Cyber threats are occurring so rapidly that cyber defenses will eventually have to be automatic to counter them, the head of research at the National Security Agency (NSA) said on Thursday.
“Cyber defenses need to be automated to be able to respond with the number of threats that occur,” Gil Herrera said during a webinar hosted by the Intelligence National Security Alliance. “Hardly a millisecond goes by where there isn’t some kind of probe that’s launched across the world.”
Herrera was answering broadly to a question posed by the moderator about the technology advances that are critical to his agency’s mission area of signals intelligence. Later in the event, he was asked what are the high priority research areas for cybersecurity in the next seven to 10 years.
Herrera again replied that the given the threat is “coming too quickly,” there needs to be “dependable, reliable ways to do automated cybersecurity.”
He highlighted an open-source reverse engineering tool developed by the NSA called Ghidra that is used in cybersecurity to look for code implants in software code. However, Ghidra requires an analyst to do the reverse engineering, Herrera said.
“Great tool, but think about kind of an automated Ghidra,” Herrera said. “We’re going to really need to push cybersecurity down to level three and below, find ways to not let it get above the physical layers.”
Machine learning will be part of the solution for automated cyber defenses
The goal with automated cyber defenses is to get “left of zero day” attacks, which is analogous to the Defense Department’s attempts to get ahead of certain kinds of attacks, called “left of boom,” during the wars in Afghanistan and Iraq when insurgents used improvised explosive attacks to target military vehicles and personnel.