendee said it was better to err on the side of transparency.
Since this roundtable was conducted in November, fires, floods and now COVID-19 have tested federal and state governments in their ability to reach targeted members of public with critical public messages under crisis conditions.
In the space a few short months, the notion of what critical communications means has changed significantly.
“No matter how bad it is, people will respond better when it is clear to them that you have been showing all of your cards. It’s all about building and maintaining a sense of trust,” he said.
InnovationAus partnered with BlackBerry Cylance to curate the Building confidence in a Zero Trust Environment – Data Security and AI roundtable discussion in Canberra. You can download the Building confidence in a Zero Trust Environment Whitepaper here.